Ensure device token errors are returning 400

oauth2_provider/views/base.py

@@ -6,7 +6,7 @@
 from django import http
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.views import redirect_to_login
-from django.http import HttpResponse
+from django.http import HttpResponse, JsonResponse
 from django.shortcuts import resolve_url
 from django.utils import timezone
 from django.utils.decorators import method_decorator
@@ -323,10 +323,20 @@ def device_flow_token_response(
         device = Device.objects.get(device_code=device_code)
 
         if device.status == device.AUTHORIZATION_PENDING:
-            raise AuthorizationPendingError
+            pending_error = AuthorizationPendingError()
+            return http.HttpResponse(
+                content=pending_error.json,
+                status=pending_error.status_code,
+                content_type="application/json"
+            )
 
         if device.status == device.DENIED:
-            raise AccessDenied
+            access_denied_error = AccessDenied()
+            return http.HttpResponse(
+                content=access_denied_error.json,
+                status=access_denied_error.status_code,
+                content_type="application/json"
+            )
 
         url, headers, body, status = self.create_token_response(request)