-
-
Notifications
You must be signed in to change notification settings - Fork 797
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Work around double parsing of ui_locales #1469
Conversation
I didn't really know where to put the tests, so it is in it's own module. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering if it would be more appropriate to push this upstream to oauthlib? Oh I just noticed you already did that!
As mentioned in the upstream PR, it's unclear whether this issue stems from a bug in The multiple layers in DOT and I’m waiting for feedback on the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's go ahead and merge this fix here and keep an eye on whether oauthlib implements the fix there in the future at which point this change can potentially be reverted.
Thanks for this!
Thanks! |
Fixes #1468
Description of the Change
Makes sure
credential["ui_locales"]
is a string before passing it tooauthlib
.oauthlib
always callssplit
on the values ofui_locales
:https://github.com/oauthlib/oauthlib/blob/d319c54ae0342d9a2596ef7afa1e17984c303550/oauthlib/openid/connect/core/grant_types/base.py#L317
The way django-oauth-toolkit is structured the
credentials
dictionary contains the value ofui_locales
as processed byoauthlib
, which makes it a list. It is then passed back intooauthlib
which tries to parse it again, resulting in anAttributeError
.oauthlib
is a bit more careful with the way it handles theprompt
parameter:https://github.com/oauthlib/oauthlib/blob/d319c54ae0342d9a2596ef7afa1e17984c303550/oauthlib/openid/connect/core/grant_types/base.py#L289-L292
So this might be a bug in the way
oauthlib
handles the incomingui_locales
parameter.Checklist
CHANGELOG.md
updated (only for user relevant changes)AUTHORS