Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing scope on server side when using OAuthClient from Authlib #96

Closed
kyzima-spb opened this issue Oct 28, 2018 · 5 comments
Closed

Missing scope on server side when using OAuthClient from Authlib #96

kyzima-spb opened this issue Oct 28, 2018 · 5 comments

Comments

@kyzima-spb
Copy link

When I use any of the standard clients, according to the documentation, I pass the scope key in the client_kwargs argument.

# Example config.py for Flask application
HAMSTER_API_BASE_URL = 'http://api:5000/'
HAMSTER_ACCESS_TOKEN_URL = 'http://api:5000/oauth/token'
HAMSTER_CLIENT_ID = 'CLIENT'
HAMSTER_CLIENT_SECRET = 'SECRET'
HAMSTER_CLIENT_KWARGS = {
    'grant_type': 'client_credentials',
    'scope': 'api'
}

The server side is also implemented using Authlib. When trying to get a token using the ClientCredentialsGrant grant, the scope on the server side is lost. As a result, the token is broken, the server gives it, but without scope.

from authlib.flask.client import OAuth

def fetch_hamster_token():
    name = 'hamster'
    token = OAuth2Token.get(name=name)

    if token:
        delta = token.expires_at - datetime.now().timestamp()

        if delta > 60:
            return token.to_token()

    token = getattr(oauth, name).fetch_access_token(timeout=30)
    save_hamster_token(token)
    return token

oauth = OAuth()
oauth.register('hamster', fetch_token=fetch_hamster_token)

If you use curl, then this problem is not observed.

What am I doing wrong? And sorry for Google translator
@lepture
Copy link
Owner

lepture commented Oct 29, 2018

I don't understand your question. You can provide a minimal project to reproduce your problem, describe with:

  1. what are you doing?
  2. what result are you expecting?
  3. instead, what your code gives you?

@kyzima-spb
Copy link
Author

Example:
https://github.com/kyzima-spb/example-oauth2-server

I used the server from the example. The username is user.
I created a new client with a grant type client_credentials, a response type token and a scope profile.

I created an application on Flask. To run it, run this command:
FLASK_APP=client:app FLASK_ENV=development flask run -p 8000

For authorization, go to URL:
http://127.0.0.1:8000/authorize
You will be shown a token. Then try to go to the main page.
https://pp.userapi.com/c850628/v850628772/312b0/u5PmHb_I7UY.jpg
https://pp.userapi.com/c850628/v850628772/312b8/YNHknFbtpHs.jpg

If you use CURL, then there is no problem. For example, I created another endpoint.
For authorization, go to URL:
http://127.0.0.1:8000/curl
https://pp.userapi.com/c850628/v850628772/312bf/_P4giJbcMK4.jpg
https://pp.userapi.com/c850628/v850628772/312c6/9UWezcppvaM.jpg

I think the client for Flask does not transfer scope.

lepture added a commit that referenced this issue Oct 30, 2018
@lepture
Fix missing scope on OAuth2Session grant types:
ade352b 
1. password
2. client_credentials

#96
@lepture
Copy link
Owner

lepture commented Oct 30, 2018

Fixed with ade352b

@lepture lepture closed this as completed Oct 30, 2018
@lepture
Copy link
Owner

lepture commented Oct 30, 2018

currently, you can use fetch_access_token(scope='profile')

@lepture
Copy link
Owner

lepture commented Oct 30, 2018

BTW, your config:

HAMSTER_CLIENT_KWARGS = {
    'grant_type': 'client_credentials',
}

The config is invalid. It will not read grant_type from CLIENT_KWARGS.

coopfeathy added a commit to coopfeathy/authlib-django that referenced this issue Dec 11, 2022
@coopfeathy
Fix missing scope on OAuth2Session grant types:
3894be5 
1. password
2. client_credentials

lepture/authlib#96
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lepture @kyzima-spb