Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assert on token format caused by inconsistency with authlib #140

Open
wants to merge 1 commit into
base: feature/sdk-automation
Choose a base branch
from
Open

Assert on token format caused by inconsistency with authlib #140

wants to merge 1 commit into from

Conversation

JargeZ
Copy link

@JargeZ JargeZ commented Jul 26, 2024

The library has a check can_refresh_access_token
inside which isinstance(self.scope, (list, tuple)) is checked
Otherwise the access token is not refreshed and fails with an error

It would be better if an error occurred when trying to initialize the library with a scope as a string, or perform an automatic split occurred.

I'm not sure which strategy others will consider better.

For context, I was run into a scope parameter inconsistency issue with the authlib library

I first authorize the user like this

oauth = OAuth()
oauth.register(
    name="xero",
    version="2",
    client_id=env_settings.XERO_CLIENT_ID,
    client_secret=env_settings.XERO_CLIENT_SECRET,
    endpoint_url="https://api.xero.com/",
    authorization_endpoint="https://login.xero.com/identity/connect/authorize",
    access_token_url="https://identity.xero.com/connect/token",
    refresh_token_url="https://identity.xero.com/connect/token",
    scope="offline_access openid profile email accounting.transactions "
        "accounting.transactions.read accounting.reports.read "
        "accounting.journals.read accounting.settings accounting.settings.read "
        "accounting.contacts accounting.contacts.read accounting.attachments "
        "accounting.attachments.read assets projects",
    jwks_uri="https://identity.xero.com/.well-known/openid-configuration/jwks",
)
return oauth

and in the saved token the scope has the type string with spaces.
Then I worked with the API and did not understand why the token could not be updated.

class XeroAuthViewSet(viewsets.ViewSet):
    @action(detail=False, methods=["get"], name="oauth-callback")
    def oauth_callback(self, request):
        token: OAuth2Token = oauth.xero.authorize_access_token(request)

        if token is None:
            return HttpResponse("Access Denied")

        save_token(
            user=request.user,
            token=token,
        )

        return redirect("/backend/tenants/")

The solution to the problem is to transform the token when saving it for the first time on the application side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@JargeZ