demo-oauth-client icon indicating copy to clipboard operation
demo-oauth-client copied to clipboard

Published 20 hours ago verified publisher icon authlib

FastAPI example is not working

Open sondrelg opened this issue 4 years ago • 3 comments
trafficstars

Running the master branch code (and alpha v1 releases) I'm running into an issue where this line causes the following error:

Traceback (most recent call last):
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/uvicorn/protocols/http/h11_impl.py", line 369, in run_asgi
    result = await app(self.scope, self.receive, self.send)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/uvicorn/middleware/proxy_headers.py", line 59, in __call__
    return await self.app(scope, receive, send)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/fastapi/applications.py", line 208, in __call__
    await super().__call__(scope, receive, send)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/applications.py", line 112, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/middleware/errors.py", line 181, in __call__
    raise exc from None
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/middleware/errors.py", line 159, in __call__
    await self.app(scope, receive, _send)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/middleware/sessions.py", line 75, in __call__
    await self.app(scope, receive, send_wrapper)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/exceptions.py", line 82, in __call__
    raise exc from None
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/exceptions.py", line 71, in __call__
    await self.app(scope, receive, sender)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/routing.py", line 580, in __call__
    await route.handle(scope, receive, send)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/routing.py", line 241, in handle
    await self.app(scope, receive, send)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/routing.py", line 52, in app
    response = await func(request)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/fastapi/routing.py", line 219, in app
    raw_response = await run_endpoint_function(
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/fastapi/routing.py", line 152, in run_endpoint_function
    return await dependant.call(**values)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/app.py", line 47, in auth
    user = await oauth.google.parse_id_token(request, token)
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/authlib/integrations/base_client/async_openid.py", line 59, in parse_id_token
    token['id_token'],
  File "/Users/sondrelg/Documents/demo-oauth-client/fastapi-google-login/venv/lib/python3.9/site-packages/starlette/requests.py", line 68, in __getitem__
    return self.scope[key]
KeyError: 'id_token'

The problem seems to stem from bad example code:

@app.get('/auth')
async def auth(request: Request):
    try:
        token = await oauth.google.authorize_access_token(request)
    except OAuthError as error:
        return HTMLResponse(f'<h1>{error.error}</h1>')
    user = await oauth.google.parse_id_token(request, token)

The last line here does not match the function signature:

async def parse_id_token(self, token, nonce, claims_options=None):

So when we hit line 59, we try to index on the request object.

Changing my code to this works:

user = await oauth.google.parse_id_token(token, None)

What should I pass for nonce? None seems like the wrong thing to pass here 🙂

Environment:

  • OS: MacOS
  • Python Version: 3.9
  • Authlib Version: master branch

sondrelg avatar Aug 05 '21 12:08 sondrelg

I've been looking to start migrating part of our code to v1 and encountered this as well. This seems to be an actual bug in the authlib library itself, maybe @lepture can provide more insight.

rushilsrivastava avatar Sep 24 '21 22:09 rushilsrivastava

@rushilsrivastava from my understanding, you don't need to parse_id_token manually.

https://github.com/lepture/authlib/blob/b8f7cc7b709a5222591ee7d56954b6e893696fa4/authlib/integrations/starlette_client/apps.py#L65-L70

There will be a userinfo in the token when authorize_access_token

lepture avatar Sep 26 '21 02:09 lepture

I've just updated the demo about google.

lepture avatar Sep 26 '21 02:09 lepture