authlib icon indicating copy to clipboard operation
authlib copied to clipboard

Published 20 hours ago verified publisher icon lepture

Added client_id parameter to AssertionClient

Open vilmar-hillow opened this issue 3 years ago • 2 comments

Per https://datatracker.ietf.org/doc/html/rfc7521#section-4.1, client_id parameter, although optional, can still be passed when using assertions as authorization grants. Adding a way to pass that id to refresh token body.

What kind of change does this PR introduce? (check at least one)

  • [ ] Bugfix
  • [x] Feature
  • [ ] Code style update
  • [ ] Refactor
  • [ ] Other, please describe:

Does this PR introduce a breaking change? (check one)

  • [ ] Yes
  • [x] No
  • [x] You consent that the copyright of your pull request source code belongs to Authlib's author.

vilmar-hillow avatar Jul 29 '22 20:07 vilmar-hillow

  1. I didn't see client_id is optional in the doc.
  2. You are always passing client_id=None

lepture avatar Aug 09 '22 02:08 lepture

  1. I didn't see client_id is optional in the doc.
  2. You are always passing client_id=None
  1. From linked section: "Authentication of the client is optional, as described in Section 3.2.1 of OAuth 2.0 [RFC6749], and consequently, the "client_id" is only needed when a form of client authentication that relies on the parameter is used."

One of the providers I'm working with uses the authorization grant routine with client id.

  1. Good catch, fixed

vilmar-hillow avatar Aug 09 '22 03:08 vilmar-hillow