authlib
authlib copied to clipboard
lepture
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
**Describe the bug** When sending files in a POST request using httpx client, all binary data (the files) are lost. **Error Stacks** There is no error stack for this issue,...
**Describe the bug** [Maybe this behavior is normal] Array-like query params (like `?scope=read&scope=write`) are not supported when creating `OAuth2Request` object. **To Reproduce** A minimal example to reproduce the behavior: ```python...
Empty request body for non-urlencoded content when using SIGNATURE_TYPE_QUERY OAuth signature type
Hello, I have encountered an issue with the HTTPX Authlib Auth plugin when using the `SIGNATURE_TYPE_QUERY` OAuth signature type. The issue appears when the request body is non-urlencoded content, resulting...
_render method called twice causing duplicate OAuth parameters when using Auth1Auth plugin for httpx
**Describe the bug** In the `authlib` library, I noticed that the `_render` method is called twice in the [following code block](https://github.com/lepture/authlib/blob/master/authlib/oauth1/rfc5849/client_auth.py#L154) when using the `OAuth1Auth` plugin for `httpx`. This results...
**Describe the bug** Trying to authenticate and generate requests using an OAuth2Session using `username/password` authentication. I'm able to generate an initial token to be used in my session, however, I...
If the `expires_at` timestamp in a token is 0 the `is_expired()` function erroneously returns `None` instead of `True`. The check should explicitly check for `None`. https://github.com/lepture/authlib/blob/ee4337cf7c825349dd23870822a3cc7df123097f/authlib/oauth2/rfc6749/wrappers.py#L13-L17
**Is your feature request related to a problem? Please describe.** When clients are registered. Pylance is unable to resolve the type of client class that is retrieved from the registry....
authlib implements RFC7591 so one can built authorization servers with dynamic client registration. However it seems there is nothing implemented to actually register a client. I suggest adding a parameters...
**Describe the bug** While trying to implement a "silent signing" flow (using `prompt=none`) the library I use refuses to accept the error response (i.e. `login_required`) because the `state` parameter is...
The [RFC8707](https://www.rfc-editor.org/rfc/rfc8707) details how a client can indicate to the authorization server on which resource server(s) the token will be used. This allows the authorization server to adapt the token...