oauthlib icon indicating copy to clipboard operation
oauthlib copied to clipboard

Published 20 hours ago verified publisher icon oauthlib

Modifications of headers returned by Client.prepare_*_request affects future calls

Open radekholy24 opened this issue 1 year ago • 0 comments

Describe the bug

If I modify the headers dictionary returned by a Client.prepare_*_request method, the future calls to any of these methods return the modified headers.

How to reproduce

>>> import oauthlib.oauth2
>>> client = oauthlib.oauth2.WebApplicationClient('my client id')
>>> _, headers, _ = client.prepare_authorization_request('https://example.com')
>>> headers
{'Content-Type': 'application/x-www-form-urlencoded'}
>>> headers['Content-Length'] = '0'
>>> _, headers, _ = client.prepare_authorization_request('https://example.com')
>>> headers
{'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': '0'}
>>> _, headers, _ = client.prepare_token_request('https://example.com')
>>> headers
{'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': '0'}
>>> _, headers, _ = client.prepare_refresh_token_request('https://example.com')
>>> headers
{'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': '0'}

Expected behavior

Either:

>>> import oauthlib.oauth2
>>> client = oauthlib.oauth2.WebApplicationClient('my client id')
>>> _, headers, _ = client.prepare_authorization_request('https://example.com')
>>> headers['Content-Length'] = '0'
>>> _, headers, _ = client.prepare_authorization_request('https://example.com')
>>> headers
{'Content-Type': 'application/x-www-form-urlencoded'}
>>> _, headers, _ = client.prepare_token_request('https://example.com')
>>> headers
{'Content-Type': 'application/x-www-form-urlencoded'}
>>> _, headers, _ = client.prepare_refresh_token_request('https://example.com')
>>> headers
{'Content-Type': 'application/x-www-form-urlencoded'}

or

>>> import oauthlib.oauth2
>>> client = oauthlib.oauth2.WebApplicationClient('my client id')
>>> _, headers, _ = client.prepare_authorization_request('https://example.com')
>>> try:
...     headers['Content-Length'] = '0'
... except Exception:
...     print('an exception occurred')
... 
an exception occurred

or

this unusual feature being documented

Additional context

Please provide any further context here.

  • Are you using OAuth1, OAuth2 or OIDC? OAuth2
  • Are you writing client or server side code? client
  • If client, what provider are you connecting to? a custom one
  • Are you using a downstream library, such as requests-oauthlib, django-oauth-toolkit, ...? no

radekholy24 avatar Jan 31 '24 08:01 radekholy24