requests-oauthlib icon indicating copy to clipboard operation
requests-oauthlib copied to clipboard

Published 20 hours ago verified publisher icon requests

Can't 'fetch_token' with 'BackendApplicationClient', probably due to 'Basic auth'

Open alextwlam-melco-resorts-com opened this issue 4 years ago • 2 comments

Sample code

client = BackendApplicationClient(client_id=client_id)
session = OAuth2Session(client=client)
token = session.fetch_token(
    token_url=token_url,
    client_id=client_id,
    client_secret=client_secret
)

Would result in

DEBUG:requests_oauthlib.oauth2_session:Encoding `client_id` "f60dbafb-dc92-477c-98da-9a6f13ba91ec" with `client_secret` as Basic auth credentials.
DEBUG:requests_oauthlib.oauth2_session:Requesting url https://some.url/v1/oauth2/token using method POST.
DEBUG:requests_oauthlib.oauth2_session:Supplying headers {'Accept': 'application/json', 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'} and data {'grant_type': 'client_credentials'}
DEBUG:requests_oauthlib.oauth2_session:Passing through key word arguments {'timeout': None, 'auth': <requests.auth.HTTPBasicAuth object at 0x7f077ebf3dd0>, 'verify': True, 'proxies': None}.
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): developer.sc.com:443
DEBUG:urllib3.connectionpool:https://developer.sc.com:443 "POST /sandbox/retail/v1/oauth2/token HTTP/1.1" 400 340
DEBUG:requests_oauthlib.oauth2_session:Request to fetch token completed with status 400.
DEBUG:requests_oauthlib.oauth2_session:Request url was https://some.url/v1/oauth2/token
oauthlib.oauth2.rfc6749.errors.CustomOAuth2Error: (Bad Request)

Same credentials works when using postman with "send client credentials in body".

alextwlam-melco-resorts-com avatar Dec 25 '19 15:12 alextwlam-melco-resorts-com

Have you tried to include the client credentials in body ?

...fetch_token(...
    include_client_id=True
)

JonathanHuot avatar Jan 07 '20 13:01 JonathanHuot

Yes, here’s the code I used:

client = BackendApplicationClient(client_id=client_id) session = OAuth2Session(client=client) token = session.fetch_token( token_url=token_url, client_id=client_id, client_secret=client_secret, include_client_id=True )

I ended up doing it like this:

client = swagger_client.ApiClient(conf) client.set_default_header('Authorization', 'Bearer %s' % token.get('access_token')) api = swagger_client.ProductsApi(client)

Alex

From: Jonathan Huot [mailto:[email protected]] Sent: Tuesday, January 07, 2020 9:31 PM To: requests/requests-oauthlib Cc: Alex TW. Lam; Author Subject: [LIKELY A SPAM] Re: [requests/requests-oauthlib] Can't 'fetch_token' with 'BackendApplicationClient', probably due to 'Basic auth' (#391)

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Have you tried to include the client credentials in body ?

...fetch_token(...

include_client_id=True

)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/requests/requests-oauthlib/issues/391?email_source=notifications&email_token=AMCXBWSCEBWN2NO2GAQJEO3Q4R72NA5CNFSM4J7FQ3U2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEII3QAA#issuecomment-571586560, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AMCXBWS54ZMKRBUDUWQT5MLQ4R72NANCNFSM4J7FQ3UQ.

alextwlam-melco-resorts-com avatar Jan 08 '20 02:01 alextwlam-melco-resorts-com