requests-oauthlib icon indicating copy to clipboard operation
requests-oauthlib copied to clipboard

Published 20 hours ago verified publisher icon requests

Why is the backend client workflow asking for a code or a response url?

Open DrYSG opened this issue 2 years ago • 1 comments

I am attempting to use the BackendClient workflow for creating a OATH V2.0 connection. Using the requests_oauthlib package. Documentation is at: https://requests-oauthlib.readthedocs.io/en/latest/oauth2_workflow.html#backend-application-flow

The code works fine in PowerShell, but the equivalent in python is giving the error:

    token = session.fetch_token(token_url=tokenURL, client_id=ClientID, client_secret=secret)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\1455765990E\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests_oauthlib\oauth2_session.py", line 251, in fetch_token
    raise ValueError(
ValueError: Please supply either code or authorization_response parameters.

It makes no sense to ask for a response url (since this is a backend workflow) and the code is what the fetch_token is going to give, so I don't have one yet!

This is the PowerShell that works fine:

function GetToken($secret) {

    $uri = $LoginURL + $tenant + '/oauth2/v2.0/token'
    $body = @{
        "client_id" = $ClientID
        "scope" = "https://dod-graph.microsoft.us/.default"
        "username" = $tenant
        "password" = $client_secret
        "grant_type" = "client_credentials"
        "client_secret" = $secret
    } 
    $response = Invoke-RestMethod -Uri $uri -Method POST -Body $body -ContentType 'application/x-www-form-urlencoded'
    return $response
    $token = $response.access_token
    $exp = $response.expires_in
    $token
}

and this is what we think is the equivalent in Python

def getToken(store):
    """ Get OAUTH Token and session"""
    tokenURL = LoginURL + TenantID + '/oauth2/v2.0/token'
    scope = "https://dod-graph.microsoft.us/.default"
    client = oauthlib.oauth2.BackendApplicationClient(client_id=ClientID, scope=scope)
    session = requests_oauthlib.OAuth2Session(client)
    session.verify = False
    secret = store['secret']
    print(f"--token URL: {tokenURL}")
    token = session.fetch_token(token_url=tokenURL, client_id=ClientID, client_secret=secret)
    print(f"--token: {token}")
    return session

DrYSG avatar May 15 '23 17:05 DrYSG

Does anyone maintain this project anymore?

I ask because I do think it has some value, but as you can see from the above, it is hard to get a simple thing such as fetching the token. In 20 minutes, I got this to work with the vanilla python requests library:

def getToken(store):
    """ Get OAUTH Token and session"""
    global Token
    tokenURL = LoginURL + TenantID + '/oauth2/v2.0/token'
    session = requests.Session()
    session.verify = False
    headers = {'Content-Type': 'application/x-www-form-urlencoded'}
    body = {
        "client_id": ClientID,
        "scope": "https://dod-graph.microsoft.us/.default",
        "username": TenantID,
        "password": store['secret'],
        "grant_type": "client_credentials",
        "client_secret": {store['secret']}
    }
    response = session.post(tokenURL, data=body, headers=headers)
    reply = response.json()
    token = reply['access_token']
    print(f"--reply: {reply}")
    headers = {'Authorization': f'Bearer {token}', 'Content-Type': 'application/json'}
    session.headers.update(headers)
    OToken = token
    return session

DrYSG avatar May 17 '23 17:05 DrYSG