Skip to content
This repository has been archived by the owner on Nov 5, 2019. It is now read-only.

Supports client authentication using Authorization header #206

Merged
merged 3 commits into from
Jun 29, 2015
Merged

Supports client authentication using Authorization header #206

merged 3 commits into from
Jun 29, 2015

Conversation

bjmc
Copy link
Contributor

@bjmc bjmc commented Jun 25, 2015

Currently, this client library authenticates by passing client_id and client_secret in the POST body when exchanging an auth code for an access token.

According to RFC 6749 section 2.3.1:

The authorization server MUST support the HTTP Basic authentication scheme for authenticating clients that were issued a client password.

This changeset adds an optional parameter authorization_header to allow use with OAuth2 providers that do not support passing client credentials in the request body.

@nathanielmanistaatgoogle
Copy link
Contributor

Please reform your commit to conform to http://chris.beams.io/posts/git-commit/#seven-rules.

@anthmgoogle, may I ask you to lead review of this?

@bjmc
Support authentication using Authorization header
72b2404 
According to RFC 6749, section 2.3.1:

> Including the client credentials in the request-body using the two
> parameters is NOT RECOMMENDED and SHOULD be limited to clients unable
> to directly utilize the HTTP Basic authentication scheme (or other
> password-based HTTP authentication schemes).

This changeset adds an optional parameter, `authorization_header` that
makes it easier to use this client library with OAuth2 providers that
support client authentication via the HTTP Authorization header
instead of in the request body.
dhermes
dhermes reviewed Jun 25, 2015
View reviewed changes
oauth2client/client.py
def __init__(self, client_id, client_secret, scope,
def __init__(self, client_id,
client_secret=None,
scope=None,

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@bjmc
Copy link
Contributor Author

bjmc commented Jun 25, 2015

@nathanielmanistaatgoogle @anthmgoogle Edited commit message.

dhermes
dhermes reviewed Jun 26, 2015
View reviewed changes
tests/test_oauth2client.py
@@ -945,6 +945,9 @@ def test_override_flow_via_kwargs(self):
self.assertEqual(OOB_CALLBACK_URN, q['redirect_uri'][0])
self.assertEqual('online', q['access_type'][0])

def test_scope_is_required(self):
self.assertRaises(TypeError, OAuth2WebServerFlow, 'client_id+1')

This comment was marked as spam.

Sign in to view

@dhermes
Copy link
Contributor

dhermes commented Jun 26, 2015

It's unclear why coverage is decreasing. You seem to be hitting all new code-paths added.

@bjmc
Copy link
Contributor Author

bjmc commented Jun 26, 2015

Yeah, I didn't understand why the coverage decreased, either.

@dhermes
Copy link
Contributor

dhermes commented Jun 26, 2015

@nathanielmanistaatgoogle I'd say this is ready to go if you like it. I don't know much about the actual feature being implemented though.

@nathanielmanistaatgoogle
Copy link
Contributor

@anthmgoogle are you going to be able to look at this?

@anthmgoogle
Copy link

LGTM.

@nathanielmanistaatgoogle
Copy link
Contributor

Thanks everyone; merging.

nathanielmanistaatgoogle added a commit that referenced this pull request Jun 29, 2015
@nathanielmanistaatgoogle
Merge pull request #206 from bjmc/auth_headers
c47dcd7 
Supports client authentication using Authorization header.
@nathanielmanistaatgoogle nathanielmanistaatgoogle merged commit c47dcd7 into googleapis:master Jun 29, 2015
@bjmc
Copy link
Contributor Author

bjmc commented Jun 29, 2015

Thanks!

@dhermes dhermes mentioned this pull request Jul 2, 2015
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@bjmc @nathanielmanistaatgoogle @dhermes @anthmgoogle @googlebot