-
Notifications
You must be signed in to change notification settings - Fork 429
Supports client authentication using Authorization header #206
Supports client authentication using Authorization header #206
Conversation
Please reform your commit to conform to http://chris.beams.io/posts/git-commit/#seven-rules. @anthmgoogle, may I ask you to lead review of this? |
According to RFC 6749, section 2.3.1: > Including the client credentials in the request-body using the two > parameters is NOT RECOMMENDED and SHOULD be limited to clients unable > to directly utilize the HTTP Basic authentication scheme (or other > password-based HTTP authentication schemes). This changeset adds an optional parameter, `authorization_header` that makes it easier to use this client library with OAuth2 providers that support client authentication via the HTTP Authorization header instead of in the request body.
def __init__(self, client_id, client_secret, scope, | ||
def __init__(self, client_id, | ||
client_secret=None, | ||
scope=None, |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
@nathanielmanistaatgoogle @anthmgoogle Edited commit message. |
@@ -945,6 +945,9 @@ def test_override_flow_via_kwargs(self): | |||
self.assertEqual(OOB_CALLBACK_URN, q['redirect_uri'][0]) | |||
self.assertEqual('online', q['access_type'][0]) | |||
|
|||
def test_scope_is_required(self): | |||
self.assertRaises(TypeError, OAuth2WebServerFlow, 'client_id+1') |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
It's unclear why coverage is decreasing. You seem to be hitting all new code-paths added. |
Yeah, I didn't understand why the coverage decreased, either. |
@nathanielmanistaatgoogle I'd say this is ready to go if you like it. I don't know much about the actual feature being implemented though. |
@anthmgoogle are you going to be able to look at this? |
LGTM. |
Thanks everyone; merging. |
Supports client authentication using Authorization header.
Thanks! |
Currently, this client library authenticates by passing
client_id
andclient_secret
in the POST body when exchanging an auth code for an access token.According to RFC 6749 section 2.3.1:
This changeset adds an optional parameter
authorization_header
to allow use with OAuth2 providers that do not support passing client credentials in the request body.