search

O365 / python-o365

A simple python library to interact with Microsoft Graph and Office 365 API
Apache License 2.0
1.65k stars 419 forks source link

Optional parameters for authorization url doesn't work. #992

Closed agn-7 closed 1 year ago

agn-7 commented 1 year ago

I am going to pass the parameters such as state and prompt for getting the authorization URL. However, the state param is generated randomly despite the fact that I am going to set it arbitrarily. Moreover, I want to add prompt param with consent argument which is not possible. 

from O365 import Account

CLIENT_ID = "xxx"
SECRET_ID = 'yyy' 
CLIENT_SECRET = "zzz"
SCOPES = ['Calendars.ReadWrite', 'offline_access']
credentials = (CLIENT_ID, CLIENT_SECRET)

account = Account(credentials)

url, state = account.con.get_authorization_url(
    requested_scopes=SCOPES,
    redirect_uri="http://127.0.0.1:8090/microsoft/oauth2callback",
    state="1234567890",
    prompt='consent',
)

print(url)

Out:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=xxx&redirect_uri=http%3A%2F%2F127.0.0.1%3A8090%2Fmicrosoft%2Foauth2callback&scope=Calendars.ReadWrite+offline_access&state=cXxt6NKPuG5tjXwmc0FzOCx9g4XSnz&access_type=offline

As you can see, the state isn't changed, and prompt=consent isn't added either.

agn-7 commented 1 year ago

I adopt an alternative approach to solve this issue, using furl PyPI package:

from furl import furl 

url, state_ = account.con.get_authorization_url(
    requested_scopes=SCOPES,
    redirect_uri="http://127.0.0.1:8090/microsoft/oauth2callback",
)
f = furl(url)
f.args["state"] = "1234567890"
f.args["prompt"] = "consent"

print(f.url)

Out:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=xxx&redirect_uri=http%3A%2F%2F127.0.0.1%3A8090%2Fmicrosoft%2Foauth2callback&scope=Calendars.ReadWrite+offline_access&state=1234567890&access_type=offline&prompt=consent

Now, state is changed and prompt is added properly.

agn-7 commented 1 year ago

With the #993 PR, you can simply add the optional parameters:

from O365 import Account

CLIENT_ID = "xxx"
SECRET_ID = 'yyy' 
CLIENT_SECRET = "zzz"
SCOPES = ['Calendars.ReadWrite', 'offline_access']
credentials = (CLIENT_ID, CLIENT_SECRET)

account = Account(credentials)

url, state = account.con.get_authorization_url(
    requested_scopes=SCOPES,
    redirect_uri="http://127.0.0.1:8090/microsoft/oauth2callback",
    state="1234567890",
    prompt='consent',
)

print(url)

Out:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=xxx&redirect_uri=http%3A%2F%2F127.0.0.1%3A8090%2Fmicrosoft%2Foauth2callback&scope=Calendars.ReadWrite+offline_access&state=1234567890&access_type=offline&prompt=consent

state is changed and prompt is set to consent properly.

alejcas commented 1 year ago

merged