[Bug][Python] oauth

[loeti82]

Description

I generated Python client from our valid OpenAPI Spec. But the OAuth2 code is incomplete (in my understanding)

The Getting Started section in the generated client looks like this

openapi-generator version

Latest release (commit d0d545bbdd409a177befa12cff809607751941f2) with the help of docker

OpenAPI declaration file content or url

OpenAPI Gist

Command line used for generation

./run-in-docker.sh generate -i ./clientapi-v3-openapi-spec.json -g python -o ./out/python-client

Steps to reproduce

Following the instructions here: https://github.com/OpenAPITools/openapi-generator#16---docker

Related issues/PRs

776 for Java but same intention

Similar Issue in C-Sharp: #3714 Maybe: #2411

Suggest a fix/enhancement

Option 1: I would find something like this helpful.

config=openapi_client.Configuration() config.oauth.client.id= client_id config.oauth.client.secret= client_secret config.oauth.client.user= user ...

Option 2: If it is required to write my own layer to handle/generate the oauth2 token I would appreciate if the documentation and the generated readme would point me to this.

[auto-labeler[bot]]

👍 Thanks for opening this issue! 🏷 I have applied any labels matching special text in your issue.

The team will review the labels and make any necessary changes.

[wing328]

@loeti82 we can work with you to provide better support for OAuth2 in the Python client. Please let me know if you can contribute the enhancement.

[loeti82]

I'd like to help. But my time is limited and it would be helpful if you could guide me. I think the first improvement would be my option number two: Make a note in documentation. Would you agree?

So far I made wrapper (I needed one any way) to handle it: https://gist.github.com/loeti82/389262f3cf1e37338a0efbc68cdad3f6

[wing328]

Make a note in documentation. Would you agree?

Agreed.

Please PM me via Slack to discuss how we can proceed this further.

[VonUniGE]

I've succeed using OAuth2 authentication by patching the client, but I would like to add this at the generator level.

Can you give me some guidance on this ? Where to start ?

Would modifying templates (https://openapi-generator.tech/docs/templating#modifying-templates) be sufficient ?

[wing328]

The Python client template can be found in https://github.com/OpenAPITools/openapi-generator/tree/master/modules/openapi-generator/src/main/resources/python. Please update it accordingly and let us know if you need help with the PR.

[sebastien-rosset]

For OAuth2, there are plenty of libraries: https://oauth.net/code/python/, each with pros and cons. There may be others as well. Some of them are minimalistic, other come with a large baggage. Also: https://github.com/googleapis/oauth2client

As a comparison, I like the golang API, which has a concept of TokenSource: https://godoc.org/golang.org/x/oauth2#TokenSource

[loeti82]

For OAuth2, there are plenty of libraries: https://oauth.net/code/python/, each with pros and cons. There may be others as well. Some of them are minimalistic, other come with a large baggage. Also: https://github.com/googleapis/oauth2client

As a comparison, I like the golang API, which has a concept of TokenSource: https://godoc.org/golang.org/x/oauth2#TokenSource

Thank you for the links. I use https://github.com/requests/requests-oauthlib (mentioned in the overview you provided) already.

[mojeto]

I like how requests-oauthlib handles token refresh automatically I would like to add this functionality into ApiClient python client generated. The issues:

1. ApiClient uses urllib3 directly - requests-oauthlib code uses oauthlib and requests and that uses urllib3 so no direct reuse of code possible.
2. Generated Configuration doesn't deal with refresh token, token expiration time etc.

Does it make sense to integrate whole oauthlib with current ApiClient or is it implementing the refresh token flow into ApiClient it self enough.?

Is there any work in progress for this issue?

[i3rinkmann]

Bump

i was wondering if any progress was made in the last year. I am currently using a python client in my application and have to implement a workaround for the oauth token handling.

[wing328]

I don't think anyone has started working on this yet. We welcome contributions from you or you may consider sponsoring this task to give it a higher priority: https://github.com/OpenAPITools/openapi-generator/wiki/FAQ#how-to-sponsor-a-task-eg-bug-fixes-enhancements-new-generators-etc

[sidd607]

@wing328 Has this been implemented. If not I can contribute to it. Can you point me to JAVA or any other language where this works, I can add similar python specifics

[unrealsolver]

I want to have client credentials OAuth2 flow implemented. I already have a working custom implementation, will try to stitch it to the generator.

[wing328]

@unrealsolver let us know if you need help with the PR.

[rbcb-bedag]

@unrealsolver could you share your custom implementation/generator files ? i have currently the same problem. would like to do an OAuth2 authorization with client_credential flow.

at the moment i first fetch the token and then set it to the configuration for the ApiClient (configuration.access_token = "XY"). but i would find it better to do it automatically internal in the generated client.

thx

[reidmeyer]

Any update on this?

[unrealsolver]

@rbcb-bedag @wing328 Sorry for the delay - I hope these files might help you: https://gist.github.com/unrealsolver/f91c95446da55869bc98c7deef16c7b0#file-usage-py I removed some confidential parts from it. Try running diff to see what parts I changed to achieve client credentials flow. At this moment I am completely out of context, it was 8 mo ago.

[silvanro]

Has anybody achieved to get this running? I'm having trouble integrating the code provided by unrealsolver to get client credentials flow working. Thanks to all of you for your work!

[AndreyDodonov-EH]

@silvanro I made OAuth work for me, but I modified the generated code. If you want I can share a diff

[AndreyDodonov-EH]

@silvanro Not all flows though, but you can implement it separately and just pass the creds, it's supported by my modification