Credentials OAuth 2.0 helpers not working as expected

[sserrata]

• Palo Alto Networks Cloud Python SDK version: v1.1.0
• Python version: 2.7, 3.5+
• Operating System: Any

Description

Attempted to utilize the OAuth 2.0 helper methods included in the Credentials class and encountered some unexpected behavior and inconsistencies.

• The get_authorization_url method currently accepts the following args:

      instance_id (str): App Instance ID. Defaults to ``None``.
      redirect_uri (str): Redirect URI. Defaults to ``None``.
      region (str): App Region. Defaults to ``None``.
      scope (str): Permissions. Defaults to ``None``.
      state (str): UUID to detect CSRF. Defaults to ``None``.

  What's not immediately apparent is that client_id is also required, which means it should either be passed in the Credentials() constructor, be present in the credentials store/file or be accepted as a key-word argument.

• The fetch_tokens method currently accepts the following args:

      code (str): Authorization code. Defaults to ``None``.
      redirect_uri (str): Redirect URI. Defaults to ``None``.

  The problem is that for the authorization code grant type, client_id and client_secret must also be included in the payload (HTTP basic authentication is not currently supported). Additionally, the HTTP header Content-Type must be set to application/x-www-form-urlencoded. Due to these omissions, the fetch_tokens method does not function.

Suggested Fixes

• Add client_id key-word argument to get_authorization_url method with support for resolving if passed as Credentials() kwarg or if present in credentials store/file.
• Add client_id and client_secret kwargs to fetch_tokens method and add headers argument to set HTTP header Content-Type to application/x-www-form-urlencoded.

[sserrata]

• Temporary work around for fetch_tokens issue:

  https://gist.github.com/sserrata/a389768941db65d6ff8c96355baffe0a