Support for the GET /oauth/authorize is broken - returns 500

authlib / example-oauth2-server

Example for OAuth 2 Server for Authlib.

https://authlib.org/

685 stars 285 forks source link

Support for the GET /oauth/authorize is broken - returns 500 #90

Open LewisPringle opened 2 years ago

LewisPringle commented 2 years ago

Just using this example to explore the library, and hard to tell how things are supposed to fit together without docs or a (working) sample.

To reproduce the problem, just setup and run (flask run)

Verify

curl -u ${client_id}:${client_secret} -XPOST http://127.0.0.1:5000/oauth/token -F grant_type=password -F username=${username} -F password=${password} -F scope=profile

works fine/as expected.

Then try (from a web browser probably but thats what I was trying to figure out) GET http://127.0.0.1:5000/oauth/authorize

Crashes cuz

,,,
  File "/home/lewis/.local/lib/python3.10/site-packages/flask/app.py", line 1796, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/mnt/c/Sandbox/SimoneOAuth2/example-oauth2-server/website/routes.py", line 101, in authorize
    grant = authorization.get_consent_grant(end_user=user)
AttributeError: 'AuthorizationServer' object has no attribute 'get_consent_grant'

LewisPringle commented 2 years ago

maybe a hint is recent work done?

https://github.com/authlib/example-oauth2-server/commit/3fb7a27dfa7c963518e74a60a039e41867ce87fe

Does this maybe count on a different version of authlib?

LewisPringle commented 2 years ago

Another clue is that the requirements.txt file has Authlib==0.14.3. That appears on the old side (from May 2020).

LewisPringle commented 2 years ago

OK - in current code there is: https://github.com/lepture/authlib/blob/master/authlib/oauth2/rfc6749/authorization_server.py#L201

LewisPringle commented 2 years ago

Well, after updating to the latest version of the library, it works a little better, but now just prints out exception unsupported_response_type

NOTE - I created a CLIENT with response_types: ['code', 'token', 'id_token'] not sure which type I'm missing?

anastasijamalyk commented 2 years ago

Hey, I am having the same problem, did you find any solution to it?

LewisPringle commented 2 years ago

still fiddling but yes (sort of). Change the requirements.txt file to point to the latest version of authlib.

On Wed, Oct 19, 2022 at 8:52 AM anastasijamalyk @.***> wrote:

Hey, I am having the same problem, did you find any solution to it?

— Reply to this email directly, view it on GitHub https://github.com/authlib/example-oauth2-server/issues/90#issuecomment-1283968127, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHFVTF6YZUDI4CKL7HXEBTWD7VKLANCNFSM6AAAAAARHL7QYE . You are receiving this because you authored the thread.Message ID: @.***>

anastasijamalyk commented 2 years ago

I did it, the get_consent_grant error disappeared, but not supported response type is till there

marcejohnson commented 2 years ago

Solved it. Here is how: 1) Changed requirements.txt to use latest Authlib. Perform a fresh pip install -r requirements.txt. 2) Blow away your db.sqlite and let the mixin recreate the database. You will notice two new columns in the oauth2_token table:

access_token_revoked_at
refresh_token_revoked_at 3) Restart the app.

Now everything works. Re-tested flow examples in README.md and they pass. Cheers.
Related PR: https://github.com/authlib/example-oauth2-server/pull/91