Describe the bug
As we can see in the method session_params of exchangelib.credentials.OAuth2AuthorizationCodeCredentials, there's token auto-refresh capability implemented. The same is missing from the basic OAuth2Credentials class, but this one supports single-tenant apps through its token_url property:
So, if I use OAuth2Credentials, during the auto-refresh I don't get back a refreshable token and it is not even working.
If I use OAuth2AuthorizationCodeCredentials, then the token is usable even after refresh, but if the app is a single-tenant one, it errors on refresh because it uses the common token URL.
Therefore I fixed the behavior on Robocorp side with this simple patch. Can you explain why the OAuth2AuthorizationCodeCredentials flow is bound to multi-tenant apps and OAuth2Credentials to single-tenant ones? (why not deciding if it's about a multi or single tenant app based on the value we provide to tenant_id -- if not provided, common (multi-tenant) is assumed)
To Reproduce
Just use OAuth2AuthorizationCodeCredentials with single-tenant apps as OAuth2Credentials doesn't seem to provide indefinite auto-refresh capability and the obtained token seems to fail with this one.
Expected behavior
Expecting to distinguish from single/multi-tenant client apps based on tenant_id parameter (if provided), not given the picked up credentials class. Or at least having the same auto-refresh behaviour available in both if I have to choose between the classes given the app type.
How about clearer docs at the same time as they explain this small difference between the two, but by judging the behaviour and implementation, there are a LOT of differences.
Log output
N/A
Additional context
While using Robot Framework's Authorize keyword with rpaframework library.
Describe the bug As we can see in the method
session_params
ofexchangelib.credentials.OAuth2AuthorizationCodeCredentials
, there's token auto-refresh capability implemented. The same is missing from the basicOAuth2Credentials
class, but this one supports single-tenant apps through itstoken_url
property:OAuth2Credentials
, during the auto-refresh I don't get back a refreshable token and it is not even working.OAuth2AuthorizationCodeCredentials
, then the token is usable even after refresh, but if the app is a single-tenant one, it errors on refresh because it uses the common token URL.Therefore I fixed the behavior on Robocorp side with this simple patch. Can you explain why the
OAuth2AuthorizationCodeCredentials
flow is bound to multi-tenant apps andOAuth2Credentials
to single-tenant ones? (why not deciding if it's about a multi or single tenant app based on the value we provide totenant_id
-- if not provided, common (multi-tenant) is assumed)To Reproduce Just use
OAuth2AuthorizationCodeCredentials
with single-tenant apps asOAuth2Credentials
doesn't seem to provide indefinite auto-refresh capability and the obtained token seems to fail with this one.Expected behavior Expecting to distinguish from single/multi-tenant client apps based on
tenant_id
parameter (if provided), not given the picked up credentials class. Or at least having the same auto-refresh behaviour available in both if I have to choose between the classes given the app type.How about clearer docs at the same time as they explain this small difference between the two, but by judging the behaviour and implementation, there are a LOT of differences.
Log output N/A
Additional context While using Robot Framework's Authorize keyword with rpaframework library.