When using the exactly same credentials and API call signatures, the requests client could access protected resources from OAuth protected API, while the signature of requests made by httpx client is rejected.
This only happens for POST requests which sends non-binary data (Content-Type will be x-www-form-urlencoded).
Error Stacks
Error are raised at server side and is service-specific (depends on how API services respond to invalid OAuth signatures) so there's no error stack.
Reproducing the issue with the above script requires access to OAuth1.0 protected API resources.
In the above example, the requests client could access the protected resource without a problem, while the httpx client is rejected by an incorrect signature error.
Expected behavior
Both requests client and httpx client should have access to the protected resource when authenticated with access token.
Environment:
OS: Ubuntu 22.04
Python Version: 3.10.6
Authlib Version: 1.2.0
httpx version: 0.23.1
Additional context
I've tried to fix the issue and the fix seems working on my end, though I've only tested httpx OAuth1 client. Not sure whether it will break another clients or not.
Describe the bug
When using the exactly same credentials and API call signatures, the requests client could access protected resources from OAuth protected API, while the signature of requests made by httpx client is rejected.
This only happens for POST requests which sends non-binary data (
Content-Type
will bex-www-form-urlencoded
).Error Stacks
Error are raised at server side and is service-specific (depends on how API services respond to invalid OAuth signatures) so there's no error stack.
To Reproduce
Reproducing the issue with the above script requires access to OAuth1.0 protected API resources. In the above example, the requests client could access the protected resource without a problem, while the httpx client is rejected by an incorrect signature error.
Expected behavior
Both requests client and httpx client should have access to the protected resource when authenticated with access token.
Environment:
Additional context
I've tried to fix the issue and the fix seems working on my end, though I've only tested httpx OAuth1 client. Not sure whether it will break another clients or not.