search

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
https://authlib.org/
BSD 3-Clause "New" or "Revised" License
4.49k stars 448 forks source link

_render method called twice causing duplicate OAuth parameters when using Auth1Auth plugin for httpx #542

Open balazser opened 1 year ago

balazser commented 1 year ago

Describe the bug

In the authlib library, I noticed that the _render method is called twice in the following code block when using the OAuth1Auth plugin for httpx. This results in duplicated OAuth parameters for the URL, which may cause unexpected behavior.

        uri, headers, body = self._render(uri, headers, body, oauth_params)

        sig = self.get_oauth_signature(method, uri, headers, body)
        oauth_params.append(('oauth_signature', sig))

        uri, headers, body = self._render(uri, headers, body, oauth_params)

I am using the OAuth1Auth plugin with httpx as follows:

OAuth1Auth(
            consumer_key,
            "...",
            token=...,
            token_secret=...,
            rsa_key=...,
            signature_method=...,
            signature_type=SIGNATURE_TYPE_QUERY,
        )

Error Stacks

The request is incomplete or incorrect;
Response: oauth_problem=parameter_rejected
oauth_parameters_rejected=oauth_nonce%3DEBDB7Xv5JUgkH3Qj6djMHFQjaainjU

To Reproduce

  1. Install the authlib library
  2. Set up the OAuth1Auth with the required credentials plugin for httpx
  3. Call the endpoint that utilizes the above code snippet
  4. Observe the duplicated OAuth parameters in the generated URL

Expected behavior

The _render method should be called only once, and the OAuth parameters should not be duplicated in the URL.

Environment: