There are use cases where you want to pass 0 to authorize_redirect, for example Auth0 allows you to force login again by passing max_age=0, as described here.
The current code for prepare_grant_uri filters out such parameters. This PR changes that to explicitly filter out None instead.
What kind of change does this PR introduce? (check at least one)
[x] Bugfix
[ ] Feature
[ ] Code style update
[ ] Refactor
[ ] Other, please describe:
Does this PR introduce a breaking change? (check one)
Debatable? Technically a breaking change if someone was passing a non-None falsey value to authorize_redirect() previously.
[x] You consent that the copyright of your pull request source code belongs to Authlib's author.
lepture
commented
1 year ago
There are use cases where you want to pass
0toauthorize_redirect, for example Auth0 allows you to force login again by passingmax_age=0, as described here.The current code for
prepare_grant_urifilters out such parameters. This PR changes that to explicitly filter outNoneinstead.What kind of change does this PR introduce? (check at least one)
Does this PR introduce a breaking change? (check one)
Debatable? Technically a breaking change if someone was passing a non-
Nonefalsey value toauthorize_redirect()previously.