Closed AlexanderPershin closed 1 year ago
For now in order to surpass this I had to add os.environ['AUTHLIB_INSECURE_TRANSPORT'] = 'true'
and create POST request using GET request object:
new_request = Request.from_values(method='POST', input_stream=StringIO(
data), content_length=len(data), content_type="multipart/form-data")
new_request.form = get_request.args
and then pass it to server
req = get_to_post(request, app)
token = server.create_token_response(request=req)
@AlexanderPershin per RFC, issuing token endpoint can only support POST method with form data. It is a standard.
I'll close this ticket now, you can reopen it if you find a RFC that telling people can use GET
for issuing a token.
Okay, got it. I just need to migrate the existing project from Flask-OAuthlib
to Authlib
and connect the frontends that use the GET
method to get the access_token
to the API. I suppose I would then have to update the frontends, although that would take a lot of work. Thanks for your reply anyway
Why is your project fetching token from front end? It seems unsafe for me.
It does not directly uses GET request it's just uses redirects. And /token
endpoint particularly uses GET method so I can't get around that. The code was written several years ago by other developer and now I need to refactor it
Describe the bug
works only with POST method and formData
Error Stacks
To Reproduce
Expected behavior
When using GET method on
/token
endpointserver.create_token_response()
will accept request search params instead of form data request body and continue authentication flowEnvironment:
Additional context
Add any other context about the problem here.