Upon trying to redeem a code and then verifying the tokens gotten, Authlib attempts to call "auth_method", which is a string - or somehow gets mutated to a string. This throws a TypeError
Error Stacks
Traceback (most recent call last):
File "/opt/secman/venv/lib/python3.9/site-packages/bottle.py", line 876, in _handle
return route.call(**args)
File "/opt/secman/venv/lib/python3.9/site-packages/bottle.py", line 1759, in wrapper
rv = callback(*a, **ka)
File "/opt/secman/apihan.py", line 202, in WRAPPEDFUNC
return func(self, *args, **kwargs)
File "/opt/secman/apihan.py", line 263, in HandleAuthCallback
InState = self._oidcptr.FetchSession(InData["code"], InState)
File "/opt/secman/oidchan.py", line 186, in FetchSession
InRes = OIDCSes.fetch_token(
File "/opt/secman/venv/lib/python3.9/site-packages/authlib/oauth2/client.py", line 207, in fetch_token
return self._fetch_token(
File "/opt/secman/venv/lib/python3.9/site-packages/authlib/oauth2/client.py", line 351, in _fetch_token
resp = self.session.post(
File "/opt/secman/venv/lib/python3.9/site-packages/requests/sessions.py", line 637, in post
return self.request("POST", url, data=data, json=json, **kwargs)
File "/opt/secman/venv/lib/python3.9/site-packages/authlib/integrations/requests_client/oauth2_session.py", line 109, in request
return super(OAuth2Session, self).request(
File "/opt/secman/venv/lib/python3.9/site-packages/requests/sessions.py", line 575, in request
prep = self.prepare_request(req)
File "/opt/secman/venv/lib/python3.9/site-packages/requests/sessions.py", line 486, in prepare_request
p.prepare(
File "/opt/secman/venv/lib/python3.9/site-packages/requests/models.py", line 372, in prepare
self.prepare_auth(auth, url)
File "/opt/secman/venv/lib/python3.9/site-packages/requests/models.py", line 603, in prepare_auth
r = auth(self)
File "/opt/secman/venv/lib/python3.9/site-packages/authlib/integrations/requests_client/oauth2_session.py", line 38, in __call__
req.url, req.headers, req.body = self.prepare(
File "/opt/secman/venv/lib/python3.9/site-packages/authlib/oauth2/auth.py", line 66, in prepare
return self.auth_method(self, method, uri, headers, body)
TypeError: 'str' object is not callable
To Reproduce
Install Authlib + Requests, pin Authlibs to 1.2.1 and Requests to 2.31.0
Attempt to perform a code flow redeem against a OIDC provider as per the documentations for the Authlib Requests client- I've used Keycloak here.
Expected behavior
Succesful code redeem, allowing the user to login.
Authlib Version: 1.2.1 (Of note, this version is only visible on PyPI, not on Github?)
Additional context
From the looks of things, it appears the problem occurs when Keycloak sends a incompatible auth_method, my code auto-selects the first one, but Authlib doesn't throw an error to say that it is incompatible. Additionally, the documentation does not disclose the limited selection of client authentication methods, else I would have added some logic to handle this error. This needs to be fixed.
Describe the bug
Upon trying to redeem a code and then verifying the tokens gotten, Authlib attempts to call "auth_method", which is a string - or somehow gets mutated to a string. This throws a TypeError
Error Stacks
To Reproduce
Expected behavior
Succesful code redeem, allowing the user to login.
Environment:
Additional context
From the looks of things, it appears the problem occurs when Keycloak sends a incompatible auth_method, my code auto-selects the first one, but Authlib doesn't throw an error to say that it is incompatible. Additionally, the documentation does not disclose the limited selection of client authentication methods, else I would have added some logic to handle this error. This needs to be fixed.