When implementing authorization code flow with a WSO2 server, even with the OIDC_TOKEN_USE_BASIC_AUTH = True, there is still a "The client MUST NOT use more than one authentication method" error.
I've manually removed the client_id from the payload in addition to client_secret and it works.
Is this a problem with how the WSO2 is configured, or has someone ran into the same issue?
Thank you.
def get_token(self, payload):
"""Return token object as a dictionary."""
auth = None
if self.get_settings("OIDC_TOKEN_USE_BASIC_AUTH", False):
# When Basic auth is defined, create the Auth Header and remove secret from payload.
user = payload.get("client_id")
pw = payload.get("client_secret")
auth = HTTPBasicAuth(user, pw)
del payload["client_secret"]
del payload["client_id"] # This is what we changed.
response = requests.post(
self.OIDC_OP_TOKEN_ENDPOINT,
data=payload,
auth=auth,
verify=self.get_settings("OIDC_VERIFY_SSL", True),
timeout=self.get_settings("OIDC_TIMEOUT", None),
proxies=self.get_settings("OIDC_PROXY", None),
)
self.raise_token_response_error(response)
return response.json()
Hello,
When implementing authorization code flow with a WSO2 server, even with the OIDC_TOKEN_USE_BASIC_AUTH = True, there is still a "The client MUST NOT use more than one authentication method" error.
I've manually removed the client_id from the payload in addition to client_secret and it works.
Is this a problem with how the WSO2 is configured, or has someone ran into the same issue?
Thank you.