The configuration class allows for basic authentication credentials to be passed, yet, when actually issuing requests, the credentials that are configured are skipped, leading to 401 status codes.
Reproducing the bug
Instantiate a client as follows:
from ory_hydra_client.configuration import Configuration
from ory_hydra_client.api import admin_api
from ory_hydra_client.api_client import ApiClient
configuration = Configuration(host=host, username=username, password=password)
with ApiClient(configuration) as api_client:
api = admin_api.AdminApi(api_client)
Try and issue a login request on a Hydra instance that is protected with BasicAuth, e.g.:
api.get_login_request(challenge)
Expected result: A properly authenticated request is executed.
Actual result: HTTP 401 due to missing authorization headers.
Why is this happening? Look at the endpoint definition:
Note the empty auth. Now, the credentials are actually picked up by this piece of code -- self.configuration.auth_settings():
def update_params_for_auth(self, headers, queries, auth_settings,
resource_path, method, body):
"""Updates header and query params based on authentication setting.
:param headers: Header parameters dict to be updated.
:param queries: Query parameters tuple list to be updated.
:param auth_settings: Authentication setting identifiers list.
:param resource_path: A string representation of the HTTP request resource path.
:param method: A string representation of the HTTP request method.
:param body: A object representing the body of the HTTP request.
The object type is the return value of _encoder.default().
"""
if not auth_settings:
return
for auth in auth_settings:
auth_setting = self.configuration.auth_settings().get(auth)
But, that code does not kick in if auth_settings is empty, which is the case due to the login request endpoint definition above.
Preflight checklist
Describe the bug
The configuration class allows for basic authentication credentials to be passed, yet, when actually issuing requests, the credentials that are configured are skipped, leading to 401 status codes.
Reproducing the bug
Instantiate a client as follows:
Try and issue a login request on a Hydra instance that is protected with BasicAuth, e.g.:
api.get_login_request(challenge)
Expected result: A properly authenticated request is executed.
Actual result: HTTP 401 due to missing authorization headers.
Why is this happening? Look at the endpoint definition:
Note the empty
auth
. Now, the credentials are actually picked up by this piece of code --self.configuration.auth_settings()
:But, that code does not kick in if
auth_settings
is empty, which is the case due to the login request endpoint definition above.Workaround:
Related:
Relevant log output
No response
Relevant configuration
No response
Version
ory-hydra-client 1.11.8
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes
Additional Context
No response