search

pulp / pulp-cli

https://docs.pulpproject.org/pulp_cli/
GNU General Public License v2.0
36 stars 42 forks source link

OAuth support broken in 0.29.2 #1093

Closed dkliban closed 1 month ago

dkliban commented 1 month ago

Summary

I have configured pulp-cli to interact with Pulp on console.redhat.com which advertises OAuth as a security scheme. However, pulp-cli sends Basic auth instead of trying to get a Bearer token.

Pulp and pulp-cli version info

pulpcore 3.61 and pulp-cli 0.29.2

Additonal context

pulp-cli 0.28.4 works just fine.

mdellweg commented 1 month ago

Let me just cite the corresponding RFC:

"Clients in possession of a client password MAY use the HTTP Basic authentication scheme [...] The authorization server MUST support the HTTP Basic authentication scheme for authenticating clients [...]"

from: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1

dkliban commented 1 month ago

@mdellweg and I chatted and it turns out that this is due to a change in setting names that are used for specifying client_id and client_secret. Prior to 0.29.0, the username and password could be used the specify the client_id and client_sercret. However, in 0.29.0, pulp-cli introduced separate client_id and client_secret settings.

The comment above is unrelated to this issue.

https://pulpproject.org/pulp-cli/changes/#0.29.0