Closed marcvs closed 10 months ago
Hi @marcvs, thanks for the report. Please provide some oauth2 client credentials so I can reproduce the issue and help you. If it is confidential and you cannot share it in public or at all, please provide the custom backend implementation you are using. Also, I am curious if you are able to authenticate with the same oauth2 backend and credentials in a Django application, so we can verify the cause of the issue is fastapi-oauth2
.
Hi @ArtyomVancyan,
I'll send a fork of the fastapi-oauth2
repo with my changes in a bit.
I'd mail the client_secret straight to you, since I would not like to put it on github. Could you send me a contact?
I simply extended config.py here: https://github.com/marcvs/fastapi-oauth2/tree/test/authcode-flow
I didn't implement Django for this client, but other clients are implemented for it. I think that part works nicely, because we do get back the code
parameter. My guess is that things go wrong is either before or when getting the access token
by using the code
. Just: I was not able to turn on logging for urllib
or werkzeug
Hi @ArtyomVancyan, I'll send a fork of the
fastapi-oauth2
repo with my changes in a bit. I'd mail the client_secret straight to you, since I would not like to put it on github. Could you send me a contact?
Please reach me by mailing: artyom@pysnippet.org. I will debug it locally and keep you aware. Also, I need an account for logging in at the https://login.helmholtz.de/oauth2-as/oauth2-authz-web-entry step. If you have an account for testing and development, please give that credentials as well.
Thanks for trusting and sharing the client's secret so I could test it locally. The issue is because of the setting
method of the BaseAuth
class, which is a parent for the used OpenIdConnectAuth
class. It was supposed to see the set variables such as OIDC_ENDPOINT
, AUTHORIZATION_URL
, etc., but it does not. To fix this issue, you can use the following backend:
class HelmholtzOpenIdConnect(OpenIdConnectAuth):
name = "helmholtz"
OIDC_ENDPOINT = "https://login.helmholtz.de/oauth2"
ID_TOKEN_ISSUER = "https://login.helmholtz.de/oauth2"
ACCESS_TOKEN_URL = "https://login.helmholtz.de/oauth2/token"
AUTHORIZATION_URL = "https://login.helmholtz.de/oauth2-as/oauth2-authz"
REVOKE_TOKEN_URL = "https://login.helmholtz.de/oauth2/revoke"
USERINFO_URL = "https://login.helmholtz.de/oauth2/userinfo"
JWKS_URI = "https://login.helmholtz.de/oauth2/jwk"
def setting(self, name, default=None):
return getattr(self, name, default)
Wow, wonderful! That fixed my problem! Thanks for resonding so quickly!
One other question: Those configuration entries are all available via the .well-known/openid-configuration
endpoint. What am I missing that this auto-config does not work?
Those issues come from the bad behavior of the setting
method. A method called oidc_config
gets all the configurations for you and uses the setting
method. I did not dive into their codes that much, but it is not enough to set only OIDC_ENDPOINT
for OpenIdConnectAuth
type of backends.
Wow, wonderful! That fixed my problem! Thanks for resonding so quickly!
Nice to hear :)
Bug description
I use a social_core based configuration for my OP, which I know works well, e.g. with django.
I configured all endpoints manually, because I didn't get autoconfig to work.
I use your exapmles/demontration for testing
Visiting http://localhost:8000/oauth2/helmholtz/authorize with my browser triggers the login flow, and (rightly) returns me to http://localhost:8000/oauth2/helmholtz/token?code=HFKP5DlIOdJQ6eWGgt-TK_PRCB4yqFDMJ9O_vkLfA8k&state=yXuBLKjQvrOfxpsVMArBfGGtiYZXBYEo
Somewhere there I loose track, because I can't enable proper logging (input appreciated)
Errors I'm shown are added below.
Reproduction steps
Logs
Browserside:
Browsers
Firefox, Chrome
OS
Windows, Linux