requests / requests-oauthlib

OAuthlib support for Python-Requests!
https://requests-oauthlib.readthedocs.org/
ISC License
1.73k stars 424 forks source link

Missing ServiceApplicationClient oauth class #311

Open DavidePapa opened 6 years ago

DavidePapa commented 6 years ago

Hi,

i need to implement the MS365 on_behalf_of flow [0] (for brevity: i make an authorization code flow at beginning, and then i make another token request with custom params and token in the assertion param)

As first authentication i make an authorization_code_grant flow successfully, but when i make the second fetch_token with special parameter, i receive error about grant_type parameter TypeError: prepare_token_request() got multiple values for argument 'grant_type'

My problem is on prepare_token_request function at _oauthlib/oauth2/rfc6749/clients/webapplication.py(127) "In addition OAuthLib will add the 'grant_type' parameter set to 'authorization_code' "

so, i cannot set a custom grant_type params.

Do i make a bad use of request_oauthlib? if i try to make an OAuth2Session.post request i receive error AADSTS50013: Assertion contains an invalid signature. from server, probably because with post i don't set the correct header params for endpoint.

Many thanks for considering my request.

Davide

[0] - https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-on-behalf-of

singingwolfboy commented 6 years ago

Hi @DavidePapa, this looks like an interesting situation. I don't know anything about this "On-Behalf-Of flow", but I suspect that it's different from the standard web application flow. You might need to raise this issue in the oauthlib repository, and add support for this flow to oauthlib itself. Does that make sense?

DavidePapa commented 6 years ago

Hi @singingwolfboy ,

i've discovered that MS365 on_behalf_of flow is managed by oauthlib through the service application flow [0] because grant_type param is set with correct value. Unfortunately i didn't have much more time to test it (i hope during this week to be able to).

However this client is not managed by OAuth2Session class yet.

Regards

Davide

[0] - https://github.com/oauthlib/oauthlib/blob/master/oauthlib/oauth2/rfc6749/clients/service_application.py