search

requests / requests-oauthlib

OAuthlib support for Python-Requests!
https://requests-oauthlib.readthedocs.org/
ISC License
1.71k stars 422 forks source link

`Session` subclasses should honor the `self.verify` flag by default #404

Closed smarie closed 2 years ago

smarie commented 4 years ago

I discovered this issue today while using Fiddler to debug my OAuth connection.

Each requests.Session object has a self.verify attribute stating if SSL certificates should be verified (for example to reject self-signed certificates).

Unfortunately, even if I set the attribute to False on an OAuth2Session object, this flag is not honoured because the default value is True (and not None) in fetch_token and refresh_token. Note: it does not seem to happen with OAuth1Session objects.

I can provide a PR to fix this, it is extremely easy.

jtroussard commented 4 years ago

By all means submit the PR and we'll get some folks to review it. Thanks!