search

requests / requests-oauthlib

OAuthlib support for Python-Requests!
https://requests-oauthlib.readthedocs.org/
ISC License
1.72k stars 424 forks source link

Okta support #463

Closed SquireOfSoftware closed 2 years ago

SquireOfSoftware commented 2 years ago

Do you guys support Okta?

I was getting this issue and I was wondering if it was misconfiguration on the Okta side of things or if it was how I was calling Okta:

Traceback (most recent call last):
  File "...client_credentials.py", line 17, in <module>
    token = oauth.fetch_token(token_url=f'{okta_url}/v1/token',
  File "/usr/local/lib/python3/requests_oauthlib/oauth2_session.py", line 360, in fetch_token
    self._client.parse_request_body_response(r.text, scope=self.scope)
  File "/usr/local/lib/python3/oauthlib/oauth2/rfc6749/clients/base.py", line 429, in parse_request_body_response
    self.token = parse_token_response(body, scope=scope)
  File "/usr/local/lib/python3/oauthlib/oauth2/rfc6749/parameters.py", line 425, in parse_token_response
    validate_token_parameters(params)
  File "/usr/local/lib/python3/oauthlib/oauth2/rfc6749/parameters.py", line 432, in validate_token_parameters
    raise_from_error(params.get('error'), params)
  File "/usr/local/lib/python3/oauthlib/oauth2/rfc6749/errors.py", line 402, in raise_from_error
    raise cls(**kwargs)
oauthlib.oauth2.rfc6749.errors.InvalidScopeError: (invalid_scope) The authorization server resource does not have any configured default scopes, 'scope' must be provided.

My code is:

from oauthlib.oauth2 import BackendApplicationClient
from requests_oauthlib import OAuth2Session

import logging

okta_url = "https://okta-url"
client_id = "client_id"
client_secret = "secret"
scopes = ['openid']

logging.basicConfig(level=logging.DEBUG)

client = BackendApplicationClient(client_id=client_id)
oauth = OAuth2Session(client=client, scope=scopes)
token = oauth.fetch_token(token_url=f'{okta_url}/v1/token',
                          include_client_id=True,
                          client_secret=client_secret)

print(token)
SquireOfSoftware commented 2 years ago

Nevermind I cracked it, so it turns out that you need to append scope to the body due to how Okta has implemented it:

For the future peeps, this got me talking with Okta:

token = oauth.fetch_token(token_url=f'{okta_url}/v1/token',
                          include_client_id=True,
                          client_secret=client_secret,
                          body="scope=customScope anotherScope")