search

requests / requests-oauthlib

OAuthlib support for Python-Requests!
https://requests-oauthlib.readthedocs.org/
ISC License
1.71k stars 421 forks source link

Fix documentation or fix the way client is handled in requests-oauthlib for refreshing tokens #489

Closed ghost closed 2 years ago

ghost commented 2 years ago

Hello!

I don't mind working through and trying to fix this in oauth2_sessions.py but it would require reworking how the client deceleration is handled. Unfortunately, the documentation for client refreshing isn't really accurate, as most endpoints expect a grant_type of refresh_token.

Assuming there isn't a massive interest in changing the way references are made to clients, at least the documentation can be updated. The fitbit example pointed me in the right direction after a couple of hours.

from requests.auth import HTTPBasicAuth
from requests_oauthlib import OAuth2Session
from oauthlib.oauth2 import Client

client_id = "abc"
client_secret = "def"
refresh_token = "hij"
refresh_url = "https://api.twitter.com/2/oauth2/token"
auth = HTTPBasicAuth(client_id, client_secret)
additional_headers = {
    'client_id': client_id,
}
# setting the client type
client = Client(client_id)
twitter_refresh = OAuth2Session(client=client)
twitter_refresh.refresh_token(auth_url, refresh_token=refresh_token, auth=auth, **additional_headers)

Sorry if it's a bit messy, but this will actually pass the proper grant type and fix any issues with refresh tokens not being returned. While I haven't tested it on Google's API -- from their documentation it seems they also need the same grant_type, so it might be worth it to actually try to fix the code to not require an undocumented workaround.

Just wanted to put this somewhere in-case anyone spent forever working on it.

ghost commented 2 years ago

Ignore this; I sadly realized my mistake was in the fact that refresh_token wasn't defined on the first run through... oops.