Comments (4)
lepture
commented on May 18, 2024
@rudyardrichter I'm sorry for the misunderstanding. Currently only the OIDC client part is implemented, the server part is not yet. The next version is focusing on OAuth 1 server, so that it will take some time for OIDC server ready to use.
get_authorization_grant attempts to parse params from query string (not form data)
No, it should parse params from query string. This authorization_grant is used for the "dialog page that user (with or without login form) is asked to grant the access (or not)". This very page is landed by a redirection from your application to the OAuth server, it can't be a POST request.
from authlib.
rudyardrichter
commented on May 18, 2024
@lepture Supporting POST to the authorization endpoint is optional according to RFC 6749:
The authorization server MUST support the use of the HTTP "GET"
method [RFC2616] for the authorization endpoint and MAY support the
use of the "POST" method as well.
and mandatory in OIDC:
Authorization Servers MUST support the use of the HTTP GET and POST
methods defined in RFC 2616 [RFC2616] at the Authorization Endpoint.
Clients MAY use the HTTP GET or POST methods to send the Authorization
Request to the Authorization Server.
where, as I quoted above, OIDC stipulates that parameters for POST be in form data.
I suppose this is slightly moot until OIDC provider is supported. Still, even for OAuth, it would be nice to allow support for use of POST for the authorization endpoint.
from authlib.
lepture
commented on May 18, 2024
@rudyardrichter yes, you are right. I'll make a change in v0.4.
from authlib.
lepture
commented on May 18, 2024
It's collecting form data now. close it.
from authlib.
Related Issues (20)
- Should `generate_token` not be using `secrets.SystemRandom` instead of `random.SystemRandom`? HOT 4
- Client ID containing a colon doesn't work with OAuth2's client_secret_basic authentication method
- Next tag / release HOT 1
- How to check for JWT expiration without checking the signature?
- Enhancement: Litestar OAuth Client
- In Django projects ResourceProtector not able to decorate unclude('urls') or class methods. (solution provided)
- request to fix illogical and redundant code in ResourceProtector (solution provided).
- Allow the instance of ResourceProtector to be a decorator without an unnecessary call if we don't have any 'call' attribute, solution provided.
- InvalidClaimError "iss" because "options" inconsistent with "option_values" when using Azure's OAuth (templated endpoint) HOT 1
- Add several different public keys for one Tokenvalidator, or allow several Validators for one auth_type in ResourceProtector
- JWTBearerTokenGenerator.generate - can not able to generate token with expires_in=0
- JWTBearerTokenValidator don't send parameters now and leeway to claim.validate
- ask to transform inline function "load_key" to method of OpenIDMixin
- Documentation for FastAPI/Starlette for Oauth2 is incorrect/misleading/confusing? HOT 3
- Drop `starlette.config.Config` from the Starlette integration
- Support for OIDC4VC standards
- 1.3.0: sphinx warnings `reference target not found` HOT 3
- 1.3.0: pytest dails in few units HOT 1
- import importlib.metadata missing from authlib.integrations.flask_oauth2.errors.py? HOT 2
- Missing Dependencies (httpx & itsdangerous) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authlib.