Comments (6)
Would it not be better to explicitly sort the keyword arguments?
--- a/oauthlib/oauth2/draft25/parameters.py
+++ b/oauthlib/oauth2/draft25/parameters.py
@@ -64,7 +64,7 @@
if state:
params.append(('state', state))
- for k in kwargs:
+ for k in sorted(kwargs):
if kwargs[k]:
params.append((unicode_type(k), kwargs[k]))
@@ -98,7 +98,7 @@
if 'scope' in kwargs:
kwargs['scope'] = scope_to_string(kwargs['scope'])
- for k in kwargs:
+ for k in sorted(kwargs):
if kwargs[k]:
params.append((unicode_type(k), kwargs[k]))
--- a/tests/oauth2/draft25/test_client.py
+++ b/tests/oauth2/draft25/test_client.py
@@ -294,7 +294,7 @@
password = "bar"
body = "not=empty"
- body_up = "not=empty&grant_type=password&username=%s&password=%s" % (username, password)
+ body_up = "not=empty&grant_type=password&password=%s&username=%s" % (password, username)
body_kwargs = body_up + "&some=providers&require=extra+arguments"
token_json = ('{ "access_token":"2YotnFZFEjr1zCsicMWpAA",'
--- a/tests/oauth2/draft25/test_parameters.py
+++ b/tests/oauth2/draft25/test_parameters.py
@@ -56,7 +56,7 @@
'username': 'johndoe',
'password': 'A3ddj3w'
}
- password_body = 'grant_type=password&username=johndoe&password=A3ddj3w'
+ password_body = 'grant_type=password&password=A3ddj3w&username=johndoe'
cred_grant = {'grant_type': 'client_credentials'}
cred_body = 'grant_type=client_credentials'
from oauthlib.
Sorry, that patch isn't sufficient. I've uploaded a patch to Ubuntu and will do a pull request.
from oauthlib.
@warsaw - Thanks for the patch & #63!
OAuthLib aims to be very strictly spec compliant* and while sorting the parameters seem rather innocent it's not the expected behaviour. Furthermore I much rather improve the tests and make them robust than tweak the code to fit the tests. Adding an assert_url_equals method to TestCase is rather trivial (using urlparse for the heavy lifting).
For the two tuples I think TestCase.assertItemsEqual should be sufficient.
- if you find places where this could be improved upon please point it out =)
from oauthlib.
@warsaw I was not sure if you found any time to work more on the PR or not and since I found a free spot in my calendar and sorted this out. I've added you to AUTHORS, let me know if you'd prefer not to be listed.
Hopefully I covered most of it but will keep an eye out for flakyness.
I've pushed this to PYPI as 0.3.2.
Heard from @christofferholmstedt that you are working a bit with making OAuth requests and thought I'd give a shoutout to the awesome requests library that has OAuthLib powered OAuth support built in =)
Here's an example on doing HMAC-SHA1 signed requests but RSA and plaintext are of course also supported.
http://docs.python-requests.org/en/latest/user/quickstart/#oauth-authentication
from oauthlib.
On Nov 08, 2012, at 12:05 PM, Ib Lundgren wrote:
@warsaw I was not sure if you found any time to work more on the PR or not
and since I found a free spot in my calendar and sorted this out. I've added
you to AUTHORS, let me know if you'd prefer not to be listed.
Thanks so much! I was almost literally just getting back to this after UDS-R
and post-Copenhagen travel. You probably beat me by just a couple of hours. :)
Hopefully I covered most of it but will keep an eye out for flakyness.
I've pushed this to PYPI as 0.3.2.
Fantastic, thanks. I'll test the PyPI version. If it looks good, I'll go
ahead and upload to Ubuntu 13.04, otherwise will file bugs if I find any other
problems.
Heard from @christofferholmstedt that you are working a bit with making OAuth
requests and thought I'd give a shoutout to the awesome requests library that
has OAuthLib powered OAuth support built in =)
Indeed! We've upgraded urllib3 and requests in 13.04 to the latest PyPI
versions. One change we're making in the packaging though, is to use
chardet2, urllib3, and oauthlib from the Debian packages instead of the
bundled versions in requests (I wonder why they do that :/).
It all needs a bit of testing, but after I get everything uploaded properly,
I'll start converting some of the dependent packages, and continue testing.
Here are an example on doing HMAC-SHA1 signed requests but RSA and plaintext
is of course also supported.
http://docs.python-requests.org/en/latest/user/quickstart/#oauth-authentication
Thanks!
from oauthlib.
The reason requests vendors OAuthLib is because we are still in a flux with quite frequent changes. @kennethreitz is a very responsive and friendly guy so if the vendoring is a concern just ping him.
Although we are unlikely to break anything related to OAuth 1 clients most of the OAuth 2 API will likely undergo quite a bit of changes. One day (probably quite a few months from now) I envision hitting 1.0 at which point the API will be stable.
Feel free to send bugs, PRs and just about anything our way and we'll take a look at it =)
from oauthlib.
Related Issues (20)
- oauth2 implicit grant does not seem to properly return the error in uri fragment when client is unauthorized to use response_type token HOT 1
- RFC5849 oauth1 signature base_string_uri doesn't parse IPv6 addresses
- Pre-configured OIDC server should use OIDC refresh token grant type HOT 5
- Security Issue in OAuthLib HOT 1
- CI/Pipeline broken since TravisCI consumed all "OSS credits" HOT 2
- Merging the fix of CVE-2022-36087 into tag v3.2.1 HOT 8
- URI validation does not support shortform localhost IPv6 URIs HOT 1
- Latest version on pypi.org (3.2.2) not reflected here - is it safe? HOT 2
- private_key_jwt
- Will the default warning behavior for scope changes be updated? HOT 1
- Please support http.client as the a request client HOT 3
- OAuth2Session is not pickleable HOT 2
- Docs: Add link to GitHub project sidebar? HOT 1
- Support for refresh token expiration
- typing issues HOT 2
- Problem with use oauthlib with last version cryptography
- Adopt `build` because running `setup.py` is deprecated for security reasons
- Oauthlib not catching error: CompactToken validation failed with reason code: 80049228 HOT 1
- accessing session user in validate_silent_login
- fastapi Support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauthlib.