You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think that's related to a oauthlib design issue when doing OIDC.
oauthlib needs the "scope" to determine if we have "openid" in it. If yes, it calls the OpenID flow, else it calls the OAuth2 flow. That's the Dispatcher.
Any PRs welcome to improve the situation, but it will involves to find another mechanism to replace the Dispatcher.
If oauthlib remains as it is, I'd recommand to implement both functions, but get_authorization_code_scopes do the actual validation but returns [] if the code is invalid, and validate_code only return the validation status done at the previous callback.
The validator function get_authorization_code_scopes is called before validate_code, and it is not logical. Why?
The text was updated successfully, but these errors were encountered: