New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OIDC request_type "code token" does not save access token #755
Labels
Bug
Contributor Friendly
OAuth2-Provider
This impact the provider part of OAuth2
OIDC
OpenID Connect
Comments
Hi, it seems a mistake for hybrid mode; I suppose a problem of oauthlib itself. Does anyone has some time to have a look on it for a PR ? |
JonathanHuot
added
Bug
OAuth2-Provider
This impact the provider part of OAuth2
OIDC
OpenID Connect
Contributor Friendly
labels
Jun 18, 2021
I'd be happy to submit a PR that implements the solution I outlined above - assuming it is good? |
That would be very kind, yes. |
kazkansouh
added a commit
to kazkansouh/oauthlib
that referenced
this issue
Aug 18, 2021
auvipy
pushed a commit
that referenced
this issue
Aug 18, 2021
achraf-mer
pushed a commit
to achraf-mer/oauthlib
that referenced
this issue
Oct 21, 2021
awais786
added a commit
to openedx/edx-platform
that referenced
this issue
Jun 24, 2022
** method names changed from `construct_base_string` to `signature_base_string` and from `normalize_base_string_uri` to `base_string_uri`. ** explicitly trigger the `save_token` call. for more details check * oauthlib/oauthlib#755 * https://github.com/oauthlib/oauthlib/pull/651/files
mumarkhan999
pushed a commit
to openedx/edx-platform
that referenced
this issue
Oct 4, 2022
** method names changed from `construct_base_string` to `signature_base_string` and from `normalize_base_string_uri` to `base_string_uri`. ** explicitly trigger the `save_token` call. for more details check * oauthlib/oauthlib#755 * https://github.com/oauthlib/oauthlib/pull/651/files
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Bug
Contributor Friendly
OAuth2-Provider
This impact the provider part of OAuth2
OIDC
OpenID Connect
I was experimenting with
django-oauth-toolkit
and noticed when setting a request type ofcode token
the returned access token was not valid because it was not saved into the database. Looking into the issue I believe that during the hybrid flow forcode
, after the token is generated there is a missing call torequest_validator.save_token(code, request)
.That is, the following code:
oauthlib/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
Lines 272 to 279 in d54965b
After
oauth2.rfc6749.grant_types.base.GrantTypeBase.add_token
is called as a modifier there is no corresponding call torequest_validator.save_token
. That is, I would have expected (based on examining the implicit flow) to see something like the following present:Alternatively, if
save_authorization_code
is expected to make this check then this is an issue for thedjango-oauth-toolkit
project.Version
The text was updated successfully, but these errors were encountered: