[BUG] Custom Auth caching ignores scopes #1775
Labels
Core: Transport
Sending data to the tested app
Difficulty: Intermediate
Requires some experience
Priority: Medium
Planned for regular releases
Type: Bug
Errors or unexpected behavior
Checklist
Describe the bug
When implementing custom auth, I'm using the scopes provided by the security schema to request an access token with the required scopes.
When a request to a different endpoint that requires different scopes is made, schemathesis uses the token with the wrong scopes.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
As documented in the schema, the different endpoints have different security scopes.
Therefore, I'd expect the custom auth implementation to be called again with the different authentication context to request an access token with the right scopes.
Environment (please complete the following information):
N/A, but will provide anyway
Additional context
I've bodged around it by returning the scopes from
Auth.get
, and comparing the scopes in theAuth.set
context to the ones for the token. This obviously means that every request that requires different scopes to the original access token will end up hitting the authentication API, but it means I stop getting 403s from my application server!The text was updated successfully, but these errors were encountered: