You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to [1], one should be allowed to make access token request with a OAuth2 client using client_credentials flow. On the client side one should not expect any grant - client_id and client_secret should be the "grant". This does not seem to be currently the case in the pyoidc library - the oauth.Client specific part.
When one tried to ask for access token using the OAuth2.0 client, an exception is thrown informing the user about missing grant. When trying to use CCAccessTokenRequest, it does not convert it to the endpoint because line (71) of the init file is commented out - see [2] (happens also when using client.do_access_token_request function).
Workaround [3] should be possible, although not naturally reflecting the use-cases of the code design.
This issue is an outcome of a user question in issue #724
Since the client authentication is used as the authorization grant,
no additional authorization request is needed.
[2]
client.do_any(CCAccessTokenRequest, request_args=args, authn_method="client_secret_basic")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/oic/oauth2/__init__.py", line 777, in do_any
endpoint=endpoint)
File "/usr/lib/python2.7/site-packages/oic/oauth2/__init__.py", line 468, in request_info
**kwargs)
File "/usr/lib/python2.7/site-packages/oic/oauth2/__init__.py", line 422, in uri_and_body
uri = self._endpoint(self.request2endpoint[reqmsg.__name__],
KeyError: 'CCAccessTokenRequest'
from oic.oauth2.message import AccessTokenRequest
client.do_any(AccessTokenRequest, request_args=args, authn_method="client_secret_basic")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/oic/oauth2/__init__.py", line 777, in do_any
endpoint=endpoint)
File "/usr/lib/python2.7/site-packages/oic/oauth2/__init__.py", line 442, in request_info
**kwargs)
File "/usr/lib/python2.7/site-packages/oic/oauth2/__init__.py", line 362, in construct_AccessTokenRequest
grant = self.get_grant(**kwargs)
File "/usr/lib/python2.7/site-packages/oic/oauth2/__init__.py", line 281, in get_grant
raise GrantError("No grant found for state:'%s'" % state)
oic.oauth2.exception.GrantError: No grant found for state:''
[3]
from oic.oauth2.message import CCAccessTokenRequest
from oic.oauth2 import REQUEST2ENDPOINT
REQUEST2ENDPOINT['CCAccessTokenRequest']='token_endpoint'
client.do_any(CCAccessTokenRequest, request_args=args, authn_method="client_secret_basic")
The text was updated successfully, but these errors were encountered:
gumond
changed the title
OAuth 2.0 client requesting token using for client_credentials flow
OAuth 2.0 client requesting token using client_credentials grant type
Dec 13, 2019
According to [1], one should be allowed to make access token request with a OAuth2 client using client_credentials flow. On the client side one should not expect any grant - client_id and client_secret should be the "grant". This does not seem to be currently the case in the pyoidc library - the oauth.Client specific part.
When one tried to ask for access token using the OAuth2.0 client, an exception is thrown informing the user about missing grant. When trying to use CCAccessTokenRequest, it does not convert it to the endpoint because line (71) of the init file is commented out - see [2] (happens also when using client.do_access_token_request function).
Workaround [3] should be possible, although not naturally reflecting the use-cases of the code design.
This issue is an outcome of a user question in issue #724
[1] https://tools.ietf.org/html/rfc6749#section-4.4
[2]
[3]
The text was updated successfully, but these errors were encountered: