GithubHelp home page GithubHelp logo

Comments (5)

dasevilla avatar dasevilla commented on July 24, 2024

The common case is that the client credentials are needed when using the refresh token. From Section 6:

If the client type is confidential or the client was issued client credentials (or assigned other authentication requirements), the client MUST authenticate with the authorization server as described in Section 3.2.1.

The client credentials are either passed in an Authorization header or in the request body. See Client Authentication.

Google says to pass using the request body. The spec recommends not passing them this way.

Letting the developer choose seems best. Similar to the signature_type parameter of OAuth1.

from requests-oauthlib.

ib-lundgren avatar ib-lundgren commented on July 24, 2024

Indeed but which credentials are needed is undefined and my thoughts were that if we can find that the majority uses say, client_id and client_secret, in the request body whereas the others don't use the credentials at all. Then we could possibly default to include client_id and client_secret by default when refreshing the token if these were passed to the OAuth2Session constructor. The developer should always be able to choose but it would be nice if we could provide sane defaults.

from requests-oauthlib.

Lukasa avatar Lukasa commented on July 24, 2024

This is the problem with OAuth2: it's sufficiently complicated that we risk having the API get seriously overcomplicated. I'm strongly inclined to make a decision based on what users are likely to need and hard-code that, then let users subclass if they need to change it.

from requests-oauthlib.

ib-lundgren avatar ib-lundgren commented on July 24, 2024

Agreed. My thoughts were that if, through happy coincident we notice that

60% require client_id and client_secret.
10% require Basic auth.
10% require secret_key and key_type

and none of these overlap. Then we could add these parameters by default if present in the OAuth2Sessuib constructor. That said, this is likely not the case and might just add too much complexity. But if someone is up for doing this research I it might be valuable =)

I think sub classing to provide the various extra args is a good way to go for users and will make a note somewhere to add this to the documentation.

from requests-oauthlib.

ib-lundgren avatar ib-lundgren commented on July 24, 2024

Thought a little about this. Better have customizing wrappers rather than tricky/magic logic trying to determine what to send.

from requests-oauthlib.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.