Facebook Oauth2 about requests-oauthlib HOT 8 CLOSED

Last time I checked, Facebook was not compliant with OAuth 2 RFC. As a result they won't work with requests-oauthlib right now.

I believe they are using a modified version of draft 12 or so (very old) but will need to investigate a bit. I vaguely recollect them trying to patch on some additional security layer with mixed results. Because of this non compliance, and them being unlikely to change, we would need special case logic for Facebook. This can certainly be done and have some ideas for approaches. There is currently no ETA on when it might happen unfortunately.

@jayd3e If you would be interested in making this happen let me know :)

from requests-oauthlib.

I can certainly make this happen. What are your ideas? My first inclination was to just to attempt to decode the response body as JSON, but if that fails, then attempt to parse the string as a list of key/value pairs.

from requests-oauthlib.

Had a quick look and seems like Facebook is not so far off, just a bit.

What I had in mind was to gradually introduce hooks into OAuth2Session as a need arises, like now, and have provider specific inherit and implement those hooks. Maybe add process_token_response just before the parse request body or something a long those lines, example below.

# in requests_oauthlib.oauth2_session.py
class OAuth2Session(requests.Session):
    ...

    def fetch_token(...):
        ...
        r = self.process_token_response(r)
        self._client.parse_request_body_response(r.text, scope=self.scope)
        ...

    ...

    def process_token_response(self, r):
        """Pre response parsing."""
        # do stuff
        return r

 # in requests_oauthlib.contrib.facebook_session.py
 class FacebookSession(OAuth2Session):

   def process_token_response(self, r):
        """Pre response parsing."""
        # token = parse body with oauthlib.common.urldecode
        # change token param expires to expires_in
        # add token_type='Bearer' to token
        # set r.text = json.dumps(token)
        return r

Of course this will need test & docs too =)

from requests-oauthlib.

Cool, yah this looks like an ok option. We might want to avoid using inheritance as an api though.

from requests-oauthlib.

@jayd3e yea I am a bit hesitant of using inheritance myself but didn't see a nice way to do it without having a lot of boiler plate since this is a relatively thin wrapper. Suggestions welcome :)

from requests-oauthlib.

An alternative I guess would be to register various hooks on the session object and have them invoked.

from requests-oauthlib.

Awesome fix @ib-lundgren, glad you did it, b/c I definitely wouldn't have done as good of a job. Excellent work.

from requests-oauthlib.

Cheers, I found a spot of time and just went ahead.

I'm certain you could and if not then that's what code review is for :)
Never hesitate to send a PR!

On Mon, Aug 12, 2013 at 8:32 PM, Joe Dallago [email protected]:

Awesome fix @ib-lundgren https://github.com/ib-lundgren, glad you did
it, b/c I definitely wouldn't have done as good of a job. Excellent fix.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/63#issuecomment-22518879
.

from requests-oauthlib.