Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for the GET /oauth/authorize is broken - returns 500 #90

Open
LewisPringle opened this issue Oct 17, 2022 · 8 comments
Open

Support for the GET /oauth/authorize is broken - returns 500 #90

LewisPringle opened this issue Oct 17, 2022 · 8 comments

Comments

@LewisPringle
Copy link

Just using this example to explore the library, and hard to tell how things are supposed to fit together without docs or a (working) sample.

To reproduce the problem, just setup and run (flask run)

Verify

curl -u ${client_id}:${client_secret} -XPOST http://127.0.0.1:5000/oauth/token -F grant_type=password -F username=${username} -F password=${password} -F scope=profile

works fine/as expected.

Then try (from a web browser probably but thats what I was trying to figure out)
GET http://127.0.0.1:5000/oauth/authorize

Crashes cuz

,,,
  File "/home/lewis/.local/lib/python3.10/site-packages/flask/app.py", line 1796, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/mnt/c/Sandbox/SimoneOAuth2/example-oauth2-server/website/routes.py", line 101, in authorize
    grant = authorization.get_consent_grant(end_user=user)
AttributeError: 'AuthorizationServer' object has no attribute 'get_consent_grant'
@LewisPringle
Copy link
Author

LewisPringle commented Oct 17, 2022
edited

maybe a hint is recent work done?

3fb7a27

Does this maybe count on a different version of authlib?

@LewisPringle
Copy link
Author

Another clue is that the requirements.txt file has Authlib==0.14.3. That appears on the old side (from May 2020).

@LewisPringle
Copy link
Author

OK - in current code there is:
https://github.com/lepture/authlib/blob/master/authlib/oauth2/rfc6749/authorization_server.py#L201

@LewisPringle
Copy link
Author

Well, after updating to the latest version of the library, it works a little better, but now just prints out exception
unsupported_response_type

NOTE - I created a CLIENT with
response_types: ['code', 'token', 'id_token']
not sure which type I'm missing?

@anastasijamalyk
Copy link

Hey, I am having the same problem, did you find any solution to it?

@LewisPringle
Copy link
Author

LewisPringle commented Oct 19, 2022 via email

@anastasijamalyk
Copy link

I did it, the get_consent_grant error disappeared, but not supported response type is till there

@marcejohnson
Copy link
Contributor

marcejohnson commented Nov 5, 2022
edited

Solved it. Here is how:

  1. Changed requirements.txt to use latest Authlib. Perform a fresh pip install -r requirements.txt.
  2. Blow away your db.sqlite and let the mixin recreate the database. You will notice two new columns in the oauth2_token table:
  • access_token_revoked_at
  • refresh_token_revoked_at
  1. Restart the app.

Now everything works. Re-tested flow examples in README.md and they pass. Cheers.
Related PR: #91

marcejohnson added a commit to marcejohnson/example-oauth2-server that referenced this issue Nov 5, 2022
@marcejohnson
update requirements.txt to use latest Authlib
ed12250 
This PR is to update `requirements.txt` to use the latest `Authlib`.
* The `example-oauth2-server` is not fully functional until this fix goes in.  For details and validation/resolution please see:  authlib#90 (comment)
* In addition to fixing the regression, this PR uses the latest `Authlib` (instead of pinning to a version)  to encourage keeping the example working across `Authlib` enhancements -- a useful attribute of an example.
@marcejohnson marcejohnson mentioned this issue Nov 5, 2022
Merged
Shudh pushed a commit to Shudh/oauth2-server that referenced this issue Mar 4, 2024
@marcejohnson
update requirements.txt to use latest Authlib
8aad210 
This PR is to update `requirements.txt` to use the latest `Authlib`.
* The `example-oauth2-server` is not fully functional until this fix goes in.  For details and validation/resolution please see:  authlib#90 (comment)
* In addition to fixing the regression, this PR uses the latest `Authlib` (instead of pinning to a version)  to encourage keeping the example working across `Authlib` enhancements -- a useful attribute of an example.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@LewisPringle @marcejohnson @anastasijamalyk