Comments (4)
@rudyardrichter I'm sorry for the misunderstanding. Currently only the OIDC client part is implemented, the server part is not yet. The next version is focusing on OAuth 1 server, so that it will take some time for OIDC server ready to use.
get_authorization_grant attempts to parse params from query string (not form data)
No, it should parse params from query string. This authorization_grant is used for the "dialog page that user (with or without login form) is asked to grant the access (or not)". This very page is landed by a redirection from your application to the OAuth server, it can't be a POST request.
from authlib.
@lepture Supporting POST to the authorization endpoint is optional according to RFC 6749:
The authorization server MUST support the use of the HTTP "GET"
method [RFC2616] for the authorization endpoint and MAY support the
use of the "POST" method as well.
and mandatory in OIDC:
Authorization Servers MUST support the use of the HTTP GET and POST
methods defined in RFC 2616 [RFC2616] at the Authorization Endpoint.
Clients MAY use the HTTP GET or POST methods to send the Authorization
Request to the Authorization Server.
where, as I quoted above, OIDC stipulates that parameters for POST be in form data.
I suppose this is slightly moot until OIDC provider is supported. Still, even for OAuth, it would be nice to allow support for use of POST for the authorization endpoint.
from authlib.
@rudyardrichter yes, you are right. I'll make a change in v0.4.
from authlib.
It's collecting form data now. close it.
from authlib.
Related Issues (20)
- Incorrect check for insecure transport on OAuth1.0
- Have special character encoding be optional HOT 1
- Quoting (URL-encoding) Base authentication username / password is incorrect HOT 7
- JWT authentication issue HOT 3
- Allow to disable expired token auto-refresh
- Need to be able to add headers when calling authorize_redirect() HOT 2
- do not have refresh token HOT 2
- JWTClaims accepts True/False `iat`.
- Too slow to generate id token with RSA HOT 1
- Token refresh failed when using AsyncOAuth2Client with client credentials
- getting no client id from vk.com oauth HOT 1
- Change token in session HOT 2
- Algorithm confusion when verifying JSON Web Tokens with asymmetric public keys HOT 5
- Support for plain code_challenge_method HOT 4
- Why self.form.get('grant_type') and not self.data.get('grant_type') ? HOT 10
- New token will not be fetched if grant_type='client_credentials' is passed for fetch_token()
- Unpinned Dependency on cryptography Breaks Installation Due to Rust Requirement HOT 1
- Python 3.12 support HOT 3
- EdDSA fails to decrypt JWTs
- Add token handling example for a Resource Server
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authlib.