Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

access_token field added to request url when oauth2_access_token already present #377

Closed
jtroussard opened this issue Aug 16, 2019 · 5 comments
Closed

access_token field added to request url when oauth2_access_token already present #377

jtroussard opened this issue Aug 16, 2019 · 5 comments

Comments

@jtroussard
Copy link
Contributor

jtroussard commented Aug 16, 2019
edited
Loading

When trying to make a request for a LinkedIn resource I was recieving an unpermitted field error.

b'{"serviceErrorCode":100,"message":"Unpermitted fields present in PARAMETER: Data Processing Exception while processing fields [/access_token]","status":403}

Manual review of the URL revealed 2 access token related fields:

  1. oauth2_access_token
  2. access_token

Looking at the OAuth2-Requests source code in requests-oauthlib/requests_oauthlib/oauth2_session.py, the access_token field is added to the url right before making the final request via the add_token() method.

I imagine there is a mechanism in place to prevent the behavior but I could not find it? My solution was to copy a modified version of the oauth2_session.py module into my project with this dirty fix inside the request() method.

old_version_url = url
url, headers, data = self._client.add_token(url, 
        http_method=method, body=data, headers=headers)
if "&access_token=" in url:
    url = old_version_url

Is there an official way to modify this behavior? Is this a bug? Please advise.

Thanks
@tuseau
Copy link

tuseau commented Sep 13, 2019

It would be nice to have this fixed as it has completely broken the Linkedin integration.

@jtroussard
Copy link
Contributor Author

jtroussard commented Sep 22, 2019
edited
Loading

@tuseau You would think right? Turns out there's a Requests 3 that has been funded and is under development. The main Requests websites mentions that this library is only in maintenance mode and that all attention is being given to Requests 3... Anyhoooo If you're so inclined you can "fix" you LinkedIn integration by importing this modified copy of the oauth2_session.py code into your module.

@JonathanHuot
Copy link
Contributor

@tuseau, @jtroussard, I think a PR can help the project !. However, as mentionned in #385, the overall delay could be a bit long. But that's better than not having it integrated at all.

Also about Requests 3 library, that would be great to improve requests-oauthlib to support it but that probably not an urgent needs for most users, because most of them are not using the Requests API anyway.

@jtroussard jtroussard mentioned this issue Sep 24, 2019
Closed
@jtroussard
Copy link
Contributor Author

jtroussard commented Sep 24, 2019
edited
Loading

I've been mulling over the idea of making a PR for some time now. The reason I haven't made the PR is because this 'fix' is more of a work around. However I think this small amount of activity has encouraged me to go ahead and give it the old college try.

@JonathanHuot peut etre tu pouvez m'aider a construre une mielluer solution? Voci le Pull Request 388

@jtroussard
Copy link
Contributor Author

This has been solved with PR #397

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JonathanHuot @tuseau @jtroussard