[IMP] oauth_provider: get access_token from headers, remove werkzeug.wrappers.BaseResponse #1

P-H-Phuc · 2025-09-17T05:22:52Z

Changes

At the token request stage, the scope parameter is optional. The authorization server may ignore it entirely or only honor a subset of the values provided. For this reason, the effective scope should not be assumed from the request, but rather treated as pre-defined and managed by the client’s registered configuration.
(See Section 3.3 ("Access Token Scope"), Section 4.4.2 ("Access Token Request")
access_token should be passed in the Authorization: Bearer ... header (See RFC 6750 Section 2.1)
Fallbacks: some providers (legacy APIs) still allow ?access_token=...
BaseResponse deprecatied
- Since odoo 17.0, werkzeug >= 2 is used regardless of python version
werkzeug 2.0.0

BaseResponse will show a deprecation warning and check against Response instead.

werkzeug 2.1.0:

Remove BaseResponse.

…wrappers.BaseResponse

augusto-weiss · 2025-09-24T19:57:26Z

Thanks for collaborating with this module... i am working a little on it

[IMP] oauth_provider: get access_token from headers, remove werkzeug.…

349954e

…wrappers.BaseResponse

P-H-Phuc mentioned this pull request Sep 17, 2025

[WIP][MIG] oauth_provider: Migration to 18.0 OCA/server-auth#828

Draft

augusto-weiss merged commit 25b28ba into adhoc-dev:18.0-mig-oauth_provider Sep 24, 2025

Provide feedback