Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refresh_token grant issue #182

Closed
vitriol opened this issue Jun 20, 2013 · 6 comments
Closed

refresh_token grant issue #182

vitriol opened this issue Jun 20, 2013 · 6 comments

Comments

@vitriol
Copy link

vitriol commented Jun 20, 2013

hi there.
I've been playing around with the client_credentials and password grant types, as well as the refresh_token grant for tokens issued with the former.

With client_credentials and password, I can send multiple space separated scopes in the scope post var which gets transferred into the oauthlib.Request.scopes as a list. So far, fine.
When I try the token_refresh grant, it seems it never looks into the scope param in the request, always looks for the scopes, which of course is not there, because the function that turns the space separated list of scopes into a list is never called.

Am I missing something?

Steps to reproduce:
1.make a client_credentials request with scope = 'scope1 scope2'
2.Use the refresh token obtained from this response and make another request with grant_type=refresh_token and scope = 'scope1 scope2'
It will fail to validate request
@ib-lundgren
Copy link
Collaborator

Hey,

Thanks for reporting this issue! The OAuth 2 grant types tests are still a bit lacking and for refresh token none even existed. Until now that is =) The GrantTypeBase.validate_scopes function was never refactored to be used in refresh token as it should have been, thus resulting in the inconsistency you observed.

@vitriol
Copy link
Author

vitriol commented Jun 21, 2013

The promptitude is much appreciated, as well as the lib itself. Thanks again

@ib-lundgren
Copy link
Collaborator

Thanks. I did manage to mess it up a little tho, #183, but will have that fixed today.

ib-lundgren added a commit that referenced this issue Jun 21, 2013
@ib-lundgren
Validator confirm_scopes becomes get_original_scopes. #182, #183
035d46c
@ib-lundgren
Copy link
Collaborator

Should be sorted now, instead of confirm_scopes just implement get_original_scopes(refresh_token, request) to return the list of scopes granted originally and OAuthLib will do the checking for you.

@ib-lundgren
Copy link
Collaborator

@synasius, @lepture - pinging you so you know about the upcoming change to refresh token grant.

@masci masci mentioned this issue Jun 21, 2013
Closed
@synasius
Copy link
Contributor

Thnx! I'll keep an eye on it
Il giorno 21/giu/2013 13:26, "Ib Lundgren" notifications@github.com ha
scritto:

@synasius https://github.com/synasius, @lepturehttps://github.com/lepture- pinging you so you know about the upcoming change to refresh token grant.


Reply to this email directly or view it on GitHubhttps://github.com//issues/182#issuecomment-19810695
.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@synasius @vitriol @ib-lundgren