New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
possible bug (or implementation library error) #586
Comments
Hi @jvanasco, could you add few details to understand the issue:
The grant |
The request is coming in via
The endpoint is basically:
To be clear, this is a malformed request that was expected to fail. This is from a test-suite of edge cases where people put in wrong information or omit it. This generated a bearer token to be saved, without a user. I very likely made a giant mistake somewhere - I just can't find it. This logic flow seems like it should not be allowed. |
The
The exact purpose of the |
Ah, I understand. I think my issue came from not properly porting/understanding flask-oauthlib. Just to be safe... In my use-case, a Client can either:
Is the correct place to determine contact in |
Yes, it is a safe assumption to use |
okay, thanks for the clarification. i'll close this and update the example app i built for my new library. |
I am having a problem with the oauth2 "token endpoint" and can't pinpoint the exact spot where the issue is. (I am using a custom library that is not released on github yet, but it's largely a port of flask-oauthlib onto the pyramid framework).
When submitting invalid credentials to (via http basic auth) to a token endpoint (e.g.
server.create_token_response
), the logic flow seems to make it togrant_types.client_credentials.ClientCredentialsGrant.create_token_response()
and onto save_token without triggering any code to authenticate/check the user.As a result, I experience an error trying to access the
user.id
in my token saving function, instead of having the library raise an exception earlier on.Can someone suggest where I can look or what I can do to more correctly handle this?
The text was updated successfully, but these errors were encountered: