New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pkce implementation #2510
Pkce implementation #2510
Conversation
just some notes I used to remember how to use the new oauth endpoints : update udata libscd ../udata
source venv/bin/activate
pip install --update authlib
pip install -e . create an oauth clientcd .../udata
source venv/bin/activate
udata api create-oauth-client -u my.udata.user.email@mail.com --uri=http://localhost:8080/login
# it should echo yout out your new client ID / client secret, something like
# New OAuth client
# Client ID 5f0blablablablabla1d
# Client secret eZvqvelbDOOblablablaVnX5nniOqGWFG7
# if your're developping locally so your client could use `http` and not only `https`
export AUTHLIB_INSECURE_TRANSPORT=1
|
note for later, I'm having this for now when posting on Access to fetch at 'http://dev.local:7000/oauth/token' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good after https://github.com/opendatateam/udata/pull/2510/files#r454868936
It would be nice to write a little bit of doc too: what we support in term of OAuth flow and how to use it.
fix #2479