-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 Bug Report - query param client_secret
is missing even though client_secret
is registered in the OAuth2Config
#37
Comments
client_secret
is missing even though client_secret
is registered in the OAuth2Config>client_secret
is missing even though client_secret
is registered in the OAuth2Config
Hi @kkh-147-17-3, please replace the |
Do you face a similar issue with the |
Sadly I don't have any Apple developer account, so I removed the AppleIdAuth config and set only the KakaoOAuth2 instead. My project's python version was initially set to be 3.12 so I switched my python version to 3.11 as well. But the authentication process still did not work. I tried google-oauth2 with client_id and client_secret, and it worked well. I have a Spring Boot project which depends on Lastly, I guess scopes are the not problem in this case as I can check it by the provider's error screen whether the wrong scopes are configured. |
Okay, I see, the problem is in the |
Of course, I am happy to hear that! I will not change the KakaoOauth2 credential provided. Please let me know if you have any problems regarding the credential :) |
@kkh-147-17-3, I have investigated the issue, and it turns out that basic auth does not cover the |
Bug description
Hi, I was trying to integrate KakaoOAuth2 and had to apply client_secret for the authentication. The provider(Kakao) says the client_secret for KakaoOauth2 is not mandatory but is recommended for the security purpose. Therefore, I set my application to use that.
Unfortunately, KakaoOauth2 does not work only when the client_secret is configured.
According to the official Kakao developer website, the
client_secret
must be in the request body as query parameter when the application is configured to utilize client_secret. Otherwise, it returns unauthorization response.I looked through the codes and found out that the client_secret is not in the query parameters when POST requesting the token end point.
Reproduction URL
No response
Reproduction steps
Add application at the Kakao Developer Website and configure the application to use
client_secret
as belowAdd configuration in the fastapi code.
Send the request /oauth2/kakao/authorize
After step 3, I receieved the following error
Screenshots
The original codes are as follows (fastapi_oauth2.core.py ->
OAuth2Core:token_data
):I guess the
client_secret
should be in theoauth2_query_params
so that the variablecontent
can containclient_secret
as a query parameter.After I changed the code to put client_secret inside the query params, the authentication process worked as normal.
Logs
No response
Browsers
No response
OS
No response
The text was updated successfully, but these errors were encountered: