client_id and client_secret required for Meetup

[electricworry]

Thanks very much for writing this package. Should make flask projects a lot tidier!

I'm having an issue with the Meetup blueprint, and I can't figure out what's up. I've taken the flask-dance-github project as a test (and confirmed it works fine with Github) and modified it minimally so it should work with Meetup. (Slightly different parameter names.) However I get the following error:

127.0.0.1 - - [16/Mar/2019 01:16:15] "GET /login/meetup/authorized?code=<code>&state=<state> HTTP/1.1" 500 -
Traceback (most recent call last):
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 2309, in __call__
    return self.wsgi_app(environ, start_response)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 2295, in wsgi_app
    response = self.handle_exception(e)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1741, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
    raise value
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
    raise value
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/flask_dance/consumer/oauth2.py", line 266, in authorized
    **self.token_url_params
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/requests_oauthlib/oauth2_session.py", line 307, in fetch_token
    self._client.parse_request_body_response(r.text, scope=self.scope)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 415, in parse_request_body_response
    self.token = parse_token_response(body, scope=scope)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 425, in parse_token_response
    validate_token_parameters(params)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 432, in validate_token_parameters
    raise_from_error(params.get('error'), params)
  File "/home/bob/projects/flask-dance-github/venv/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/errors.py", line 405, in raise_from_error
    raise cls(**kwargs)
oauthlib.oauth2.rfc6749.errors.InvalidClientIdError: (invalid_request) client_id and client_secret required

I am being successfully redirected to the authorize endpoint on Meetup, and I accept, then I am quickly redirected back to /meetup/login/authorized. However it seems that the client_id and client_secret are not then being sent to the access endpoint on Meetup.

Don't currently have a proxy to properly check the requests from flask. Any idea what the cause might be?

Cheers.

[daenney]

Can you show us the code/diff please? The error seems pretty clear, it believes you haven't given it the client_id and client_secret.

If you don't specify secret and key to the make_meetup_blueprint we expect them to be found in app.config['MEETUP_OAUTH_KEY'] and app.config['MEETUP_OAUTH_SECRET'].

Also, can you run a pip freeze so we can see which versions of the libraries you are using?

[electricworry]

I've made progress.

I viewed the queries through BurpSuite and it seems that the Meetup API doesn't support the Authorization header. I can see that client_id and client_secret are Base64 encoded correctly there. However, the server rejects the request saying that client_id and client_secret are not included.

By overriding the Oauth2Session class and setting include_client_id=True, the request goes through with the parameters instead of the Authorization header and the response is successful.

I've created a fork and I'll create a pull request for your consideration. I've also created a quickstart 'flask-dance-meetup' project if you would like me to get that to you.

Thanks.

[singingwolfboy]

If you want your "flask-dance-meetup" project listed in the documentation, that would be great! Just send a pull request.

[singingwolfboy]

I'm closing this issue due to a lack of updates.

[rach-sharp]

In the PR this was rejected in favour of implementing a change in requests-oauthlib instead. I've had this issue with requests_oauthlib==1.2.0 and flask-dance==2.2.0, so for anyone else wanting to use flask-dance Meetup contrib, the following workaround is a fix that works for me:

from flask_dance.contrib.meetup import make_meetup_blueprint

meetup_blueprint = make_meetup_blueprint(
    key="your-client-key",
    secret="your-client-secret"
)
meetup_blueprint.token_url_params = {"include_client_id": True}

I think this issue should be left open until the downstream is fixed since authorization with flask-dance latest version for Meetup is still broken.

[rach-sharp]

(If that workaround turns out to actually be acceptable to be included in flask-dance I'm happy to open a PR to make a change to make_meetup_blueprint)

[rach-sharp]

meetup_blueprint.auto_refresh_url = meetup_blueprint.token_url
meetup_blueprint.auto_refresh_kwargs = {
    "client_id": <your client id>, "client_secret": <your client secret>
}

is also required to get auto refresh to work

[dplanella]

That was a lifesaver, thanks so much @rach-sharp for sharing the workaround. I think as a first iteration, updating the Meetup quickstart code snippet to include the meetup_blueprint.token_url_params = {"include_client_id": True} line would allow flask-dance users to use the Meetup API again.

[dplanella]

As a side note, I've just noticed that the Meetup quickstart page was removed from the documentation after v1.3.0.

[singingwolfboy]

@rach-sharp @dplanella could you two please review #274?

[dplanella]

@singingwolfboy oh wow, thanks!

Just a note in case it's related. Without the additional snippet to auto-refresh the token, as per @rach-sharp's #239 (comment), the token will expire after a while (3600 seconds?), and a TokenExpiredError will be raised for any new requests. The behaviour seems to be the same as the one described by #35.