From 248f993541cfce0668006b265e6ab762643819f7 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 14 Sep 2021 11:07:36 +0200 Subject: [PATCH] sources/oauth: fix access_token being sent as query param and not authorization header Signed-off-by: Jens Langhammer --- authentik/sources/oauth/clients/base.py | 6 ++++- authentik/sources/oauth/types/azure_ad.py | 28 +---------------------- 2 files changed, 6 insertions(+), 28 deletions(-) diff --git a/authentik/sources/oauth/clients/base.py b/authentik/sources/oauth/clients/base.py index df1e07054..fdece64ac 100644 --- a/authentik/sources/oauth/clients/base.py +++ b/authentik/sources/oauth/clients/base.py @@ -41,7 +41,11 @@ class BaseOAuthClient: if self.source.type.urls_customizable and self.source.profile_url: profile_url = self.source.profile_url try: - response = self.do_request("get", profile_url, token=token) + response = self.do_request( + "get", + profile_url, + headers={"Authorization": f"{token['token_type']} {token['access_token']}"}, + ) response.raise_for_status() except RequestException as exc: LOGGER.warning("Unable to fetch user profile", exc=exc) diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py index cb0252454..f5a7587b6 100644 --- a/authentik/sources/oauth/types/azure_ad.py +++ b/authentik/sources/oauth/types/azure_ad.py @@ -1,10 +1,8 @@ """AzureAD OAuth2 Views""" -from typing import Any, Optional +from typing import Any -from requests.exceptions import RequestException from structlog.stdlib import get_logger -from authentik.sources.oauth.clients.oauth2 import OAuth2Client from authentik.sources.oauth.types.manager import MANAGER, SourceType from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect @@ -21,33 +19,9 @@ class AzureADOAuthRedirect(OAuthRedirect): } -class AzureADClient(OAuth2Client): - """Azure AD Oauth client, azure ad doesn't like the ?access_token that is sent by default""" - - def get_profile_info(self, token: dict[str, str]) -> Optional[dict[str, Any]]: - "Fetch user profile information." - profile_url = self.source.type.profile_url or "" - if self.source.type.urls_customizable and self.source.profile_url: - profile_url = self.source.profile_url - try: - response = self.session.request( - "get", - profile_url, - headers={"Authorization": f"{token['token_type']} {token['access_token']}"}, - ) - response.raise_for_status() - except RequestException as exc: - LOGGER.warning("Unable to fetch user profile", exc=exc) - return None - else: - return response.json() - - class AzureADOAuthCallback(OAuthCallback): """AzureAD OAuth2 Callback""" - client_class = AzureADClient - def get_user_enroll_context( self, info: dict[str, Any],