From 4a05bc6e021ac17dd312f2b1bb63e14bf1ecd8d5 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 18 Feb 2020 21:49:23 +0100 Subject: [PATCH] sources/oauth: improve default OAuth2 Client, send access_token as Bearer Authz --- passbook/sources/oauth/clients.py | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/passbook/sources/oauth/clients.py b/passbook/sources/oauth/clients.py index ff9ed76a1..9eae30afb 100644 --- a/passbook/sources/oauth/clients.py +++ b/passbook/sources/oauth/clients.py @@ -1,6 +1,6 @@ """OAuth Clients""" - import json +from typing import Dict from urllib.parse import parse_qs, urlencode from django.utils.crypto import constant_time_compare, get_random_string @@ -33,7 +33,16 @@ class BaseOAuthClient: def get_profile_info(self, raw_token): "Fetch user profile information." try: - response = self.request("get", self.source.profile_url, token=raw_token) + token = json.loads(raw_token) + headers = { + "Authorization": f"{token['token_type']} {token['access_token']}" + } + response = self.request( + "get", + self.source.profile_url, + token=token["access_token"], + headers=headers, + ) response.raise_for_status() except RequestException as exc: LOGGER.warning("Unable to fetch user profile", exc=exc) @@ -41,7 +50,7 @@ class BaseOAuthClient: else: return response.json() or response.text - def get_redirect_args(self, request, callback): + def get_redirect_args(self, request, callback) -> Dict[str, str]: "Get request parameters for redirect url." raise NotImplementedError("Defined in a sub-class") # pragma: no cover @@ -64,9 +73,7 @@ class BaseOAuthClient: @property def session_key(self): - """ - Return Session Key - """ + """Return Session Key""" raise NotImplementedError("Defined in a sub-class") # pragma: no cover