python-social-auth/social-core

OIDC Autoconfig does not seem to work

marcvs opened this issue · 0 comments

marcvs commented

Expected behaviour

I use the social_core.backends.open_id_connect.OpenIdConnectAuth Class
to configure my own OP. Defining OIDC_ENDPOINT = "https://login.helmholtz.de/oauth2"
is not sufficient to run an authentication flow.

Actual behaviour

I need to set a couple of settings that should (as you claim in your code)
be openid autoconfigured using the .well-known/opnid-configuration
endpoint.

Setting AUTHORIZATION_URL = "https://login.helmholtz.de/oauth2-as/oauth2-authz"`
fixes the "internal server error", which ulitmately displays
TypeError: prepare_grant_uri() got multiple values for argument 'response_type'
in the server log.

What are the steps to reproduce this issue?

  1. I was using the example from https://github.com/pysnippet/fastapi-oauth2

  2. I added one configuration based on the elixir-czech configuration.

  3. I run the demo, navigating to http://localhost:8000/oauth2/elixir/authorize

  4. I get the error.

Any logs, error output, etc?

server output:

INFO:     127.0.0.1:60486 - "GET /oauth2/helmholtz/authorize HTTP/1.1" 303 See Other
self.authorization_url: <bound method OAuth2Core.authorization_url of <fastapi_oauth2.core.OAuth2Core object at 0x7f87c5b03a50>>
INFO:     127.0.0.1:60486 - "GET /oauth2/helmholtz/authorize?response_type=code&client_id=public-oidc-agent&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Foauth2%2Fhelmholtz%2Ftoken&scope=openid+profile+email&state=evCRPkZNtNwfNeesKwUyEuBwMJqGloFJ HTTP/1.1" 500 Internal Server Error
ERROR:    Exception in ASGI application
Traceback (most recent call last):
  File "/home/marcus/.local/lib/python3.11/site-packages/uvicorn/protocols/http/httptools_impl.py", line 419, in run_asgi
    result = await app(  # type: ignore[func-returns-value]
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marcus/.local/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 78, in __call__
    return await self.app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/applications.py", line 270, in __call__
    await super().__call__(scope, receive, send)
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/applications.py", line 124, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 184, in __call__
    raise exc
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 162, in __call__
    await self.app(scope, receive, _send)
  File "/home/marcus/.local/lib/python3.11/site-packages/fastapi_oauth2/middleware.py", line 145, in __call__
    await self.auth_middleware(scope, receive, send)
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/authentication.py", line 48, in __call__
    await self.app(scope, receive, send)
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 79, in __call__
    raise exc
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 68, in __call__
    await self.app(scope, receive, sender)
  File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 21, in __call__
    raise e
  File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__
    await self.app(scope, receive, send)
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/routing.py", line 706, in __call__
    await route.handle(scope, receive, send)
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/routing.py", line 276, in handle
    await self.app(scope, receive, send)
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/routing.py", line 66, in app
    response = await func(request)
               ^^^^^^^^^^^^^^^^^^^
  File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/routing.py", line 237, in app
    raw_response = await run_endpoint_function(
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/routing.py", line 165, in run_endpoint_function
    return await run_in_threadpool(dependant.call, **values)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marcus/.local/lib/python3.11/site-packages/starlette/concurrency.py", line 41, in run_in_threadpool
    return await anyio.to_thread.run_sync(func, *args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/anyio/to_thread.py", line 33, in run_sync
    return await get_asynclib().run_sync_in_worker_thread(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/anyio/_backends/_asyncio.py", line 877, in run_sync_in_worker_thread
    return await future
           ^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/anyio/_backends/_asyncio.py", line 807, in run
    result = context.run(func, *args)
             ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marcus/.local/lib/python3.11/site-packages/fastapi_oauth2/router.py", line 11, in authorize
    return request.auth.clients[provider].authorization_redirect(request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marcus/.local/lib/python3.11/site-packages/fastapi_oauth2/core.py", line 93, in authorization_redirect
    return RedirectResponse(self.authorization_url(request), 303)
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marcus/.local/lib/python3.11/site-packages/fastapi_oauth2/core.py", line 86, in authorization_url
    return str(self._oauth_client.prepare_request_uri(
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/clients/web_application.py", line 100, in prepare_request_uri
    return prepare_grant_uri(uri, self.client_id, 'code',
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: prepare_grant_uri() got multiple values for argument 'response_type'

Any other comments?

When I do set the AUTHORIZATION_URL, the trace in the browser does not
show any sign of the client_secret or my manually modified redirect_uri
being transmitted to the server.

I'm not sure what causes that yet, though.