OIDC Autoconfig does not seem to work
marcvs opened this issue · 0 comments
Expected behaviour
I use the social_core.backends.open_id_connect.OpenIdConnectAuth
Class
to configure my own OP. Defining OIDC_ENDPOINT = "https://login.helmholtz.de/oauth2"
is not sufficient to run an authentication flow.
Actual behaviour
I need to set a couple of settings that should (as you claim in your code)
be openid autoconfigured using the .well-known/opnid-configuration
endpoint.
Setting AUTHORIZATION_URL
= "https://login.helmholtz.de/oauth2-as/oauth2-authz"`
fixes the "internal server error", which ulitmately displays
TypeError: prepare_grant_uri() got multiple values for argument 'response_type'
in the server log.
What are the steps to reproduce this issue?
-
I was using the example from https://github.com/pysnippet/fastapi-oauth2
-
I added one configuration based on the elixir-czech configuration.
-
I run the demo, navigating to http://localhost:8000/oauth2/elixir/authorize
-
I get the error.
Any logs, error output, etc?
server output:
INFO: 127.0.0.1:60486 - "GET /oauth2/helmholtz/authorize HTTP/1.1" 303 See Other
self.authorization_url: <bound method OAuth2Core.authorization_url of <fastapi_oauth2.core.OAuth2Core object at 0x7f87c5b03a50>>
INFO: 127.0.0.1:60486 - "GET /oauth2/helmholtz/authorize?response_type=code&client_id=public-oidc-agent&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Foauth2%2Fhelmholtz%2Ftoken&scope=openid+profile+email&state=evCRPkZNtNwfNeesKwUyEuBwMJqGloFJ HTTP/1.1" 500 Internal Server Error
ERROR: Exception in ASGI application
Traceback (most recent call last):
File "/home/marcus/.local/lib/python3.11/site-packages/uvicorn/protocols/http/httptools_impl.py", line 419, in run_asgi
result = await app( # type: ignore[func-returns-value]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/marcus/.local/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py", line 78, in __call__
return await self.app(scope, receive, send)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/applications.py", line 270, in __call__
await super().__call__(scope, receive, send)
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/applications.py", line 124, in __call__
await self.middleware_stack(scope, receive, send)
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 184, in __call__
raise exc
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/errors.py", line 162, in __call__
await self.app(scope, receive, _send)
File "/home/marcus/.local/lib/python3.11/site-packages/fastapi_oauth2/middleware.py", line 145, in __call__
await self.auth_middleware(scope, receive, send)
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/authentication.py", line 48, in __call__
await self.app(scope, receive, send)
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 79, in __call__
raise exc
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/middleware/exceptions.py", line 68, in __call__
await self.app(scope, receive, sender)
File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 21, in __call__
raise e
File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__
await self.app(scope, receive, send)
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/routing.py", line 706, in __call__
await route.handle(scope, receive, send)
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/routing.py", line 276, in handle
await self.app(scope, receive, send)
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/routing.py", line 66, in app
response = await func(request)
^^^^^^^^^^^^^^^^^^^
File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/routing.py", line 237, in app
raw_response = await run_endpoint_function(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/marcus/.local/lib/python3.11/site-packages/fastapi/routing.py", line 165, in run_endpoint_function
return await run_in_threadpool(dependant.call, **values)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/marcus/.local/lib/python3.11/site-packages/starlette/concurrency.py", line 41, in run_in_threadpool
return await anyio.to_thread.run_sync(func, *args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/anyio/to_thread.py", line 33, in run_sync
return await get_asynclib().run_sync_in_worker_thread(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/anyio/_backends/_asyncio.py", line 877, in run_sync_in_worker_thread
return await future
^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/anyio/_backends/_asyncio.py", line 807, in run
result = context.run(func, *args)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/marcus/.local/lib/python3.11/site-packages/fastapi_oauth2/router.py", line 11, in authorize
return request.auth.clients[provider].authorization_redirect(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/marcus/.local/lib/python3.11/site-packages/fastapi_oauth2/core.py", line 93, in authorization_redirect
return RedirectResponse(self.authorization_url(request), 303)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/marcus/.local/lib/python3.11/site-packages/fastapi_oauth2/core.py", line 86, in authorization_url
return str(self._oauth_client.prepare_request_uri(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/clients/web_application.py", line 100, in prepare_request_uri
return prepare_grant_uri(uri, self.client_id, 'code',
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: prepare_grant_uri() got multiple values for argument 'response_type'
Any other comments?
When I do set the AUTHORIZATION_URL, the trace in the browser does not
show any sign of the client_secret or my manually modified redirect_uri
being transmitted to the server.
I'm not sure what causes that yet, though.