diff options
author | Chad Whitacre <chad@zetaweb.com> | 2014-09-17 10:33:55 -0400 |
---|---|---|
committer | Chad Whitacre <chad@zetaweb.com> | 2014-09-17 10:49:55 -0400 |
commit | 0a21ddfcdd0bfc108d7225d3074d58141259f519 (patch) | |
tree | 354ae24f6cafa9d0b1d888cea7e5c6526d71fa24 | |
parent | abf6bd5e9c413ad7f538f86604c0d1c29494882e (diff) | |
download | oauthlib-0a21ddfcdd0bfc108d7225d3074d58141259f519.tar.gz |
Implement URL-encoding fallback for access tokens
-rw-r--r-- | oauthlib/oauth2/rfc6749/parameters.py | 13 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/test_parameters.py | 2 |
2 files changed, 13 insertions, 2 deletions
diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py index 5be5052..fdcf15e 100644 --- a/oauthlib/oauth2/rfc6749/parameters.py +++ b/oauthlib/oauth2/rfc6749/parameters.py @@ -292,7 +292,18 @@ def parse_token_response(body, scope=None): .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3 .. _`RFC4627`: http://tools.ietf.org/html/rfc4627 """ - params = json.loads(body) + try: + params = json.loads(body) + except ValueError: + + # Fall back to URL-encoded string, to support old implementations, + # including (at time of writing) Facebook. See: + # https://github.com/idan/oauthlib/issues/267 + + params = dict(urlparse.parse_qsl(body)) + for key in ('expires_in', 'expires'): + if key in params: # cast a couple things to int + params[key] = int(params[key]) if 'scope' in params: params['scope'] = scope_to_list(params['scope']) diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py index 3c25115..340108a 100644 --- a/tests/oauth2/rfc6749/test_parameters.py +++ b/tests/oauth2/rfc6749/test_parameters.py @@ -183,7 +183,7 @@ class ParameterTests(TestCase): self.assertRaises(Warning, parse_token_response, self.json_response, scope='aaa') def test_url_encoded_token_response(self): - """Verify correct parameter parsing and validation for token responses. """ + """Verify fallback parameter parsing and validation for token responses. """ self.assertEqual(parse_token_response(self.url_encoded_response), self.json_dict) self.assertRaises(InvalidRequestError, parse_token_response, self.url_encoded_error) self.assertRaises(MissingTokenError, parse_token_response, self.url_encoded_notoken) |