summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonathan Huot <JonathanHuot@users.noreply.github.com>2020-04-22 14:19:57 +0200
committerGitHub <noreply@github.com>2020-04-22 14:19:57 +0200
commit22210982dcbaf56a9151a451ab349ab2a51f42f3 (patch)
treeab1a6bab94fd9ab1ceb1faae86ab10426b78e500
parent404f4c6835d3762ec10cc17d30165df67996e8dc (diff)
parent90d6398c6d5f98f65d98defda71987fbf457dd00 (diff)
downloadoauthlib-22210982dcbaf56a9151a451ab349ab2a51f42f3.tar.gz
Merge branch 'master' into isort-integration
-rw-r--r--CHANGELOG.rst19
-rw-r--r--oauthlib/oauth2/rfc6749/clients/base.py26
-rw-r--r--oauthlib/oauth2/rfc6749/clients/legacy_application.py1
-rw-r--r--oauthlib/oauth2/rfc6749/clients/mobile_application.py2
-rw-r--r--oauthlib/oauth2/rfc6749/clients/service_application.py1
-rw-r--r--oauthlib/oauth2/rfc6749/clients/web_application.py1
6 files changed, 40 insertions, 10 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index ab556f1..c42df83 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,7 +1,22 @@
Changelog
=========
-3.1.0 (TBD)
+3.1.1 (TBD)
+------------------
+OAuth2.0 Client - Bugfixes
+
+ * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently
+ relies on the `scope` provided in the constructor if any, except if overridden temporarily
+ in a method call. Note that in particular providing a non-None `scope` in
+ `prepare_authorization_request` or `prepare_refresh_token` does not override anymore
+ `self.scope` forever, it is just used temporarily.
+ * #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response,
+ ServiceApplicationClient.prepare_request_body,
+ and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in
+ constructor.
+ * #725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor
+
+3.1.0 (2019-08-06)
------------------
OAuth2.0 Provider - Features
@@ -25,7 +40,7 @@ OAuth2.0 Provider - Bugfixes
OAuth2.0 Client - Bugfixes
* #290: Fix Authorization Code's errors processing
- * #603: BackendApplication.Client.prepare_request_body use the `scope` argument as intended.
+ * #603: BackendApplicationClient.prepare_request_body use the `scope` argument as intended.
* #672: Fix edge case when `expires_in=Null`
OAuth1.0 Client
diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py
index 4147140..88065ab 100644
--- a/oauthlib/oauth2/rfc6749/clients/base.py
+++ b/oauthlib/oauth2/rfc6749/clients/base.py
@@ -222,7 +222,10 @@ class Client:
the provider. If provided then it must also be provided in the
token request.
- :param scope:
+ :param scope: List of scopes to request. Must be equal to
+ or a subset of the scopes granted when obtaining the refresh
+ token. If none is provided, the ones provided in the constructor are
+ used.
:param kwargs: Additional parameters to included in the request.
@@ -233,10 +236,11 @@ class Client:
self.state = state or self.state_generator()
self.redirect_url = redirect_url or self.redirect_url
- self.scope = scope or self.scope
+ # do not assign scope to self automatically anymore
+ scope = self.scope if scope is None else scope
auth_url = self.prepare_request_uri(
authorization_url, redirect_uri=self.redirect_url,
- scope=self.scope, state=self.state, **kwargs)
+ scope=scope, state=self.state, **kwargs)
return auth_url, FORM_ENC_HEADERS, ''
def prepare_token_request(self, token_url, authorization_response=None,
@@ -297,7 +301,8 @@ class Client:
:param scope: List of scopes to request. Must be equal to
or a subset of the scopes granted when obtaining the refresh
- token.
+ token. If none is provided, the ones provided in the constructor are
+ used.
:param kwargs: Additional parameters to included in the request.
@@ -306,9 +311,10 @@ class Client:
if not is_secure_transport(token_url):
raise InsecureTransportError()
- self.scope = scope or self.scope
+ # do not assign scope to self automatically anymore
+ scope = self.scope if scope is None else scope
body = self.prepare_refresh_body(body=body,
- refresh_token=refresh_token, scope=self.scope, **kwargs)
+ refresh_token=refresh_token, scope=scope, **kwargs)
return token_url, FORM_ENC_HEADERS, body
def prepare_token_revocation_request(self, revocation_url, token,
@@ -382,7 +388,8 @@ class Client:
returns an error response as described in `Section 5.2`_.
:param body: The response body from the token request.
- :param scope: Scopes originally requested.
+ :param scope: Scopes originally requested. If none is provided, the ones
+ provided in the constructor are used.
:return: Dictionary of token parameters.
:raises: Warning if scope has changed. OAuth2Error if response is invalid.
@@ -418,6 +425,7 @@ class Client:
.. _`Section 5.2`: https://tools.ietf.org/html/rfc6749#section-5.2
.. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1
"""
+ scope = self.scope if scope is None else scope
self.token = parse_token_response(body, scope=scope)
self.populate_token_attributes(self.token)
return self.token
@@ -439,9 +447,11 @@ class Client:
Section 3.3. The requested scope MUST NOT include any scope
not originally granted by the resource owner, and if omitted is
treated as equal to the scope originally granted by the
- resource owner.
+ resource owner. Note that if none is provided, the ones provided
+ in the constructor are used if any.
"""
refresh_token = refresh_token or self.refresh_token
+ scope = self.scope if scope is None else scope
return prepare_token_request(self.refresh_token_key, body=body, scope=scope,
refresh_token=refresh_token, **kwargs)
diff --git a/oauthlib/oauth2/rfc6749/clients/legacy_application.py b/oauthlib/oauth2/rfc6749/clients/legacy_application.py
index 51ba28c..7af68f3 100644
--- a/oauthlib/oauth2/rfc6749/clients/legacy_application.py
+++ b/oauthlib/oauth2/rfc6749/clients/legacy_application.py
@@ -79,5 +79,6 @@ class LegacyApplicationClient(Client):
"""
kwargs['client_id'] = self.client_id
kwargs['include_client_id'] = include_client_id
+ scope = self.scope if scope is None else scope
return prepare_token_request(self.grant_type, body=body, username=username,
password=password, scope=scope, **kwargs)
diff --git a/oauthlib/oauth2/rfc6749/clients/mobile_application.py b/oauthlib/oauth2/rfc6749/clients/mobile_application.py
index 73627c4..cd325f4 100644
--- a/oauthlib/oauth2/rfc6749/clients/mobile_application.py
+++ b/oauthlib/oauth2/rfc6749/clients/mobile_application.py
@@ -91,6 +91,7 @@ class MobileApplicationClient(Client):
.. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3
.. _`Section 10.12`: https://tools.ietf.org/html/rfc6749#section-10.12
"""
+ scope = self.scope if scope is None else scope
return prepare_grant_uri(uri, self.client_id, self.response_type,
redirect_uri=redirect_uri, state=state, scope=scope, **kwargs)
@@ -167,6 +168,7 @@ class MobileApplicationClient(Client):
.. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1
.. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3
"""
+ scope = self.scope if scope is None else scope
self.token = parse_implicit_response(uri, state=state, scope=scope)
self.populate_token_attributes(self.token)
return self.token
diff --git a/oauthlib/oauth2/rfc6749/clients/service_application.py b/oauthlib/oauth2/rfc6749/clients/service_application.py
index 79ac48d..c751c8b 100644
--- a/oauthlib/oauth2/rfc6749/clients/service_application.py
+++ b/oauthlib/oauth2/rfc6749/clients/service_application.py
@@ -181,6 +181,7 @@ class ServiceApplicationClient(Client):
kwargs['client_id'] = self.client_id
kwargs['include_client_id'] = include_client_id
+ scope = self.scope if scope is None else scope
return prepare_token_request(self.grant_type,
body=body,
assertion=assertion,
diff --git a/oauthlib/oauth2/rfc6749/clients/web_application.py b/oauthlib/oauth2/rfc6749/clients/web_application.py
index 14026e3..a1f3db1 100644
--- a/oauthlib/oauth2/rfc6749/clients/web_application.py
+++ b/oauthlib/oauth2/rfc6749/clients/web_application.py
@@ -85,6 +85,7 @@ class WebApplicationClient(Client):
.. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3
.. _`Section 10.12`: https://tools.ietf.org/html/rfc6749#section-10.12
"""
+ scope = self.scope if scope is None else scope
return prepare_grant_uri(uri, self.client_id, 'code',
redirect_uri=redirect_uri, scope=scope, state=state, **kwargs)