From 3a3d3665362f0cf242c59ed74c7701c522c4c125 Mon Sep 17 00:00:00 2001 From: Sylvain MARIE Date: Thu, 9 Apr 2020 10:53:11 +0200 Subject: `LegacyApplicationClient.prepare_request_body` now honors the default scopes defined in client constructor if no explicit overridden `scope` argument is provided. Fixes #725 --- oauthlib/oauth2/rfc6749/clients/legacy_application.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/oauthlib/oauth2/rfc6749/clients/legacy_application.py b/oauthlib/oauth2/rfc6749/clients/legacy_application.py index 1bb0e14..f6acbc0 100644 --- a/oauthlib/oauth2/rfc6749/clients/legacy_application.py +++ b/oauthlib/oauth2/rfc6749/clients/legacy_application.py @@ -79,5 +79,8 @@ class LegacyApplicationClient(Client): """ kwargs['client_id'] = self.client_id kwargs['include_client_id'] = include_client_id + if scope is None: + # use default scopes + scope = self.scope return prepare_token_request(self.grant_type, body=body, username=username, password=password, scope=scope, **kwargs) -- cgit v1.2.1 From 32043a57f8f248539b12da93c031ec9470ea13fd Mon Sep 17 00:00:00 2001 From: Sylvain MARIE Date: Thu, 9 Apr 2020 10:58:35 +0200 Subject: Made code a one-liner for consistency with BackendApplicationClient --- oauthlib/oauth2/rfc6749/clients/legacy_application.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/oauthlib/oauth2/rfc6749/clients/legacy_application.py b/oauthlib/oauth2/rfc6749/clients/legacy_application.py index f6acbc0..fe2ff4a 100644 --- a/oauthlib/oauth2/rfc6749/clients/legacy_application.py +++ b/oauthlib/oauth2/rfc6749/clients/legacy_application.py @@ -79,8 +79,6 @@ class LegacyApplicationClient(Client): """ kwargs['client_id'] = self.client_id kwargs['include_client_id'] = include_client_id - if scope is None: - # use default scopes - scope = self.scope + scope = self.scope if scope is None else scope return prepare_token_request(self.grant_type, body=body, username=username, password=password, scope=scope, **kwargs) -- cgit v1.2.1 From 8b95eef71c586090674cdf2db7ff399618f068a4 Mon Sep 17 00:00:00 2001 From: Sylvain MARIE Date: Thu, 9 Apr 2020 10:59:29 +0200 Subject: changelog entry --- CHANGELOG.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index ab556f1..633b70d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -25,8 +25,9 @@ OAuth2.0 Provider - Bugfixes OAuth2.0 Client - Bugfixes * #290: Fix Authorization Code's errors processing - * #603: BackendApplication.Client.prepare_request_body use the `scope` argument as intended. + * #603: BackendApplicationClient.prepare_request_body use the `scope` argument as intended. * #672: Fix edge case when `expires_in=Null` + * #725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor OAuth1.0 Client -- cgit v1.2.1 From f46a7f0abf177befaeb271c7d3012c4213773556 Mon Sep 17 00:00:00 2001 From: Sylvain MARIE Date: Sun, 19 Apr 2020 13:58:44 +0200 Subject: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response, ServiceApplicationClient.prepare_request_body, and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in constructor. Fixes #728 --- oauthlib/oauth2/rfc6749/clients/mobile_application.py | 2 ++ oauthlib/oauth2/rfc6749/clients/service_application.py | 1 + oauthlib/oauth2/rfc6749/clients/web_application.py | 1 + 3 files changed, 4 insertions(+) diff --git a/oauthlib/oauth2/rfc6749/clients/mobile_application.py b/oauthlib/oauth2/rfc6749/clients/mobile_application.py index 73627c4..cd325f4 100644 --- a/oauthlib/oauth2/rfc6749/clients/mobile_application.py +++ b/oauthlib/oauth2/rfc6749/clients/mobile_application.py @@ -91,6 +91,7 @@ class MobileApplicationClient(Client): .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3 .. _`Section 10.12`: https://tools.ietf.org/html/rfc6749#section-10.12 """ + scope = self.scope if scope is None else scope return prepare_grant_uri(uri, self.client_id, self.response_type, redirect_uri=redirect_uri, state=state, scope=scope, **kwargs) @@ -167,6 +168,7 @@ class MobileApplicationClient(Client): .. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1 .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3 """ + scope = self.scope if scope is None else scope self.token = parse_implicit_response(uri, state=state, scope=scope) self.populate_token_attributes(self.token) return self.token diff --git a/oauthlib/oauth2/rfc6749/clients/service_application.py b/oauthlib/oauth2/rfc6749/clients/service_application.py index 09fc7ba..34c2a66 100644 --- a/oauthlib/oauth2/rfc6749/clients/service_application.py +++ b/oauthlib/oauth2/rfc6749/clients/service_application.py @@ -181,6 +181,7 @@ class ServiceApplicationClient(Client): kwargs['client_id'] = self.client_id kwargs['include_client_id'] = include_client_id + scope = self.scope if scope is None else scope return prepare_token_request(self.grant_type, body=body, assertion=assertion, diff --git a/oauthlib/oauth2/rfc6749/clients/web_application.py b/oauthlib/oauth2/rfc6749/clients/web_application.py index aedc9d1..42b2c96 100644 --- a/oauthlib/oauth2/rfc6749/clients/web_application.py +++ b/oauthlib/oauth2/rfc6749/clients/web_application.py @@ -84,6 +84,7 @@ class WebApplicationClient(Client): .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3 .. _`Section 10.12`: https://tools.ietf.org/html/rfc6749#section-10.12 """ + scope = self.scope if scope is None else scope return prepare_grant_uri(uri, self.client_id, 'code', redirect_uri=redirect_uri, scope=scope, state=state, **kwargs) -- cgit v1.2.1 From 352bc18f80d2f12ba52f19ba0a8d23b196291b6d Mon Sep 17 00:00:00 2001 From: Sylvain MARIE Date: Sun, 19 Apr 2020 13:58:58 +0200 Subject: Changelog --- CHANGELOG.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index ab556f1..6cb625c 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -27,6 +27,10 @@ OAuth2.0 Client - Bugfixes * #290: Fix Authorization Code's errors processing * #603: BackendApplication.Client.prepare_request_body use the `scope` argument as intended. * #672: Fix edge case when `expires_in=Null` + * #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response, + ServiceApplicationClient.prepare_request_body, + and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in + constructor. OAuth1.0 Client -- cgit v1.2.1 From 9d774720699d37cae45e6a311bab13eb97f0c548 Mon Sep 17 00:00:00 2001 From: Sylvain MARIE Date: Sun, 19 Apr 2020 14:20:31 +0200 Subject: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently relies on the `scope` provided in the constructor if any, except if overridden temporarily in a method call. Note that in particular providing a non-None `scope` in `prepare_authorization_request` or `prepare_refresh_token` **does not override anymore self.scope forever**, it is just used remporarily. Fixes #730 --- oauthlib/oauth2/rfc6749/clients/base.py | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py index 04dabe6..4043258 100644 --- a/oauthlib/oauth2/rfc6749/clients/base.py +++ b/oauthlib/oauth2/rfc6749/clients/base.py @@ -220,7 +220,10 @@ class Client: the provider. If provided then it must also be provided in the token request. - :param scope: + :param scope: List of scopes to request. Must be equal to + or a subset of the scopes granted when obtaining the refresh + token. If none is provided, the ones provided in the constructor are + used. :param kwargs: Additional parameters to included in the request. @@ -231,10 +234,11 @@ class Client: self.state = state or self.state_generator() self.redirect_url = redirect_url or self.redirect_url - self.scope = scope or self.scope + # do not assign scope to self automatically anymore + scope = self.scope if scope is None else scope auth_url = self.prepare_request_uri( authorization_url, redirect_uri=self.redirect_url, - scope=self.scope, state=self.state, **kwargs) + scope=scope, state=self.state, **kwargs) return auth_url, FORM_ENC_HEADERS, '' def prepare_token_request(self, token_url, authorization_response=None, @@ -295,7 +299,8 @@ class Client: :param scope: List of scopes to request. Must be equal to or a subset of the scopes granted when obtaining the refresh - token. + token. If none is provided, the ones provided in the constructor are + used. :param kwargs: Additional parameters to included in the request. @@ -304,9 +309,10 @@ class Client: if not is_secure_transport(token_url): raise InsecureTransportError() - self.scope = scope or self.scope + # do not assign scope to self automatically anymore + scope = self.scope if scope is None else scope body = self.prepare_refresh_body(body=body, - refresh_token=refresh_token, scope=self.scope, **kwargs) + refresh_token=refresh_token, scope=scope, **kwargs) return token_url, FORM_ENC_HEADERS, body def prepare_token_revocation_request(self, revocation_url, token, @@ -380,7 +386,8 @@ class Client: returns an error response as described in `Section 5.2`_. :param body: The response body from the token request. - :param scope: Scopes originally requested. + :param scope: Scopes originally requested. If none is provided, the ones + provided in the constructor are used. :return: Dictionary of token parameters. :raises: Warning if scope has changed. OAuth2Error if response is invalid. @@ -416,6 +423,7 @@ class Client: .. _`Section 5.2`: https://tools.ietf.org/html/rfc6749#section-5.2 .. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1 """ + scope = self.scope if scope is None else scope self.token = parse_token_response(body, scope=scope) self.populate_token_attributes(self.token) return self.token @@ -437,9 +445,11 @@ class Client: Section 3.3. The requested scope MUST NOT include any scope not originally granted by the resource owner, and if omitted is treated as equal to the scope originally granted by the - resource owner. + resource owner. Note that if none is provided, the ones provided + in the constructor are used if any. """ refresh_token = refresh_token or self.refresh_token + scope = self.scope if scope is None else scope return prepare_token_request(self.refresh_token_key, body=body, scope=scope, refresh_token=refresh_token, **kwargs) -- cgit v1.2.1 From 2fcbc5865327ce9b2f96c6ae4bb6d543e632795a Mon Sep 17 00:00:00 2001 From: Sylvain MARIE Date: Sun, 19 Apr 2020 14:22:59 +0200 Subject: changelog --- CHANGELOG.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index ab556f1..9a20ebd 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -27,6 +27,11 @@ OAuth2.0 Client - Bugfixes * #290: Fix Authorization Code's errors processing * #603: BackendApplication.Client.prepare_request_body use the `scope` argument as intended. * #672: Fix edge case when `expires_in=Null` + * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently + relies on the `scope` provided in the constructor if any, except if overridden temporarily + in a method call. Note that in particular providing a non-None `scope` in + `prepare_authorization_request` or `prepare_refresh_token` does not override anymore + `self.scope` forever, it is just used temporarily. OAuth1.0 Client -- cgit v1.2.1 From a33e8f79f3e9b59778928725d6fa2efcc8b245aa Mon Sep 17 00:00:00 2001 From: Jonathan Huot Date: Wed, 22 Apr 2020 12:42:10 +0200 Subject: Add 3.1.0 date. Moved merged PR into 3.1.1 --- CHANGELOG.rst | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9a20ebd..70d3257 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,7 +1,16 @@ Changelog ========= -3.1.0 (TBD) +3.1.1 (TBD) +------------------ +OAuth2.0 Client - Bugfixes + * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently + relies on the `scope` provided in the constructor if any, except if overridden temporarily + in a method call. Note that in particular providing a non-None `scope` in + `prepare_authorization_request` or `prepare_refresh_token` does not override anymore + `self.scope` forever, it is just used temporarily. + +3.1.0 (2019-08-06) ------------------ OAuth2.0 Provider - Features @@ -27,11 +36,6 @@ OAuth2.0 Client - Bugfixes * #290: Fix Authorization Code's errors processing * #603: BackendApplication.Client.prepare_request_body use the `scope` argument as intended. * #672: Fix edge case when `expires_in=Null` - * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently - relies on the `scope` provided in the constructor if any, except if overridden temporarily - in a method call. Note that in particular providing a non-None `scope` in - `prepare_authorization_request` or `prepare_refresh_token` does not override anymore - `self.scope` forever, it is just used temporarily. OAuth1.0 Client -- cgit v1.2.1