Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Standalone access token request? #798

Open
boonware opened this issue Sep 30, 2021 · 2 comments
Open

Standalone access token request? #798

boonware opened this issue Sep 30, 2021 · 2 comments
Labels
usage-question

Comments

@boonware
Copy link

Is it possible to make an access token request without first making an authorization request? In my application flow the initial authorization request is performed by an application running in the web browser, and the grant code is then passed to the backend where a Python application requests the access token. For example:

        args = {
            'code': auth_request.code,
            'state': auth_request.state
        }
        response = self._client.do_access_token_request(auth_request.state,
            request_args=args, authn_method='client_secret_basic')

In the above code auth_request is an object sent to the application from the web browser containing the details extracted from the redirect URL. However, I receive the following error:

oic.oauth2.exception.GrantError: No grant found for state:''
@schlenk
Copy link
Collaborator

schlenk commented Sep 30, 2021

The flow seems to be a bit unusual.

The Client class keeps some state about the authorization in a dictionary indexed by the "state" parameter of the authorization flow, thats why you see the above error. Your client has nothing stored for the state value "".

So you would need to provide the Client with the necessary information.

If the Client runs the flow itself, this is done in the parse_response() method. So if you can construct an AuthorizationResponse object from your data and then parse it, the client would be setup for fetching the access token.

@infohash
Copy link
Contributor

You can use Client Credentials Flow for this.

from oic.oauth2 import Client
from oic.oauth2.message import AccessTokenResponse, CCAccessTokenRequest, MessageTuple, OauthMessageFactory
from oic.utils.authn.client import CLIENT_AUTHN_METHOD


class CCMessageFactory(OauthMessageFactory):

    token_endpoint = MessageTuple(CCAccessTokenRequest, AccessTokenResponse)


client = Client(client_id='client_id123, 'client_authn_method=CLIENT_AUTHN_METHOD,
                message_factory=CCMessageFactory)
client.client_secret = 'client_secret'

client_credentials_response = client.do_access_token_request(request_args={'grant_type': 'client_credentials'},
                                                             authn_method='client_secret_basic',
                                                             endpoint='https://idp.example.com/token')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
usage-question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@schlenk @boonware @infohash