-
-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication on refresh has to be explicit but shouldn't be #202
Comments
@jsfan Do you have a proposed API for this? |
The approach I tried turned out not to work and I haven't had a chance to revisit and try something else. It has not been forgotten though. |
Yes auto-refresh seems to be currently broken unless you pass the |
My proposal is to accept |
RFC 6749 recommends the use of HTTP Basic auth for OAuth2. While requests-oauthlib allows for authentication details to be sent along explicitly when fetching tokens, the credentials would have to be passed to every single request in order for the refresh to work.
Oauth2Session should probably either take the credentials on fetch and then store them to use for refresh or already take them in the constructor.
I am happy to contribute the patch but would like to have an opinion first as to which path to go down.
The text was updated successfully, but these errors were encountered: