support for urn:ietf:wg:oauth:2.0:oob ?

[glyph]

I'm not sure which project this belongs in a request on, but:

urn:ietf:wg:oauth:2.0:oob is a special redirect URL that indicates to some providers (google in particular) that the token code should be presented to the user so that it can be copied and pasted into (e.g.) a command-line tool.

It doesn't seem like there's anywhere to put this token value once copied.

[Lukasa]

Hrm. Is that a bearer token of some form, or does it get converted into one in some part of an oauth dance? Do you have a specification for how this should work?

[glyph]

The value in the title of the ticket here is the redirect URL.

This may mainly be a documentation issue; I eventually figured out that the thing to do when using this flow (the "other" application flow in Google's terminology) was instead of specifying oauth.fetch_token(token_url, authorization_response=authorization_response, ...), to do oauth.fetch_token(token_url, code=paste_here).

[Lukasa]

Oh, yes, that's definitely a documentation issue. =(

[Lukasa]

On the other hand, I'd argue that all of OAuth has a documentation issue.

[sigurdurb]

@glyph You can also do it like this, I have not used it with gmail but I it is much better then pasting the ?code={somecode} into your actual python code.

import webbrowser
from requests_oauthlib import OAuth2Session

url = "example.com/api"
redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
oauth = OAuth2Session(client_id, redirect_uri=redirect_uri)
authorization_url, state = oauth.authorization_url(url + "/login/oauth2/auth")

webbrowser.open(authorization_url)
authorization_response = input('Enter the full callback URL:  ')

token = oauth.fetch_token(url + "/login/oauth2/token", 
		authorization_response=authorization_response, client_secret=client_secret)

[tejasa97]

@sigurdurb I tried your method, gives me an exception like oauthlib.oauth2.rfc6749.errors.MismatchingStateError: (mismatching_state) CSRF Warning! State not equal in request and response.
Can you help?