Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support for urn:ietf:wg:oauth:2.0:oob ? #280

Open
glyph opened this issue May 12, 2017 · 6 comments
Open

support for urn:ietf:wg:oauth:2.0:oob ? #280

glyph opened this issue May 12, 2017 · 6 comments

Comments

@glyph
Copy link

glyph commented May 12, 2017

I'm not sure which project this belongs in a request on, but:

urn:ietf:wg:oauth:2.0:oob is a special redirect URL that indicates to some providers (google in particular) that the token code should be presented to the user so that it can be copied and pasted into (e.g.) a command-line tool.

It doesn't seem like there's anywhere to put this token value once copied.

@Lukasa
Copy link
Member

Lukasa commented May 12, 2017

Hrm. Is that a bearer token of some form, or does it get converted into one in some part of an oauth dance? Do you have a specification for how this should work?

@glyph
Copy link
Author

glyph commented May 12, 2017

The value in the title of the ticket here is the redirect URL.

This may mainly be a documentation issue; I eventually figured out that the thing to do when using this flow (the "other" application flow in Google's terminology) was instead of specifying oauth.fetch_token(token_url, authorization_response=authorization_response, ...), to do oauth.fetch_token(token_url, code=paste_here).

@Lukasa
Copy link
Member

Lukasa commented May 13, 2017

Oh, yes, that's definitely a documentation issue. =(

@Lukasa
Copy link
Member

Lukasa commented May 13, 2017

On the other hand, I'd argue that all of OAuth has a documentation issue.

@sigurdurb
Copy link

@glyph You can also do it like this, I have not used it with gmail but I it is much better then pasting the ?code={somecode} into your actual python code.

import webbrowser
from requests_oauthlib import OAuth2Session

url = "example.com/api"
redirect_uri = "urn:ietf:wg:oauth:2.0:oob"
oauth = OAuth2Session(client_id, redirect_uri=redirect_uri)
authorization_url, state = oauth.authorization_url(url + "/login/oauth2/auth")

webbrowser.open(authorization_url)
authorization_response = input('Enter the full callback URL:  ')

token = oauth.fetch_token(url + "/login/oauth2/token", 
		authorization_response=authorization_response, client_secret=client_secret)

@tejasa97
Copy link

@sigurdurb I tried your method, gives me an exception like oauthlib.oauth2.rfc6749.errors.MismatchingStateError: (mismatching_state) CSRF Warning! State not equal in request and response.
Can you help?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants