Missing ServiceApplicationClient oauth class

[DavidePapa]

Hi,

i need to implement the MS365 on_behalf_of flow [0] (for brevity: i make an authorization code flow at beginning, and then i make another token request with custom params and token in the assertion param)

As first authentication i make an authorization_code_grant flow successfully, but when i make the second fetch_token with special parameter, i receive error about grant_type parameter
TypeError: prepare_token_request() got multiple values for argument 'grant_type'

My problem is on prepare_token_request function at oauthlib/oauth2/rfc6749/clients/web_application.py(127)
"In addition OAuthLib will add the 'grant_type' parameter set to 'authorization_code' "

so, i cannot set a custom grant_type params.

Do i make a bad use of request_oauthlib? if i try to make an OAuth2Session.post request i receive error AADSTS50013: Assertion contains an invalid signature. from server, probably because with post i don't set the correct header params for endpoint.

Many thanks for considering my request.

Davide

[0] - https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-on-behalf-of

[singingwolfboy]

Hi @DavidePapa, this looks like an interesting situation. I don't know anything about this "On-Behalf-Of flow", but I suspect that it's different from the standard web application flow. You might need to raise this issue in the oauthlib repository, and add support for this flow to oauthlib itself. Does that make sense?

[DavidePapa]

Hi @singingwolfboy ,

i've discovered that MS365 on_behalf_of flow is managed by oauthlib through the service application flow [0] because grant_type param is set with correct value. Unfortunately i didn't have much more time to test it (i hope during this week to be able to).

However this client is not managed by OAuth2Session class yet.

Regards

Davide

[0] - https://github.com/oauthlib/oauthlib/blob/master/oauthlib/oauth2/rfc6749/clients/service_application.py