You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm working on a legacy app for a client, i'm having a weird issue in django 1.6.10 at the very end of the oauth2 conversation using requests-oauthlib 1.3.0. The Django app is the oauth2 client and Wordpress is the ID provider (i'm using the Wordpress OAuth Server plugin). Basically, i can exchange the auth code for an access token just fine, but when i try to then retrieve a protected resource from Wordpress (/oauth/me) using that access token, i get a 403 forbidden error in django. HOWEVER, when i take that same access token to Postman and issue a POST request to /oauth/me with Authorization=Bearer , i get the protected user info back from WP just fine. Maybe it's something to do with the headers, or maybe the client scope (which is 'basic'), or something to do with how i am requesting the token? I'm stepping thru the OAuth2Session class from requests-oauthlib to see what might be going haywire. Someone having experience with this lib will maybe know already what is happening? Thanks in advance! Code is below.
def oauth_init(request):
wordpress = OAuth2Session(WORDPRESS_CLIENT_ID, redirect_uri=WORDPRESS_REDIRECT_URI)
authorization_url, state = wordpress.authorization_url(WORDPRESS_AUTHORIZE_ENDPOINT)
request.session['oauth_state'] = state
return redirect(authorization_url)
def oauth_authorize(request):
wordpress = OAuth2Session(WORDPRESS_CLIENT_ID,
state=request.session['oauth_state'],
redirect_uri=WORDPRESS_REDIRECT_URI,
scope="basic")
token = wordpress.fetch_token(token_url=WORDPRESS_ACCESSTOKEN_ENDPOINT,
include_client_id=True,
client_secret=WORDPRESS_CLIENT_SECRET,
code=request.GET["code"],
headers={"User-Agent": "None"})
request.session['oauth_token'] = token
return redirect("/wp_profile")
def wp_profile(request):
wordpress = OAuth2Session(WORDPRESS_CLIENT_ID,
token=request.session['oauth_token'])
user = wordpress.get('https://imsestage.wpengine.com/oauth/me') # <-- this is failing with 403
return json.dumps({user})
The text was updated successfully, but these errors were encountered:
I'm working on a legacy app for a client, i'm having a weird issue in django 1.6.10 at the very end of the oauth2 conversation using requests-oauthlib 1.3.0. The Django app is the oauth2 client and Wordpress is the ID provider (i'm using the Wordpress OAuth Server plugin). Basically, i can exchange the auth code for an access token just fine, but when i try to then retrieve a protected resource from Wordpress (/oauth/me) using that access token, i get a 403 forbidden error in django. HOWEVER, when i take that same access token to Postman and issue a POST request to /oauth/me with Authorization=Bearer , i get the protected user info back from WP just fine. Maybe it's something to do with the headers, or maybe the client scope (which is 'basic'), or something to do with how i am requesting the token? I'm stepping thru the OAuth2Session class from requests-oauthlib to see what might be going haywire. Someone having experience with this lib will maybe know already what is happening? Thanks in advance! Code is below.
The text was updated successfully, but these errors were encountered: