Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Okta support #463

Closed
SquireOfSoftware opened this issue Nov 17, 2021 · 1 comment
Closed

Okta support #463

SquireOfSoftware opened this issue Nov 17, 2021 · 1 comment

Comments

@SquireOfSoftware
Copy link

SquireOfSoftware commented Nov 17, 2021
edited
Loading

Do you guys support Okta?

I was getting this issue and I was wondering if it was misconfiguration on the Okta side of things or if it was how I was calling Okta:

Traceback (most recent call last):
  File "...client_credentials.py", line 17, in <module>
    token = oauth.fetch_token(token_url=f'{okta_url}/v1/token',
  File "/usr/local/lib/python3/requests_oauthlib/oauth2_session.py", line 360, in fetch_token
    self._client.parse_request_body_response(r.text, scope=self.scope)
  File "/usr/local/lib/python3/oauthlib/oauth2/rfc6749/clients/base.py", line 429, in parse_request_body_response
    self.token = parse_token_response(body, scope=scope)
  File "/usr/local/lib/python3/oauthlib/oauth2/rfc6749/parameters.py", line 425, in parse_token_response
    validate_token_parameters(params)
  File "/usr/local/lib/python3/oauthlib/oauth2/rfc6749/parameters.py", line 432, in validate_token_parameters
    raise_from_error(params.get('error'), params)
  File "/usr/local/lib/python3/oauthlib/oauth2/rfc6749/errors.py", line 402, in raise_from_error
    raise cls(**kwargs)
oauthlib.oauth2.rfc6749.errors.InvalidScopeError: (invalid_scope) The authorization server resource does not have any configured default scopes, 'scope' must be provided.

My code is:

from oauthlib.oauth2 import BackendApplicationClient
from requests_oauthlib import OAuth2Session

import logging

okta_url = "https://okta-url"
client_id = "client_id"
client_secret = "secret"
scopes = ['openid']

logging.basicConfig(level=logging.DEBUG)

client = BackendApplicationClient(client_id=client_id)
oauth = OAuth2Session(client=client, scope=scopes)
token = oauth.fetch_token(token_url=f'{okta_url}/v1/token',
                          include_client_id=True,
                          client_secret=client_secret)

print(token)
@SquireOfSoftware
Copy link
Author

Nevermind I cracked it, so it turns out that you need to append scope to the body due to how Okta has implemented it:

For the future peeps, this got me talking with Okta:

token = oauth.fetch_token(token_url=f'{okta_url}/v1/token',
                          include_client_id=True,
                          client_secret=client_secret,
                          body="scope=customScope anotherScope")

@jtroussard jtroussard mentioned this issue Nov 21, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SquireOfSoftware