Skip to content

Added client_id parameter to AssertionClient #476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Added client_id parameter to AssertionClient #476

wants to merge 1 commit into from

Conversation

vilmar-hillow
Copy link

Per https://datatracker.ietf.org/doc/html/rfc7521#section-4.1,
client_id parameter, although optional, can still be passed
when using assertions as authorization grants. Adding a way to pass
that id to refresh token body.

What kind of change does this PR introduce? (check at least one)

  • Bugfix
  • Feature
  • Code style update
  • Refactor
  • Other, please describe:

Does this PR introduce a breaking change? (check one)

  • Yes
  • No
  • You consent that the copyright of your pull request source code belongs to Authlib's author.

@lepture
Copy link
Member

lepture commented Aug 9, 2022

  1. I didn't see client_id is optional in the doc.
  2. You are always passing client_id=None

@vilmar-hillow vilmar-hillow force-pushed the fix/assertion_client_id branch from 3ea23ce to 22ef69a Compare August 9, 2022 03:07
@vilmar-hillow
Copy link
Author

  1. I didn't see client_id is optional in the doc.
  2. You are always passing client_id=None
  1. From linked section: "Authentication of the client is optional, as described in
    Section 3.2.1 of OAuth 2.0 [RFC6749], and consequently, the
    "client_id" is only needed when a form of client authentication that
    relies on the parameter is used."

One of the providers I'm working with uses the authorization grant routine with client id.

  1. Good catch, fixed

Added client_id parameter to AssertionClient
727ee0e 
Per https://datatracker.ietf.org/doc/html/rfc7521#section-4.1,
client_id parameter, although optional, can still be passed
when using assertions as authorization grants. Adding a way to pass
that id to refresh token body.
@vilmar-hillow vilmar-hillow force-pushed the fix/assertion_client_id branch from 22ef69a to 727ee0e Compare August 9, 2022 03:15
@azmeuk azmeuk added the role:client Concerns a client implementation label Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
role:client Concerns a client implementation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vilmar-hillow @lepture @azmeuk