Skip to content

OAuth2 LegacyApplicationClient should honor default scopes in prepare_request_body #725

New issue
New issue
Closed
#726
Closed
OAuth2 LegacyApplicationClient should honor default scopes in prepare_request_body#725
#726
Labels
BugOAuth2-ClientThis impact the client part of OAuth2.
Milestone
3.1.1
@smarie

Description

@smarie
smarie
opened on Apr 9, 2020

Hi there,

I found this while using requests-oauthlib (requests/requests-oauthlib#406) but it actually belongs here.

Consider this code:

from oauthlib.oauth2 import LegacyApplicationClient
from requests_oauthlib import OAuth2Session

client = LegacyApplicationClient(client_id="my_client_id", scope=['openid', 'profile'])
oauth_session = OAuth2Session(client)

token = oauth_session.fetch_token(token_url='https://<blah>.auth0.com/oauth/ro',
                                                         username=username, password=password,
                                                         include_client_id=True,
                                                         scope=['openid', 'profile']  # this should not be needed
                                  )

I currently have to include the scope in fetch_token() to get a valid token, because the default scopes defined in LegacyApplicationClient are not used in LegacyApplicationClient.prepare_request_body(...) when scope=None is received.

I will submit a PR

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugOAuth2-ClientThis impact the client part of OAuth2.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions