sources/oauth: fix access_token being sent as query param and not authorization header

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-14 11:07:36 +02:00 · 2021-09-14 11:07:36 +02:00 · 248f993541
parent 56d40bddd0
commit 248f993541
2 changed files with 6 additions and 28 deletions
--- a/authentik/sources/oauth/clients/base.py
+++ b/authentik/sources/oauth/clients/base.py
@ -41,7 +41,11 @@ class BaseOAuthClient:
        if self.source.type.urls_customizable and self.source.profile_url:
            profile_url = self.source.profile_url
        try:
-            response = self.do_request("get", profile_url, token=token)
+            response = self.do_request(
+                "get",
+                profile_url,
+                headers={"Authorization": f"{token['token_type']} {token['access_token']}"},
+            )
            response.raise_for_status()
        except RequestException as exc:
            LOGGER.warning("Unable to fetch user profile", exc=exc)
--- a/authentik/sources/oauth/types/azure_ad.py
+++ b/authentik/sources/oauth/types/azure_ad.py
@ -1,10 +1,8 @@
 """AzureAD OAuth2 Views"""
-from typing import Any, Optional
+from typing import Any

-from requests.exceptions import RequestException
 from structlog.stdlib import get_logger

-from authentik.sources.oauth.clients.oauth2 import OAuth2Client
 from authentik.sources.oauth.types.manager import MANAGER, SourceType
 from authentik.sources.oauth.views.callback import OAuthCallback
 from authentik.sources.oauth.views.redirect import OAuthRedirect
@ -21,33 +19,9 @@ class AzureADOAuthRedirect(OAuthRedirect):
        }


-class AzureADClient(OAuth2Client):
-    """Azure AD Oauth client, azure ad doesn't like the ?access_token that is sent by default"""
-
-    def get_profile_info(self, token: dict[str, str]) -> Optional[dict[str, Any]]:
-        "Fetch user profile information."
-        profile_url = self.source.type.profile_url or ""
-        if self.source.type.urls_customizable and self.source.profile_url:
-            profile_url = self.source.profile_url
-        try:
-            response = self.session.request(
-                "get",
-                profile_url,
-                headers={"Authorization": f"{token['token_type']} {token['access_token']}"},
-            )
-            response.raise_for_status()
-        except RequestException as exc:
-            LOGGER.warning("Unable to fetch user profile", exc=exc)
-            return None
-        else:
-            return response.json()
-
-
 class AzureADOAuthCallback(OAuthCallback):
    """AzureAD OAuth2 Callback"""

-    client_class = AzureADClient
-
    def get_user_enroll_context(
        self,
        info: dict[str, Any],