sources/oauth: fix twitter client missing basic auth

closes #3038

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-06-05 14:21:32 +02:00
parent ee54328589
commit c11435780d
3 changed files with 21 additions and 10 deletions

View file

@ -8,7 +8,7 @@ from rest_framework.decorators import action
from rest_framework.filters import OrderingFilter, SearchFilter from rest_framework.filters import OrderingFilter, SearchFilter
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.serializers import ModelSerializer, SerializerMethodField, ReadOnlyField from rest_framework.serializers import ModelSerializer, ReadOnlyField, SerializerMethodField
from rest_framework.viewsets import GenericViewSet from rest_framework.viewsets import GenericViewSet
from structlog.stdlib import get_logger from structlog.stdlib import get_logger

View file

@ -77,10 +77,7 @@ class OAuth2Client(BaseOAuthClient):
if self.source.type.urls_customizable and self.source.access_token_url: if self.source.type.urls_customizable and self.source.access_token_url:
access_token_url = self.source.access_token_url access_token_url = self.source.access_token_url
response = self.session.request( response = self.session.request(
"post", "post", access_token_url, data=args, headers=self._default_headers, **request_kwargs
access_token_url,
data=args,
headers=self._default_headers,
) )
response.raise_for_status() response.raise_for_status()
except RequestException as exc: except RequestException as exc:

View file

@ -1,5 +1,5 @@
"""Twitter OAuth Views""" """Twitter OAuth Views"""
from typing import Any from typing import Any, Optional
from authentik.lib.generators import generate_id from authentik.lib.generators import generate_id
from authentik.sources.oauth.clients.oauth2 import SESSION_KEY_OAUTH_PKCE from authentik.sources.oauth.clients.oauth2 import SESSION_KEY_OAUTH_PKCE
@ -9,6 +9,23 @@ from authentik.sources.oauth.views.callback import OAuthCallback
from authentik.sources.oauth.views.redirect import OAuthRedirect from authentik.sources.oauth.views.redirect import OAuthRedirect
class TwitterClient(AzureADClient):
"""Twitter has similar quirks to Azure AD, and additionally requires Basic auth on
the access token endpoint for some reason."""
# Twitter has the same quirk as azure and throws an error if the access token
# is set via query parameter, so we re-use the azure client
# see https://github.com/goauthentik/authentik/issues/1910
def get_access_token(self, **request_kwargs) -> Optional[dict[str, Any]]:
return super().get_access_token(
auth=(
self.source.consumer_key,
self.source.consumer_secret,
)
)
class TwitterOAuthRedirect(OAuthRedirect): class TwitterOAuthRedirect(OAuthRedirect):
"""Twitter OAuth2 Redirect""" """Twitter OAuth2 Redirect"""
@ -24,10 +41,7 @@ class TwitterOAuthRedirect(OAuthRedirect):
class TwitterOAuthCallback(OAuthCallback): class TwitterOAuthCallback(OAuthCallback):
"""Twitter OAuth2 Callback""" """Twitter OAuth2 Callback"""
# Twitter has the same quirk as azure and throws an error if the access token client_class = TwitterClient
# is set via query parameter, so we re-use the azure client
# see https://github.com/goauthentik/authentik/issues/1910
client_class = AzureADClient
def get_user_id(self, info: dict[str, str]) -> str: def get_user_id(self, info: dict[str, str]) -> str:
return info.get("data", {}).get("id", "") return info.get("data", {}).get("id", "")