sources/oauth: fix twitter client missing basic auth
closes #3038 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
ee54328589
commit
c11435780d
|
@ -8,7 +8,7 @@ from rest_framework.decorators import action
|
||||||
from rest_framework.filters import OrderingFilter, SearchFilter
|
from rest_framework.filters import OrderingFilter, SearchFilter
|
||||||
from rest_framework.request import Request
|
from rest_framework.request import Request
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.serializers import ModelSerializer, SerializerMethodField, ReadOnlyField
|
from rest_framework.serializers import ModelSerializer, ReadOnlyField, SerializerMethodField
|
||||||
from rest_framework.viewsets import GenericViewSet
|
from rest_framework.viewsets import GenericViewSet
|
||||||
from structlog.stdlib import get_logger
|
from structlog.stdlib import get_logger
|
||||||
|
|
||||||
|
|
|
@ -77,10 +77,7 @@ class OAuth2Client(BaseOAuthClient):
|
||||||
if self.source.type.urls_customizable and self.source.access_token_url:
|
if self.source.type.urls_customizable and self.source.access_token_url:
|
||||||
access_token_url = self.source.access_token_url
|
access_token_url = self.source.access_token_url
|
||||||
response = self.session.request(
|
response = self.session.request(
|
||||||
"post",
|
"post", access_token_url, data=args, headers=self._default_headers, **request_kwargs
|
||||||
access_token_url,
|
|
||||||
data=args,
|
|
||||||
headers=self._default_headers,
|
|
||||||
)
|
)
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
except RequestException as exc:
|
except RequestException as exc:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
"""Twitter OAuth Views"""
|
"""Twitter OAuth Views"""
|
||||||
from typing import Any
|
from typing import Any, Optional
|
||||||
|
|
||||||
from authentik.lib.generators import generate_id
|
from authentik.lib.generators import generate_id
|
||||||
from authentik.sources.oauth.clients.oauth2 import SESSION_KEY_OAUTH_PKCE
|
from authentik.sources.oauth.clients.oauth2 import SESSION_KEY_OAUTH_PKCE
|
||||||
|
@ -9,6 +9,23 @@ from authentik.sources.oauth.views.callback import OAuthCallback
|
||||||
from authentik.sources.oauth.views.redirect import OAuthRedirect
|
from authentik.sources.oauth.views.redirect import OAuthRedirect
|
||||||
|
|
||||||
|
|
||||||
|
class TwitterClient(AzureADClient):
|
||||||
|
"""Twitter has similar quirks to Azure AD, and additionally requires Basic auth on
|
||||||
|
the access token endpoint for some reason."""
|
||||||
|
|
||||||
|
# Twitter has the same quirk as azure and throws an error if the access token
|
||||||
|
# is set via query parameter, so we re-use the azure client
|
||||||
|
# see https://github.com/goauthentik/authentik/issues/1910
|
||||||
|
|
||||||
|
def get_access_token(self, **request_kwargs) -> Optional[dict[str, Any]]:
|
||||||
|
return super().get_access_token(
|
||||||
|
auth=(
|
||||||
|
self.source.consumer_key,
|
||||||
|
self.source.consumer_secret,
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class TwitterOAuthRedirect(OAuthRedirect):
|
class TwitterOAuthRedirect(OAuthRedirect):
|
||||||
"""Twitter OAuth2 Redirect"""
|
"""Twitter OAuth2 Redirect"""
|
||||||
|
|
||||||
|
@ -24,10 +41,7 @@ class TwitterOAuthRedirect(OAuthRedirect):
|
||||||
class TwitterOAuthCallback(OAuthCallback):
|
class TwitterOAuthCallback(OAuthCallback):
|
||||||
"""Twitter OAuth2 Callback"""
|
"""Twitter OAuth2 Callback"""
|
||||||
|
|
||||||
# Twitter has the same quirk as azure and throws an error if the access token
|
client_class = TwitterClient
|
||||||
# is set via query parameter, so we re-use the azure client
|
|
||||||
# see https://github.com/goauthentik/authentik/issues/1910
|
|
||||||
client_class = AzureADClient
|
|
||||||
|
|
||||||
def get_user_id(self, info: dict[str, str]) -> str:
|
def get_user_id(self, info: dict[str, str]) -> str:
|
||||||
return info.get("data", {}).get("id", "")
|
return info.get("data", {}).get("id", "")
|
||||||
|
|
Reference in a new issue