sources/oauth: fix twitter client missing basic auth
closes #3038 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
ee54328589
commit
c11435780d
|
@ -8,7 +8,7 @@ from rest_framework.decorators import action
|
|||
from rest_framework.filters import OrderingFilter, SearchFilter
|
||||
from rest_framework.request import Request
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.serializers import ModelSerializer, SerializerMethodField, ReadOnlyField
|
||||
from rest_framework.serializers import ModelSerializer, ReadOnlyField, SerializerMethodField
|
||||
from rest_framework.viewsets import GenericViewSet
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
|
|
|
@ -77,10 +77,7 @@ class OAuth2Client(BaseOAuthClient):
|
|||
if self.source.type.urls_customizable and self.source.access_token_url:
|
||||
access_token_url = self.source.access_token_url
|
||||
response = self.session.request(
|
||||
"post",
|
||||
access_token_url,
|
||||
data=args,
|
||||
headers=self._default_headers,
|
||||
"post", access_token_url, data=args, headers=self._default_headers, **request_kwargs
|
||||
)
|
||||
response.raise_for_status()
|
||||
except RequestException as exc:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
"""Twitter OAuth Views"""
|
||||
from typing import Any
|
||||
from typing import Any, Optional
|
||||
|
||||
from authentik.lib.generators import generate_id
|
||||
from authentik.sources.oauth.clients.oauth2 import SESSION_KEY_OAUTH_PKCE
|
||||
|
@ -9,6 +9,23 @@ from authentik.sources.oauth.views.callback import OAuthCallback
|
|||
from authentik.sources.oauth.views.redirect import OAuthRedirect
|
||||
|
||||
|
||||
class TwitterClient(AzureADClient):
|
||||
"""Twitter has similar quirks to Azure AD, and additionally requires Basic auth on
|
||||
the access token endpoint for some reason."""
|
||||
|
||||
# Twitter has the same quirk as azure and throws an error if the access token
|
||||
# is set via query parameter, so we re-use the azure client
|
||||
# see https://github.com/goauthentik/authentik/issues/1910
|
||||
|
||||
def get_access_token(self, **request_kwargs) -> Optional[dict[str, Any]]:
|
||||
return super().get_access_token(
|
||||
auth=(
|
||||
self.source.consumer_key,
|
||||
self.source.consumer_secret,
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
class TwitterOAuthRedirect(OAuthRedirect):
|
||||
"""Twitter OAuth2 Redirect"""
|
||||
|
||||
|
@ -24,10 +41,7 @@ class TwitterOAuthRedirect(OAuthRedirect):
|
|||
class TwitterOAuthCallback(OAuthCallback):
|
||||
"""Twitter OAuth2 Callback"""
|
||||
|
||||
# Twitter has the same quirk as azure and throws an error if the access token
|
||||
# is set via query parameter, so we re-use the azure client
|
||||
# see https://github.com/goauthentik/authentik/issues/1910
|
||||
client_class = AzureADClient
|
||||
client_class = TwitterClient
|
||||
|
||||
def get_user_id(self, info: dict[str, str]) -> str:
|
||||
return info.get("data", {}).get("id", "")
|
||||
|
|
Reference in a new issue