Merge pull request #2585 from coreos-inc/oidc-auth-header

Add Authorization header with token to user info call
2017-04-27 11:28:25 -04:00 · 2017-04-27 11:28:25 -04:00 · 3e287978e1
commit 3e287978e1
parent a9337ff484 c0cc574ca2
2 changed files with 9 additions and 2 deletions
--- a/oauth/base.py
+++ b/oauth/base.py
@ -101,7 +101,11 @@ class OAuthService(object):
      'alt': 'json',
    }

-    got_user = http_client.get(self.user_endpoint(), params=token_param)
+    headers = {
+      'Authorization': 'Bearer %s' % token,
+    }
+
+    got_user = http_client.get(self.user_endpoint(), params=token_param, headers=headers)
    if got_user.status_code // 100 != 2:
      raise OAuthGetUserInfoException('Non-2XX response code for user_info call: %s' %
                                      got_user.status_code)
--- a/oauth/test/test_oidc.py
+++ b/oauth/test/test_oidc.py
@ -153,7 +153,10 @@ def preferred_username(request):
@pytest.fixture
 def userinfo_handler(oidc_service, preferred_username):
  @urlmatch(netloc=r'fakeoidc', path=r'/userinfo')
-  def handler(_, __):
+  def handler(_, req):
+    if req.headers.get('Authorization') != 'Bearer sometoken':
+      return {'status_code': 401, 'content': 'Missing expected header'}
+
    content = {
      'sub': 'cooluser',
      'preferred_username':preferred_username,