Add Authorization header with token to user info call

While not required, it is recommended to send the token as an Authorization header to the UserInfo call in OIDC: http://openid.net/specs/openid-connect-core-1_0.html#UserInfo Some implementations expect this and will fail if not present
2017-04-27 11:24:12 -04:00 · 2017-04-27 11:24:12 -04:00 · c0cc574ca2
commit c0cc574ca2
parent a9337ff484
2 changed files with 9 additions and 2 deletions
--- a/oauth/base.py
+++ b/oauth/base.py
@ -101,7 +101,11 @@ class OAuthService(object):
      'alt': 'json',
    }

-    got_user = http_client.get(self.user_endpoint(), params=token_param)
+    headers = {
+      'Authorization': 'Bearer %s' % token,
+    }
+
+    got_user = http_client.get(self.user_endpoint(), params=token_param, headers=headers)
    if got_user.status_code // 100 != 2:
      raise OAuthGetUserInfoException('Non-2XX response code for user_info call: %s' %
                                      got_user.status_code)
--- a/oauth/test/test_oidc.py
+++ b/oauth/test/test_oidc.py
@ -153,7 +153,10 @@ def preferred_username(request):
@pytest.fixture
 def userinfo_handler(oidc_service, preferred_username):
  @urlmatch(netloc=r'fakeoidc', path=r'/userinfo')
-  def handler(_, __):
+  def handler(_, req):
+    if req.headers.get('Authorization') != 'Bearer sometoken':
+      return {'status_code': 401, 'content': 'Missing expected header'}
+
    content = {
      'sub': 'cooluser',
      'preferred_username':preferred_username,