Add Authorization header with token to user info call

While not required, it is recommended to send the token as an Authorization header to the UserInfo call in OIDC: http://openid.net/specs/openid-connect-core-1_0.html#UserInfo Some implementations expect this and will fail if not present
2017-04-27 11:24:12 -04:00 · 2017-04-27 11:24:12 -04:00 · c0cc574ca2
commit c0cc574ca2
parent a9337ff484
2 changed files with 9 additions and 2 deletions
--- a/oauth/base.py
+++ b/oauth/base.py
@ -101,7 +101,11 @@ class OAuthService(object):
      'alt': 'json',
    }

-    got_user = http_client.get(self.user_endpoint(), params=token_param)
+    headers = {
+      'Authorization': 'Bearer %s' % token,
+    }
+
+    got_user = http_client.get(self.user_endpoint(), params=token_param, headers=headers)
    if got_user.status_code // 100 != 2:
      raise OAuthGetUserInfoException('Non-2XX response code for user_info call: %s' %
                                      got_user.status_code)