vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add Authorization header with token to user info call

Browse source 
While not required, it is recommended to send the token as an Authorization header to the UserInfo call in OIDC: http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Some implementations expect this and will fail if not present
This commit is contained in:
Joseph Schorr 2017-04-27 11:24:12 -04:00
parent a9337ff484
commit c0cc574ca2
2 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
oauth/base.py
View file

@ -101,7 +101,11 @@ class OAuthService(object):
'alt': 'json', 'alt': 'json',
} }
got_user = http_client.get(self.user_endpoint(), params=token_param) headers = {
'Authorization': 'Bearer %s' % token,
}
got_user = http_client.get(self.user_endpoint(), params=token_param, headers=headers)
if got_user.status_code // 100 != 2: if got_user.status_code // 100 != 2:
raise OAuthGetUserInfoException('Non-2XX response code for user_info call: %s' % raise OAuthGetUserInfoException('Non-2XX response code for user_info call: %s' %
got_user.status_code) got_user.status_code)

5
oauth/test/test_oidc.py
View file

@ -153,7 +153,10 @@ def preferred_username(request):
@pytest.fixture @pytest.fixture
def userinfo_handler(oidc_service, preferred_username): def userinfo_handler(oidc_service, preferred_username):
@urlmatch(netloc=r'fakeoidc', path=r'/userinfo') @urlmatch(netloc=r'fakeoidc', path=r'/userinfo')
def handler(_, __): def handler(_, req):
if req.headers.get('Authorization') != 'Bearer sometoken':
return {'status_code': 401, 'content': 'Missing expected header'}
content = { content = {
'sub': 'cooluser', 'sub': 'cooluser',
'preferred_username':preferred_username, 'preferred_username':preferred_username,