From 3dc13ad81b5f570e572f0c23e4a7ed5c72bd4034 Mon Sep 17 00:00:00 2001 From: dpaschenko Date: Tue, 14 Aug 2018 11:10:45 +0300 Subject: [PATCH] Remove client_id and client_secret from body (generated via prepare_request_body) if HTTPBasicAuth used. Usage: token = oauth.fetch_token( token_url='token_url_here', code='code_here', client_id='client_id_here', client_secret='client_secret_here' ) --- requests_oauthlib/oauth2_session.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/requests_oauthlib/oauth2_session.py b/requests_oauthlib/oauth2_session.py index 7ad7b46c..76200560 100644 --- a/requests_oauthlib/oauth2_session.py +++ b/requests_oauthlib/oauth2_session.py @@ -192,16 +192,12 @@ def fetch_token(self, token_url, code=None, authorization_response=None, raise ValueError('Please supply either code or ' 'authorization_response parameters.') - - body = self._client.prepare_request_body(code=code, body=body, - redirect_uri=self.redirect_uri, username=username, - password=password, **kwargs) - - client_id = kwargs.get('client_id', '') if auth is None: + client_id = kwargs.pop('client_id', '') + if client_id: log.debug('Encoding client_id "%s" with client_secret as Basic auth credentials.', client_id) - client_secret = kwargs.get('client_secret', '') + client_secret = kwargs.pop('client_secret', '') client_secret = client_secret if client_secret is not None else '' auth = requests.auth.HTTPBasicAuth(client_id, client_secret) elif username: @@ -210,6 +206,10 @@ def fetch_token(self, token_url, code=None, authorization_response=None, log.debug('Encoding username, password as Basic auth credentials.') auth = requests.auth.HTTPBasicAuth(username, password) + body = self._client.prepare_request_body(code=code, body=body, + redirect_uri=self.redirect_uri, username=username, + password=password, **kwargs) + headers = headers or { 'Accept': 'application/json', 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',