From c11435780dc1c8943e6b5c4b6d4be5c2a95a494f Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 5 Jun 2022 14:21:32 +0200 Subject: [PATCH] sources/oauth: fix twitter client missing basic auth closes #3038 Signed-off-by: Jens Langhammer --- authentik/core/api/sources.py | 2 +- authentik/sources/oauth/clients/oauth2.py | 5 +---- authentik/sources/oauth/types/twitter.py | 24 ++++++++++++++++++----- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/authentik/core/api/sources.py b/authentik/core/api/sources.py index 06c5616b4..fc5309427 100644 --- a/authentik/core/api/sources.py +++ b/authentik/core/api/sources.py @@ -8,7 +8,7 @@ from rest_framework.decorators import action from rest_framework.filters import OrderingFilter, SearchFilter from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import ModelSerializer, SerializerMethodField, ReadOnlyField +from rest_framework.serializers import ModelSerializer, ReadOnlyField, SerializerMethodField from rest_framework.viewsets import GenericViewSet from structlog.stdlib import get_logger diff --git a/authentik/sources/oauth/clients/oauth2.py b/authentik/sources/oauth/clients/oauth2.py index d0af2e876..a1ebd2406 100644 --- a/authentik/sources/oauth/clients/oauth2.py +++ b/authentik/sources/oauth/clients/oauth2.py @@ -77,10 +77,7 @@ class OAuth2Client(BaseOAuthClient): if self.source.type.urls_customizable and self.source.access_token_url: access_token_url = self.source.access_token_url response = self.session.request( - "post", - access_token_url, - data=args, - headers=self._default_headers, + "post", access_token_url, data=args, headers=self._default_headers, **request_kwargs ) response.raise_for_status() except RequestException as exc: diff --git a/authentik/sources/oauth/types/twitter.py b/authentik/sources/oauth/types/twitter.py index 7097690ef..605cc9565 100644 --- a/authentik/sources/oauth/types/twitter.py +++ b/authentik/sources/oauth/types/twitter.py @@ -1,5 +1,5 @@ """Twitter OAuth Views""" -from typing import Any +from typing import Any, Optional from authentik.lib.generators import generate_id from authentik.sources.oauth.clients.oauth2 import SESSION_KEY_OAUTH_PKCE @@ -9,6 +9,23 @@ from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect +class TwitterClient(AzureADClient): + """Twitter has similar quirks to Azure AD, and additionally requires Basic auth on + the access token endpoint for some reason.""" + + # Twitter has the same quirk as azure and throws an error if the access token + # is set via query parameter, so we re-use the azure client + # see https://github.com/goauthentik/authentik/issues/1910 + + def get_access_token(self, **request_kwargs) -> Optional[dict[str, Any]]: + return super().get_access_token( + auth=( + self.source.consumer_key, + self.source.consumer_secret, + ) + ) + + class TwitterOAuthRedirect(OAuthRedirect): """Twitter OAuth2 Redirect""" @@ -24,10 +41,7 @@ class TwitterOAuthRedirect(OAuthRedirect): class TwitterOAuthCallback(OAuthCallback): """Twitter OAuth2 Callback""" - # Twitter has the same quirk as azure and throws an error if the access token - # is set via query parameter, so we re-use the azure client - # see https://github.com/goauthentik/authentik/issues/1910 - client_class = AzureADClient + client_class = TwitterClient def get_user_id(self, info: dict[str, str]) -> str: return info.get("data", {}).get("id", "")