You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hi there, great lib, thanks for your work on this! I've been using a fork of it for a bit it's been working really well!
Some APIs (e.g. Officient) do not respond to the token exchange request with one of the recognized Content-Type headers, causing check_response_body to return false.
Adding the disable_check_response_body function to the builder of CodeTokenRequest would offer a trifle more flexibility to users of this library without altering the default behavior.
PixelWeaver
changed the title
feat: enable user to disable token exchange response body
feat: enable user to disable check for token exchange response body
Aug 6, 2024
What Content-Type header value is returned? The spec is pretty clear that the response body needs to be JSON:
The parameters are included in the entity-body of the HTTP response
using the "application/json" media type as defined by [RFC4627]
This library treats missing Content-Type headers as if they're JSON, so if check_response_body() is returning an error it means that either the Content-Type response header is explicitly set to something other than application/json, or the response body is missing entirely. Neither of those cases are compliant with the spec, so I don't think it makes sense to add explicit support to this library.
My suggestion, as for most other deviations from the spec, is to define a custom HTTP client as a shim (passed to request()/request_json()) that converts the non-compliant response into a compliant one before returning it to this library. For example, that could mean setting the Content-Type header to application/json in the HTTP response.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PixelWeaver
changed the title
Hi there, great lib, thanks for your work on this! I've been using a fork of it for a bit it's been working really well!
Some APIs (e.g. Officient) do not respond to the token exchange request with one of the recognized Content-Type headers, causing
check_response_bodyto returnfalse.Adding the
disable_check_response_bodyfunction to the builder ofCodeTokenRequestwould offer a trifle more flexibility to users of this library without altering the default behavior.