Problem setting up OAuth in Frappe

1

Hi

I was going through the Oauth integration and had a few doubts on how to set that up.
This OAuth will be used by external API clients to login to my App (hence i cannot use the web-app flow, where a user selects “confirm” and then the code is generated, which fetches the access token). I’m looking for a solution where the API user can get the access token after passing client id and client secret.

I went through this and tried the following:

>>> from oauthlib.oauth2 import BackendApplicationClient
>>> client = BackendApplicationClient(client_id=client_id)
>>> oauth = OAuth2Session(client=client)
>>> token = oauth.fetch_token(token_url='https://provider.com/api/method/frappe.integrations.oauth2.get_token', client_id=client_id, client_secret=client_secret)

I’m getting unsupported_grant_type error every time.

Below are the settings that I configured for this API client:

27 PM
27 PM2450×1438 270 KB

2

The library you referred is different and it is not included in frappe
http://requests-oauthlib.readthedocs.io/en/latest/

The OAuth Provider is based on Welcome to OAuthLib’s documentation! — OAuthLib 3.2.2 documentation

The Client library available in frappe is rauth (Rauth — rauth 0.7.2 documentation) check example

Check the Skip Authorization checkbox and it will not ask for confirmation

You can select
Grant Type : Implicit Grant
Response Type: Token

for mobile apps, RFC 6749 - The OAuth 2.0 Authorization Framework

3

Thanks, that helped quite a bit. But I got an error on sending a GET request to

http://0.0.0.0:8001/api/method/frappe.integrations.oauth2.authorize?data=&client_id=xxxxx&redirect_uri=http://localhost:8001&response_type=token

otoken.user = request.user if request.user else frappe.db.get_value("OAuth Bearer Token", {"refresh_token":request.body.get("refresh_token")}, "user")
AttributeError: 'unicode' object has no attribute 'get'
Home
4

Right now

Grant Type : Authorization Code
Response Type : Code

works well and is tested.
Plugins are built for this flow.

I’ll look into other flow, fix things and write tests.

You can add issue and tag me.

Edit : Oauth2 implicit grant fixes tests by revant · Pull Request #4261 · frappe/frappe · GitHub

5

Cool, thanks