requests-oauthlib: Missing access Token parameter with OAuth2Session, but plain ol' requests works.
I’m building an api integration, and I can get it working using plain requests yet not with requests-oauthlib. The traceback goes to the oauthlib itself, but this is similar to unsolved issue 286 on this repo, so I’ll post here for now.
The api I’m hitting isn’t public, so I’ll do my best to provide context even if you can’t directly reproduce.
Here’s what works with requests. This is at the callback stage, and the state is definitely the same state from the authorization url:
access_url = access_token_url + '?grant_type=authorization_code' + '&code=' + request.GET.get('code', '') + '&client_id=' + my_client_id + '&redirect_uri=' + redirect_uri + '&client_secret=' + client_secret + '&state=' + request.session['oauth_state']
token = requests.post(access_url)
Here’s what fails with requests-oauthlib:
myobject = OAuth2Session(client_id = client_id, redirect_uri = redirect_uri, state = request.session['oauth_state'])
token = myobject.fetch_token(access_token_url, authorization_response=request.build_absolute_uri(), client_secret=client_secret
I’m fairly sure that the request.build_absolute_uri() is not the problem, because that part works for other API integrations; that most certainly returns the full url it needs to parse.
Anyways here’s the error traceback:
File "/app/.heroku/python/lib/python3.6/site-packages/requests_oauthlib/oauth2_session.py" in fetch_token
244. self._client.parse_request_body_response(r.text, scope=self.scope)
File "/app/.heroku/python/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/clients/base.py" in parse_request_body_response
411. self.token = parse_token_response(body, scope=scope)
File "/app/.heroku/python/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/parameters.py" in parse_token_response
379. validate_token_parameters(params)
File "/app/.heroku/python/lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/parameters.py" in validate_token_parameters
389. raise MissingTokenError(description="Missing access token parameter.")
So, somehow oauthlib raises an error because it can’t find the access token parameter when it tries to validate whether parse_token_response() worked. So something seems to be going wrong at parse_token_response().
And this is what the token looks like when we do obtain the token:
{
"access_token": “<access_token>”,
"expires_in": 36000.0,
"refresh_token”: “<refresh_token>”
}
If someone can tell me how to inspect exactly what raw http requests are being sent by object.fetch_token(), that would also help me diagnose further. Is there a way to inspect the oauth2session object to find that, or does anyone happen to know an easy way to find that for a django app on heroku? (it’s not in heroku logs)
Thanks for contributing to such an elegant package. The overall quality really makes me want to fix this rather than use the plain old requests code in my app.
About this issue
- Original URL
- State: open
- Created 6 years ago
- Reactions: 12
- Comments: 25
I got this same experience with Intercom OAuth; I added
include_client_id=Trueto mysession.fetch_token()params and now it works.Has this been fixed at all? We use this package and it is excellent! But I’m having a similar issue to above.
client = LegacyApplicationClient(client_id=client_id) oauth = OAuth2Session(client=client) token = oauth.fetch_token( token_url=token_url, username=username, password=password, client_id=client_id, client_secret=client_secret)
This gives me the error:
If this helps anyone, I had to make requests against a {‘Server’: ‘Microsoft-Azure-Application-Gateway/v2’} server which apparently have some sort of sick WAF setting. Adding the following to fetch_token() fixed my problem.
headers={'User-Agent': 'PostmanRuntime/7.29.0'}This happened to me and the problem was in the response, it was lacking the expected JSON structure consisting of an object with the key
access_tokenset —I was returning the response badly from my mock server.I was having the same error… raise MissingTokenError(description=“Missing access token parameter.”) oauthlib.oauth2.rfc6749.errors.MissingTokenError: (missing_token) Missing access token parameter.
and in my case, the URL I was using was wrong. 😃
I had “oauth2/token” when in my case it should have been “oauth/token”
Example cut and pasted from the readthedocs.io works, after my custom changes as above.
I noticed that if your code don’t set a scope for your OAuth request, you get this error. I was using the “Backend Application Flow” as documented - https://requests-oauthlib.readthedocs.io/en/latest/oauth2_workflow.html#backend-application-flow
And it didn’t work because of an error in the documentation which says
And should say something like
I downgraded the requests-oauthlib library and now my requests with python-nokia are fine again…
@singingwolfboy I had this problem too with a private API. The fetch_token call was returning a 401 and not generating a token.
I spoke with my API provider, and it turns out they require everything be passed in the url querystring, but there doesn’t seem to be an option for that in the fetch_token method. Is this accurate? If so, can you add an option to pass params into the fetch_token method?
When I changed your oauth2_session.py fetch_token from self.post(data=dict(urldecode(body), …) to self.post(params=dict(urldecode(body), …), it worked. I also made a pull request in case that’s easiest for you.
Thanks for this fantastic package!