diff --git a/src/authsome/auth/bundled_providers/notion.json b/src/authsome/auth/bundled_providers/notion.json index 59c8f0e6..415a1164 100644 --- a/src/authsome/auth/bundled_providers/notion.json +++ b/src/authsome/auth/bundled_providers/notion.json @@ -14,7 +14,7 @@ "device_authorization_url": null, "scopes": [], "pkce": false, - "client_secret_handling": "basic", + "authorization_method": "basic", "supports_device_code": false, "supports_dcr": false }, diff --git a/src/authsome/auth/bundled_providers/x.json b/src/authsome/auth/bundled_providers/x.json index 9f437ab4..48ba4d30 100644 --- a/src/authsome/auth/bundled_providers/x.json +++ b/src/authsome/auth/bundled_providers/x.json @@ -19,7 +19,7 @@ "offline.access" ], "pkce": true, - "client_secret_handling": "basic", + "authorization_method": "basic", "supports_device_code": false, "supports_dcr": false }, diff --git a/src/authsome/auth/flows/base.py b/src/authsome/auth/flows/base.py index ce5bad90..c640f118 100644 --- a/src/authsome/auth/flows/base.py +++ b/src/authsome/auth/flows/base.py @@ -88,11 +88,14 @@ async def revoke( if not revocation_url: return - use_basic = provider.oauth.client_secret_handling == "basic" if provider.oauth else False + use_basic = provider.oauth.authorization_method == "basic" if provider.oauth else False def _do_revoke(token: str, token_type: str) -> None: payload: dict[str, str] = {"token": token} - if not use_basic: + auth: tuple[str, str] | None = None + if use_basic: + auth = (client_id or "", client_secret or "") + else: if client_id: payload["client_id"] = client_id if client_secret: @@ -100,9 +103,8 @@ def _do_revoke(token: str, token_type: str) -> None: try: http_client.post( revocation_url, - data=None if use_basic else payload, - json=payload if use_basic else None, - auth=(client_id or "", client_secret or "") if use_basic else None, + data=payload, + auth=auth, timeout=15, ) except Exception as exc: diff --git a/src/authsome/auth/flows/dcr_pkce.py b/src/authsome/auth/flows/dcr_pkce.py index a4d4a9bd..f0ec9a46 100644 --- a/src/authsome/auth/flows/dcr_pkce.py +++ b/src/authsome/auth/flows/dcr_pkce.py @@ -239,17 +239,19 @@ async def _exchange_code( # noqa: PLR0913 "code_verifier": code_verifier, } - use_basic = provider.oauth.client_secret_handling == "basic" - if not use_basic: + use_basic = provider.oauth.authorization_method == "basic" + auth: tuple[str, str] | None = None + if use_basic: + auth = (client_id, client_secret or "") + else: body["client_id"] = client_id if client_secret: body["client_secret"] = client_secret resp = http_client.post( provider.oauth.token_url, - data=None if use_basic else body, - json=body if use_basic else None, - auth=(client_id, client_secret or "") if use_basic else None, + data=body, + auth=auth, headers={"Accept": "application/json"}, timeout=30, ) diff --git a/src/authsome/auth/models/provider.py b/src/authsome/auth/models/provider.py index dcf27337..51f76bd7 100644 --- a/src/authsome/auth/models/provider.py +++ b/src/authsome/auth/models/provider.py @@ -18,7 +18,6 @@ class OAuthConfig(BaseModel): device_authorization_url: str | None = None #: ``json`` = poll token URL with ``POST`` JSON body ``{"device_code": "..."}`` (e.g. Postiz CLI auth). device_token_request: Literal["oauth2_form", "json"] = "oauth2_form" - client_secret_handling: Literal["post", "basic"] = "post" scopes: list[str] = Field(default_factory=list) authorization_params: dict[str, str] = Field(default_factory=dict) pkce: bool = True