Issue with python authlib and content-type header

Questions
1

I am trying to setup a flask server because the underlying library outlined in oktas guide is abandoned and has security problems.

So I found a supported library called authlib with flask support.

Here’s how I instance the library

from authlib.integrations.flask_client import OAuth

oauth = OAuth(app)
oauth.register(
    name='oidc_client',#'okta',
    client_id='xxxx',
    client_secret='yyyyyyyyyy',
    request_token_url='https://dev-1.okta.com/oauth2/default/v1/token',
    access_token_url='https://dev-1.okta.com/oauth2/default/v1/token',
    #access_token_url='https://dev-1.okta.com/oauth2/default/v1/authorize', # i tried this too
    authorize_url='https://dev-1.okta.com/oauth2/default/v1/authorize',
    api_base_url='https://dev-1.okta.com/oauth2/',
)

The problem happens when I try to authenticate I get this error:

authlib.integrations.base_client.errors.OAuthError: fetch_token_denied: Token request failed with code 400, response was ‘{“errorCode”:“E0000021”,“errorSummary”:“Bad request. Accept and/or Content-Type headers likely do not match supported values.”,“errorLink”:“E0000021”,“errorId”:“oaeHlsSPdOrQ-K0_5iOT0nnhA”,“errorCauses”:}’.

Any ideas? Are there overrides I can set to fix the header? Is it related to this? ```

2

For anyone stuck where I was, here is the proper settings I used to overcome my issues. The issue was request_token_url makes the library use oauth 1.0 I think.

After this you should be able to retrieve the profile credentials and whatnot and use a flask session object to store them securely.

oauth.register(
    name='oidc_client',#'okta',
    client_id='xxxxx',
    client_secret='yyyyy',
    access_token_url='https://dev-1.okta.com/oauth2/default/v1/token',
    authorize_url='https://dev-1.okta.com/oauth2/default/v1/authorize',
    redirect_uri='http://localhost:5000/authorize',
    api_base_url='https://dev-1.okta.com/oauth2/',
    client_kwargs={'scope': 'openid'}
)
3

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.