discours.io/core
5
0
Fork 0
Code Pull Requests Actions Projects Activity

oauth-fix
All checks were successful
Deploy on push / deploy (push) Successful in 2m55s
Details

Browse Source
This commit is contained in:
Untone
2025-09-28 20:34:26 +03:00
parent d1e35dd8b1
commit 9b727ac9ca
1 changed files with 46 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
auth/oauth.py
View File

@@ -2,6 +2,7 @@ import time
from secrets import token_urlsafe from secrets import token_urlsafe
from typing import Any, Callable from typing import Any, Callable
import httpx
import orjson import orjson
from authlib.integrations.starlette_client import OAuth from authlib.integrations.starlette_client import OAuth
from authlib.oauth2.rfc7636 import create_s256_code_challenge from authlib.oauth2.rfc7636 import create_s256_code_challenge
@@ -686,14 +687,30 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon
logger.info(f"🔧 Using OAuth without PKCE for {provider}") logger.info(f"🔧 Using OAuth without PKCE for {provider}")
logger.info(f"🔧 Callback URI: {callback_uri}") logger.info(f"🔧 Callback URI: {callback_uri}")
# Используем более низкоуровневый подход для передачи redirect_uri # Используем внутренний HTTP клиент для прямого запроса к token endpoint
token = await client.fetch_token(
client.token_endpoint, token_data = {
grant_type="authorization_code", "grant_type": "authorization_code",
code=code, "code": code,
redirect_uri=callback_uri, "redirect_uri": callback_uri,
client_id=client.client_id, "client_id": client.client_id,
) }
# Для некоторых провайдеров может потребоваться client_secret
if hasattr(client, "client_secret") and client.client_secret:
token_data["client_secret"] = client.client_secret
async with httpx.AsyncClient() as http_client:
response = await http_client.post(
client.token_endpoint, data=token_data, headers={"Accept": "application/json"}
)
if response.status_code != 200:
error_msg = f"Token request failed: {response.status_code} - {response.text}"
logger.error(f"{error_msg}")
raise ValueError(error_msg)
token = response.json()
else: else:
# Провайдеры с PKCE поддержкой # Провайдеры с PKCE поддержкой
code_verifier = oauth_data.get("code_verifier") code_verifier = oauth_data.get("code_verifier")
@@ -705,15 +722,27 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon
logger.info(f"🔧 Code verifier length: {len(code_verifier) if code_verifier else 0}") logger.info(f"🔧 Code verifier length: {len(code_verifier) if code_verifier else 0}")
logger.info(f"🔧 Callback URI: {callback_uri}") logger.info(f"🔧 Callback URI: {callback_uri}")
# Используем более низкоуровневый подход для передачи redirect_uri # Используем внутренний HTTP клиент для прямого запроса к token endpoint
token = await client.fetch_token(
client.token_endpoint, token_data = {
grant_type="authorization_code", "grant_type": "authorization_code",
code=code, "code": code,
redirect_uri=callback_uri, "redirect_uri": callback_uri,
code_verifier=code_verifier, "client_id": client.client_id,
client_id=client.client_id, "code_verifier": code_verifier,
) }
async with httpx.AsyncClient() as http_client:
response = await http_client.post(
client.token_endpoint, data=token_data, headers={"Accept": "application/json"}
)
if response.status_code != 200:
error_msg = f"Token request failed: {response.status_code} - {response.text}"
logger.error(f"{error_msg}")
raise ValueError(error_msg)
token = response.json()
except Exception as e: except Exception as e:
logger.error(f"❌ Failed to fetch access token for {provider}: {e}", exc_info=True) logger.error(f"❌ Failed to fetch access token for {provider}: {e}", exc_info=True)
logger.error(f"❌ Request URL: {request.url}") logger.error(f"❌ Request URL: {request.url}")