-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reddit OAuth2 401 Client Error Unauthorized #440
Comments
Closing, too old, and not a problem at the moment. Reopen if needed. |
Still a problem. Please re-open. In debug page shown because of exception, a few frames from the end, showing local variables: social/backends/oauth.py in request_access_token kwargs {
'auth': None,
'data': { 'client_id': 'zhFG9g',
'client_secret': 'ssJb3WWrttdz6I',
'code': 'nBOjFdLuqNM4k',
'grant_type': 'authorization_code',
'redirect_uri': 'http://boogs.example.com/redirect/reddit'},
'headers': {'Authorization': 'Basic '
"b'emhGdHp6YmtyeDVNBZmFqdFdydHRkejZJ'",
'User-Agent': 'python-social-auth-0.2.12'},
'method': 'POST'} |
This seems more likely to be right. Note ".decode()"
|
chadmiller
pushed a commit
to chadmiller/python-social-auth
that referenced
this issue
Nov 10, 2015
In omab#440, we learn the reddit authorization string that composes key and secret into a base-64 string leaves it as a bytestring, and then tries in python3 tries to insert it into a unicode literal. That adds its repr format "b'foo'" in the auth, which is wrong. Instead encode the base64 string back to unicode. The b64 format is guaranteed to be 7-bit safe, so even lame default encodings should handle it fine.
S01780
added a commit
to S01780/python-social-auth
that referenced
this issue
Mar 28, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ran into a 401 issue today when using psa for Reddit with python3. The bug arises from unicode/byte problems (surprise! It's python3).
Basically, the RedditOAuth2 backend authentication header is malformed because
Note the extra enclosing
" "
. I hacked around the problem by replacing the following inreddit.py
:Of course, this won't work if the key and/or secret are byte strings.
On a philosophical level, it seems to me that the "right" way to solve this problem is to require that all URIs, application keys, client secrets, etc. be binary strings (since, if I understand correctly, that's what they really are).
But don't try this right now or you'll run into a world of hurt. For example, you'll get this problem in the StripeOAuth2 backend if a developer encodes the client secret as a byte string.
-Mike
The text was updated successfully, but these errors were encountered: