0

I launched this example server and registered a user app. I am trying to simply see something at least working, but it is pretty difficult. I am not sure if this authlib library is completely messed up or am I doing something wrong. So I fill everything like this, and get a response, that Authorization is not provided in header. If I switch to Headers tab and add header named "Authorization" and write something in value field, I get response that I provided invalid token. But as I understand, Insomnia handles this and 1: gets token 2: performs request that I want (in this case GET:/api/me). So where is problem, why this library won't work as expected?

image 1 image 2

Ignas
  • 389
  • 2
  • 13

1 Answers1

2

I don't know Insomnia. But here is a basic concept of OAuth2: https://docs.authlib.org/en/latest/basic/oauth2.html

Make sure you have created your client with client_credentials grant type enabled.

Then send a POST as:

POST /oauth/token
Authorization: Basic base64(client_id:client_secret)

grant_type=client_credentials&scope=profile

The server will return a token to you, then you can use this token to query /api/me:

GET /api/me
Authorization: Bearer token-string

The problem should be how to use Insomnia which I don't know. My suggestion is that you read the documentation first https://docs.authlib.org/en/latest/flask/2/index.html then you can read the source code of the example.

Answering @kcorlidy

^^^ it needs bearer-auth and token, but server never write token into database

That is done by:

save_token = create_save_token_func(db.session, OAuth2Token)
authorization = AuthorizationServer(
    query_client=query_client,
    save_token=save_token,  # NOTICE HERE
)
lepture
  • 2,307
  • 16
  • 18