Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Generic] extra_params not exposed for the authorize request

See original GitHub issue

We are making various requests while working with authz (authorization) and authn (authentication). A common request is to do the initial authorization request with client_id,scope and response_type, redirect_uri etc. This is done in the file by relying on a tornado function that the class has inherited and can be read about here.

As we can see, we use the extra_params in a hardcoded fashion passing only a state, something very important to protect against CSRF to be explained elsewhere. But, we may want to pass additional parameters in this request, for example I’m now required by Okta to pass along one more to work well with them (which sadly is absurd).

Anyhow, we should allow this parameters to be configurable I think. But, also note that since we will make multiple types of request, we must scope the parameters to the associated request. I know the file defines a extra_params traitlet:

But this extra_params is only used in the second request associated with OAUTH2_TOKEN_URL, the request of a token which can be used to fetch user information from the userinfo endpoint.


We can now using’s GenericOAuthenticator configure the extra params passed to the OAUTH2_TOKEN_URL, but we cannot configure the params passed to OAUTH2_USERDATA_URL or the initial request to OAUTH2_AUTHORIZE_URL.


We add traitlets to configure this, and name them related to AUTHORIZE, TOKEN, USERDATA.

NOTE: USERDATA is typically referred to as USERINFO in the Open ID Connect (OIDC) specifications (authorization_endpoint, token_endpoint, userinfo_endpoint)

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:2
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

d0m84commented, Jul 3, 2019

I faced the same challenge today and it’s not straight forward. Finally I fixed it by reading the code. My impression was that extra_params will be used for the authorization request as well, but it’s not.

The quick-fix was to add my own custom parameter to the environment variable.


consideRatiocommented, Oct 26, 2020

It is my understanding from #338 that this is resolved now by configuring extra_authorize_params! Thank you @NickolausDS!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Custom Authorize params (extraParams) - Auth0 Community
I'm using WebAuth from auth0-js for a SPA. I'd like to pass the initialScreen: 'signUp' option based on if a user has clicked...
Read more >
AuthSession - Expo Documentation
The Expo Auth service saves away the returnUrl (and if it is not a published URL or ... Used to manage an authorization...
Read more >
@poppinss/oauth-client - npm
A package to implement "Login with" flow using OAuth compliant authorization servers.. Latest version: 4.0.2, last published: 7 months ago.
Read more >
RFC 6749: The OAuth 2.0 Authorization Framework
The client credentials as well as any access token issued to the client are stored on the web server and are not exposed...
Read more >
JSDoc: Source: http-api.js
accessToken The access_token to send with requests. Can be * null to not send an access token. * @param {Object=} opts.extraParams Optional.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found