[Generic] extra_params not exposed for the authorize requestSee original GitHub issue
We are making various requests while working with authz (authorization) and authn (authentication). A common request is to do the initial authorization request with client_id,scope and response_type, redirect_uri etc. This is done in the
oauth2.py file by relying on a tornado function that the class has inherited and can be read about here.
As we can see, we use the
extra_params in a hardcoded fashion passing only a state, something very important to protect against CSRF to be explained elsewhere. But, we may want to pass additional parameters in this request, for example I’m now required by Okta to pass along one more to work well with them (which sadly is absurd).
Anyhow, we should allow this parameters to be configurable I think. But, also note that since we will make multiple types of request, we must scope the parameters to the associated request. I know the
generic.py file defines a
But this extra_params is only used in the second request associated with OAUTH2_TOKEN_URL, the request of a token which can be used to fetch user information from the userinfo endpoint.
We can now using
GenericOAuthenticator configure the extra params passed to the
OAUTH2_TOKEN_URL, but we cannot configure the params passed to
OAUTH2_USERDATA_URL or the initial request to
We add traitlets to configure this, and name them related to AUTHORIZE, TOKEN, USERDATA.
NOTE: USERDATA is typically referred to as USERINFO in the Open ID Connect (OIDC) specifications (
- Created 5 years ago
- Comments:8 (4 by maintainers)
Top GitHub Comments
I faced the same challenge today and it’s not straight forward. Finally I fixed it by reading the code.
My impression was that
extra_params will be used for the authorization request as well, but it’s not.
The quick-fix was to add my own custom parameter to the environment variable.