Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Flask ResourceProtector is not compatible with Flask 2
See original GitHub issueDescribe the bug
After upgrading Flask to version 2, view decorated with ResourceProtector responds with 500 instead of 401.
Error Stacks
ERROR [app:log_exception:1454]: Exception on /oauth/userinfo [GET] []
Traceback (most recent call last):
File "my-venv/lib/python3.9/site-packages/flask/app.py", line 1718, in make_response
rv = self.response_class.force_type(rv, request.environ) # type: ignore # noqa: B950
File "my-venv/lib/python3.9/site-packages/werkzeug/wrappers/response.py", line 263, in force_type
response = Response(*run_wsgi_app(response, environ))
File "my-venv/lib/python3.9/site-packages/werkzeug/test.py", line 1229, in run_wsgi_app
app_rv = app(environ, start_response)
File "my-venv/lib/python3.9/site-packages/werkzeug/exceptions.py", line 221, in __call__
response = t.cast("WSGIResponse", self.get_response(environ))
File "my-venv/lib/python3.9/site-packages/werkzeug/exceptions.py", line 209, in get_response
headers = self.get_headers(environ, scope)
TypeError: get_headers() takes from 1 to 2 positional arguments but 3 were given
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "my-venv/lib/python3.9/site-packages/flask/app.py", line 2070, in wsgi_app
response = self.full_dispatch_request()
File "my-venv/lib/python3.9/site-packages/flask/app.py", line 1516, in full_dispatch_request
return self.finalize_request(rv)
File "my-venv/lib/python3.9/site-packages/flask/app.py", line 1535, in finalize_request
response = self.make_response(rv)
File "my-venv/lib/python3.9/site-packages/flask/app.py", line 1720, in make_response
raise TypeError(
File "my-venv/lib/python3.9/site-packages/flask/app.py", line 1718, in make_response
rv = self.response_class.force_type(rv, request.environ) # type: ignore # noqa: B950
File "my-venv/lib/python3.9/site-packages/werkzeug/wrappers/response.py", line 263, in force_type
response = Response(*run_wsgi_app(response, environ))
File "my-venv/lib/python3.9/site-packages/werkzeug/test.py", line 1229, in run_wsgi_app
app_rv = app(environ, start_response)
File "my-venv/lib/python3.9/site-packages/werkzeug/exceptions.py", line 221, in __call__
response = t.cast("WSGIResponse", self.get_response(environ))
File "my-venv/lib/python3.9/site-packages/werkzeug/exceptions.py", line 209, in get_response
headers = self.get_headers(environ, scope)
TypeError: get_headers() takes from 1 to 2 positional arguments but 3 were given
The view function did not return a valid response. The return type must be a string, dict, tuple, Response instance, or WSGI callable, but it was a _HTTPException.
To Reproduce
A minimal example to reproduce the behavior:
from authlib.integrations.flask_oauth2 import ResourceProtector, AuthorizationServer
from authlib.oauth2.rfc6750 import BearerTokenValidator
from flask import Flask
app = Flask(__name__)
authorization = AuthorizationServer()
require_oauth = ResourceProtector()
authorization.init_app(app)
require_oauth.register_token_validator(BearerTokenValidator())
@require_oauth("scope")
def hello_world():
return 'Hello, World!'
app.add_url_rule('/', view_func=hello_world)
Expected behavior
401 error with payload:
{
"error": "missing_authorization",
"error_description": "Missing \"Authorization\" in headers."
}
Environment:
- Python Version: 3.9.1
- Authlib Version: 0.15.3
Additional context
Flask 2 requires handling of all exceptions underneath, and expects Response or some compatible return type.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:5
- Comments:9 (5 by maintainers)
Top Results From Across the Web
API References of Flask OAuth 2.0 Server - Authlib
This part of the documentation covers the interface of Flask OAuth 2.0 Server. Validate authorization request and create authorization response. request – HTTP ......
Read more >Changes — Flask Documentation (2.2.x)
Python 2.6 and 3.3 are no longer supported. Bump minimum dependency versions to the latest stable versions: Werkzeug >= 0.14, Jinja >= 2.10,...
Read more >Flask Azure AD OAuth Provider - PyPI
Purpose. Provide an AuthLib Resource Protector/Server to authenticate and authorise users and applications using a Flask application with OAuth functionality ...
Read more >python 3.x - Flask Version Incompatibility issue - Stack Overflow
Flask -Restful was no longer compatible with the recently released Flask 2.0. A fix was applied some hours ago:.
Read more >Using OAuth2 with Flask-REST-JSONAPI
A Client must provide it's client information to obtain an access token. Methods to do this are the following: None – public client...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Pull request with the back port: https://github.com/lepture/authlib/pull/371.
If 1.0.0 is not ready yet, I would suggest backporting this patch for a 0.15.5 as there is presently no workaround for this, except downgrading flask, and this is not always possible.
What do you think @lepture ?