[WIP][MIG] oauth_provider: Migration to 18.0 #828
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
augusto-weiss
force-pushed
the
18.0-mig-oauth_provider
branch
from
4dc1dee to
0e37c3d
Compare
augusto-weiss
force-pushed
the
18.0-mig-oauth_provider
branch
from
14650fb to
d734261
Compare
OCA Transbot updated translations from Transifex OCA Transbot updated translations from Transifex OCA Transbot updated translations from Transifex OCA Transbot updated translations from Transifex OCA Transbot updated translations from Transifex OCA Transbot updated translations from Transifex [UPD] Update oauth_provider.pot
Lines removed tries to write on `client_id` attribute of the `oauth.provider.client` which do not have such an attribute. Theses sentences seams useless, so I removed it.
This module uses the method `get_frontend_session_info()` from `ir.http`, and this method is defined in the web module.
The bug is introduced by commit d46db56. The oauth.provider.client model is used to fill the `request.client` field in the _load_client() method of the OdooValidator class. The oauthlib python library need that the `client` object set in the `request` by the OdooValidator must contain an attribute named `client_id` which must contain the identifier of the oauth.provider.client. In other words the `client_id` attribute of the `client` object must contain the `client_id` that is posted by the HTTP request to the server. Source here: https://github.com/oauthlib/oauthlib/blob/dab6a5ae1830ddd8a79c1e9687f63508eae60b57/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py#L471-L474 The client_id was previously not part of the `oauth.provider.client` odoo model because it conflict in term of nomenclature with the odoo way of defining fields name. So it was added on the fly after for the record given to the oauthlib. Now, its not allowed to add such field like this, and doing that without explanation is quite confusing. So now the field with a name that breaks the Odoo nomenclature is added with a comment so that we can understand the exception done here.
augusto-weiss
force-pushed
the
18.0-mig-oauth_provider
branch
from
d734261 to
8d4bb3b
Compare
P-H-Phuc
suggested changes
Sep 17, 2025
P-H-Phuc
left a comment
P-H-Phuc
left a comment
There was a problem hiding this comment.
Hi @augusto-weiss, I’ve suggested some changes for improving the authorization validation and opened a adhoc-dev/server-auth/pull#1 on your repo. Let me know what you think or if you have any ideas for further improvements.
[IMP] oauth_provider: get access_token from headers, remove werkzeug.wrappers.BaseResponse
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.