From acfdfaa63fc061f2ea59131226f268aabc50c596 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Tue, 11 Feb 2025 23:41:56 +0530 Subject: [PATCH 1/2] Fix: Unauthorized Access Error For PAR --- .../pushed_authorization_requests.py | 14 +++++++++----- auth0/rest.py | 6 ++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/auth0/authentication/pushed_authorization_requests.py b/auth0/authentication/pushed_authorization_requests.py index 0d5492bc..b5ee7a7c 100644 --- a/auth0/authentication/pushed_authorization_requests.py +++ b/auth0/authentication/pushed_authorization_requests.py @@ -2,6 +2,8 @@ from .base import AuthenticationBase +from urllib.parse import urlencode + class PushedAuthorizationRequests(AuthenticationBase): """Pushed Authorization Request (PAR) endpoint""" @@ -21,12 +23,14 @@ def pushed_authorization_request( See: https://www.rfc-editor.org/rfc/rfc9126.html """ - return self.authenticated_post( + return self.post( f"{self.protocol}://{self.domain}/oauth/par", - data={ - "client_id": self.client_id, + data=urlencode({ + "client_id":self.client_id, + "client_secret":self.client_secret, "response_type": response_type, "redirect_uri": redirect_uri, **kwargs, - }, - ) + }), + headers={"Content-Type": "application/x-www-form-urlencoded"}, + ) \ No newline at end of file diff --git a/auth0/rest.py b/auth0/rest.py index 0b91323d..146b5976 100644 --- a/auth0/rest.py +++ b/auth0/rest.py @@ -152,6 +152,12 @@ def _request( # Reset the metrics tracker self._metrics = {"retries": 0, "backoff": []} + if data is None and json is not None and headers: + content_type = headers.get("Content-Type", "").lower() # Get Content-Type + if "application/x-www-form-urlencoded" in content_type: + data = json # Copy JSON data into data + json = None # Prevent JSON from being sent + kwargs = { k: v for k, v in { From d8e14f8d431160f7b93c728c50f3bcfde0992a5f Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Wed, 12 Feb 2025 17:43:29 +0530 Subject: [PATCH 2/2] Making the logic unit test compatible --- auth0/authentication/pushed_authorization_requests.py | 7 +++---- auth0/rest.py | 3 ++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/auth0/authentication/pushed_authorization_requests.py b/auth0/authentication/pushed_authorization_requests.py index b5ee7a7c..12c4fc97 100644 --- a/auth0/authentication/pushed_authorization_requests.py +++ b/auth0/authentication/pushed_authorization_requests.py @@ -2,7 +2,6 @@ from .base import AuthenticationBase -from urllib.parse import urlencode class PushedAuthorizationRequests(AuthenticationBase): @@ -23,14 +22,14 @@ def pushed_authorization_request( See: https://www.rfc-editor.org/rfc/rfc9126.html """ - return self.post( + return self.authenticated_post( f"{self.protocol}://{self.domain}/oauth/par", - data=urlencode({ + data={ "client_id":self.client_id, "client_secret":self.client_secret, "response_type": response_type, "redirect_uri": redirect_uri, **kwargs, - }), + }, headers={"Content-Type": "application/x-www-form-urlencoded"}, ) \ No newline at end of file diff --git a/auth0/rest.py b/auth0/rest.py index 146b5976..196ad7ac 100644 --- a/auth0/rest.py +++ b/auth0/rest.py @@ -7,6 +7,7 @@ from random import randint from time import sleep from typing import TYPE_CHECKING, Any, Mapping +from urllib.parse import urlencode import requests @@ -155,7 +156,7 @@ def _request( if data is None and json is not None and headers: content_type = headers.get("Content-Type", "").lower() # Get Content-Type if "application/x-www-form-urlencoded" in content_type: - data = json # Copy JSON data into data + data = urlencode(json) # Copy JSON data into data json = None # Prevent JSON from being sent kwargs = {