Search code examples
python-requestsauthlibinsomnia

Failed testing authlib with Insomnia tool

I launched this example server and registered a user app. I am trying to simply see something at least working, but it is pretty difficult. I am not sure if this authlib library is completely messed up or am I doing something wrong. So I fill everything like this, and get a response, that Authorization is not provided in header. If I switch to Headers tab and add header named "Authorization" and write something in value field, I get response that I provided invalid token. But as I understand, Insomnia handles this and 1: gets token 2: performs request that I want (in this case GET:/api/me). So where is problem, why this library won't work as expected?

image 1 image 2

Solution

  • I don't know Insomnia. But here is a basic concept of OAuth2: https://docs.authlib.org/en/latest/basic/oauth2.html

    Make sure you have created your client with client_credentials grant type enabled.

    Then send a POST as:

    POST /oauth/token
Authorization: Basic base64(client_id:client_secret)

grant_type=client_credentials&scope=profile

    The server will return a token to you, then you can use this token to query /api/me:

    GET /api/me
Authorization: Bearer token-string

    The problem should be how to use Insomnia which I don't know. My suggestion is that you read the documentation first https://docs.authlib.org/en/latest/flask/2/index.html then you can read the source code of the example.

    Answering @kcorlidy

    ^^^ it needs bearer-auth and token, but server never write token into database

    That is done by:

    save_token = create_save_token_func(db.session, OAuth2Token)
authorization = AuthorizationServer(
    query_client=query_client,
    save_token=save_token,  # NOTICE HERE
)