2

I'm trying to setup the token authentication but when I try to get a token, i get this error. Endpoint is '/o/token/'. When i POST a wrong client_id or a wrong grant_type, i receive the response i expect:

{
    "error": "invalid_client"
}

or

{
    "error": "unsupported_grant_type"
}

But when sending the actual data (grant_type, client_id, username, password) it crashes:

Internal Server Error: /o/token/
Traceback (most recent call last):
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/core/handlers/base.py", line 115, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/core/handlers/base.py", line 113, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/utils/decorators.py", line 43, in _wrapper
    return bound_method(*args, **kwargs)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/views/generic/base.py", line 97, in dispatch
    return handler(request, *args, **kwargs)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/utils/decorators.py", line 43, in _wrapper
    return bound_method(*args, **kwargs)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper
    return view(request, *args, **kwargs)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauth2_provider/views/base.py", line 260, in post
    url, headers, body, status = self.create_token_response(request)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauth2_provider/views/mixins.py", line 124, in create_token_response
    return core.create_token_response(request)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauth2_provider/oauth2_backends.py", line 145, in create_token_response
    headers, extra_credentials)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauthlib/oauth2/rfc6749/endpoints/base.py", line 116, in wrapper
    return f(endpoint, uri, *args, **kwargs)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauthlib/oauth2/rfc6749/endpoints/token.py", line 119, in create_token_response
    request, self.default_token_type)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py", line 101, in create_token_response
    self.validate_token_request(request)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py", line 184, in validate_token_request
    request.password, request.client, request):
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauth2_provider/oauth2_validators.py", line 611, in validate_user
    u = authenticate(request, username=username, password=password)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/django/contrib/auth/__init__.py", line 72, in authenticate
    user = backend.authenticate(request, **credentials)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauth2_provider/backends.py", line 17, in authenticate
    valid, r = OAuthLibCore.verify_request(request, scopes=[])
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauth2_provider/oauth2_backends.py", line 172, in verify_request
    uri, http_method, body, headers = self._extract_params(request)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauth2_provider/oauth2_backends.py", line 58, in _extract_params
    uri = self._get_escaped_full_path(request)
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauth2_provider/oauth2_backends.py", line 34, in _get_escaped_full_path
    parsed = list(urlparse(request.get_full_path()))
  File "/home/ben/.local/share/virtualenvs/riven-Lpl_ShSG/lib/python3.7/site-packages/oauthlib/common.py", line 436, in __getattr__
    raise AttributeError(name)
AttributeError: get_full_path
[12/Mar/2020 07:51:30] "POST /o/token/ HTTP/1.1" 500 177519

Somewhen token.py creates a 'oauthlib.Request' which has no property 'get_full_path'. Has someone ever had the same problem or might know what could cause this? I run out of ideas :(

  • Python 3.7
  • Django 3.0.4
  • djangorestframework 3.11.0
  • django-oauth-toolkit 1.3.0
  • oauthlib 3.1.0
Ben deLux
  • 21
  • 1
  • 1
    This is almost a year later, but I just came across this upgrading to django-oauth-toolkit 1.3.0. The only way I can reproduce this is if I have a user row in the database with a username & email that is different (in one project I let them sign in with either) and if the username you pass doesn't match the username in the database & instead the email. i.e. ID: 1, Username: mike, Email: mike@test.com Trying to login with mike@test.com throw sthe error when in previous versions it didn't. The code isn't straight forward, but it looks like it fails validation & request get's messed up. – Mike Helmick Feb 28 '21 at 03:43
  • @MikeHelmick thank you so much for your comment, I actually experienced this problem while curling and trying to authenticate with username, not email. I downgraded the django-oauth-toolkit and now it is working – fanny Sep 13 '21 at 13:41

0 Answers0