Giter Club home page Giter Club logo

authing-py-sdk's Issues

What is the `./pub.pem` file? 

In [9]: client = Authing(clientId, secret) 
   ...:                                                                                                                       
---------------------------------------------------------------------------
FileNotFoundError                         Traceback (most recent call last)
<ipython-input-9-4ad802168686> in <module>
----> 1 client = Authing(clientId, secret)

~/pro/trade-server/env/lib/python3.7/site-packages/authing/authing.py in __init__(self, clientId, secret, userToken)
    132         }
    133 
--> 134         with open('./pub.pem', mode='rb') as pubFile:
    135             keyData = pubFile.read()
    136             self.pubKey = rsa.PublicKey.load_pkcs1_openssl_pem(keyData)

FileNotFoundError: [Errno 2] No such file or directory: './pub.pem'

Any related document?

Bug: incorrect `use_unverified_ssl` variable usage

Description

https://github.com/Authing/authing-py-sdk/blob/0e0e0aa82e500f5667aa8b26e1a00e11720b7c2b/authing/http/ManagementHttpClient.py#L12C62-L12C62

https://github.com/Authing/authing-py-sdk/blob/0e0e0aa82e500f5667aa8b26e1a00e11720b7c2b/authing/http/ManagementHttpClient.py#L35C14-L35C14

Minimal code-snippet showcasing the problem

        self.use_unverified_ssl = use_unverified_ssl or FALSE
        ...
        verify = not self.use_unverified_ssl
        r = requests.request(..., verify=verify, ...)

not FALSE is False

Expected behavior

respect the https verification requirement

Actual behavior

/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host 'api.authing.cn'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings

Bug: 调用authentication_client.get_user_info_by_access_token方法报错

Description

Minimal code-snippet showcasing the problem

authentication_client = AuthenticationClient(
    app_id='x',
    app_host="x",
    app_secret='x',
)
token = "x"
authentication_client.get_user_info_by_access_token(token)

Expected behavior

返回用户资料

Actual behavior

return session.request(method=method, url=url, **kwargs)
E           TypeError: request() got an unexpected keyword argument 'token'

我看了下代码,应该在ProtocolHttpClient的request方法内添加如下内容:

if "token" in kwargs:
    headers["authorization"] = "Bearer %s" % kwargs.pop("token")

添加后可以正常调用该方法。

GraphQL client should not be initialized for every request

authing-py-sdk/authing/v2/common/graphql.py

Lines 41 to 42 in 4f0dece

transport = RequestsHTTPTransport(self.endpoint, headers=headers, verify=not self.options.use_unverified_ssl)
client = Client(transport=transport, fetch_schema_from_transport=True)

The fetch_schema_from_transport has been enabled by default and thus each client initialization would preflight with a redundant schema introspection request. The GraphQL client should be cached if a token has not expired for performance improvement.

Feature: id_token verification in server-side <your-title-goes-here>

Description

服务端获取到code之后换取access_token和id_token,但是AuthenticationClient Class有验证access_token的合法性的函数,没有验证id_token的合法性的函数。然而官方文档 描述是有个 validate_token方法验证id_token的合法性的。是否可以加上这个函数?

Proposed solution

希望添加validate_token方法验证id_token的合法性

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.