Add new guard clauses to the oauth2 client credentials flow.

Closes #1049
pulp · Aug 27, 2024 · 73a5c0a · 73a5c0a
1 parent 5d2d8e5
commit 73a5c0a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/CHANGES/1049.bugfix b/CHANGES/1049.bugfix
@@ -0,0 +1 @@
+Add some guard clauses to the OAuth2 Client Credentials grant flow to avoid loops and other issues.
diff --git a/pulp-glue/pulp_glue/common/authentication.py b/pulp-glue/pulp_glue/common/authentication.py
@@ -25,6 +25,9 @@ def __init__(
         self.access_token: t.Optional[str] = None
         self.expire_at: t.Optional[datetime] = None
 
+        if not any([client_id, client_secret, token_url]):
+            return None
+
     def __call__(self, request: requests.PreparedRequest) -> requests.PreparedRequest:
         if self.expire_at is None or self.expire_at < datetime.now():
             self.retrieve_token()
@@ -78,10 +81,12 @@ def retrieve_token(self) -> None:
         data = {
             "client_id": self.client_id,
             "client_secret": self.client_secret,
-            "scope": " ".join(self.scopes),
             "grant_type": "client_credentials",
         }
 
+        if scope := " ".join(self.scopes):
+            data["scope"] = scope
+
         response: requests.Response = requests.post(self.token_url, data=data)
 
         response.raise_for_status()