Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an option to use custom auth request parameters #178

Open
sky-code opened this issue Sep 10, 2024 · 4 comments
Open

Add an option to use custom auth request parameters #178

sky-code opened this issue Sep 10, 2024 · 4 comments
Labels
enhancement

Comments

@sky-code
Copy link

This API is not working out of the box with current auth implementaiton
https://docs.athenahealth.com/api/guides/token-endpoint#3legged_Token_Generation_2

fhirclient.server.FHIRServer.post_as_form sends client_id and client_secret in basic auth header, but for API above those parameters must be sent in request body and there is no way to change that except of monkey patching.

I do monkey patching right before handle_callback call to make it work

def post_as_form(self_, url, formdata, auth=None):
    # monkey-patch fhirclient.server.FHIRServer.post_as_form
    formdata["client_id"] = auth[0]
    formdata["client_secret"] = auth[1]
    res = self_.session.post(url, data=formdata)
    self_.raise_for_status(res)
    patch_response_json(res)
    return res


self.fhir_client.server.post_as_form = post_as_form.__get__(self.fhir_client.server)

It would be nice to have some way to do that with options instead.
@mikix
Copy link
Contributor

mikix commented Sep 10, 2024

Do you know if Athena complains if you also send it basic auth? Curious if we could just send both unconditionally - would need to test on other servers too

@sky-code
Copy link
Author

I did some testing, when sending auth in header:
res = self_.session.post(url, data=formdata, auth=auth)
returns 401 Unauthorized

'{
    "error": "Invalid Request",
    "detailedmessage": "Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body."
}
'

both header and body:

formdata["client_id"] = auth[0]
formdata["client_secret"] = auth[1]
res = self_.session.post(url, data=formdata, auth=auth)

returns 401 Unauthorized

'{
    "error": "Invalid Request",
    "detailedmessage": "Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body."
}
'

only this option works when credentials sent in body without header

formdata["client_id"] = auth[0]
formdata["client_secret"] = auth[1]
res = self_.session.post(url, data=formdata)

returns 200 OK

@mikix
Copy link
Contributor

mikix commented Sep 12, 2024

OK thank you - so we need to either somehow detect / handle this case or allow more customization of the auth flow.

@sky-code
Copy link
Author

Not sure that detecting all such cases can be done reliable, more customization probably better option here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikix @sky-code