From cfbbaffd1d622fac7b464119f6659a8fbc65ac26 Mon Sep 17 00:00:00 2001 From: Alex Leach Date: Thu, 20 Feb 2025 06:14:11 +0000 Subject: [PATCH] feat: OAuth 2.0. Allow including client_id in backend app auth request. As per rfc6749 section-3.2.1, clients: > MAY use the "client_id" request parameter to identify itself when > sending requests to the token endpoint. This patch allows to include client_id in BackendAppFlow, for servers that require it. --- .../integrations/doctype/connected_app/connected_app.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/frappe/integrations/doctype/connected_app/connected_app.py b/frappe/integrations/doctype/connected_app/connected_app.py index 5a6e4f944c..15b1efd0fa 100644 --- a/frappe/integrations/doctype/connected_app/connected_app.py +++ b/frappe/integrations/doctype/connected_app/connected_app.py @@ -148,7 +148,7 @@ class ConnectedApp(Document): return token_cache - def get_backend_app_token(self): + def get_backend_app_token(self, include_client_id=None): """Get an Access Token for the Cloud-Registered Service Principal""" # There is no User assigned to the app, so we give it an empty string, # otherwise it will assign the logged in user. @@ -163,7 +163,11 @@ class ConnectedApp(Document): client = BackendApplicationClient(client_id=self.client_id, scope=self.get_scopes()) oauth_session = OAuth2Session(client=client) - token = oauth_session.fetch_token(self.token_uri, client_secret=self.get_password("client_secret")) + token = oauth_session.fetch_token( + self.token_uri, + client_secret=self.get_password("client_secret"), + include_client_id=include_client_id, + ) token_cache.update_data(token) token_cache.save(ignore_permissions=True)