From 5a4b9fe45d50c0e90237fccb0b66e9f3601eabd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20=22decko=22=20de=20Brito?= Date: Mon, 26 Aug 2024 20:42:42 -0300 Subject: [PATCH] Add new guard clause to the oauth2 client credentials flow. [noissue] --- CHANGES/+guard_clause_scope.misc | 1 + pulp-glue/pulp_glue/common/authentication.py | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 CHANGES/+guard_clause_scope.misc diff --git a/CHANGES/+guard_clause_scope.misc b/CHANGES/+guard_clause_scope.misc new file mode 100644 index 000000000..3dd36d6fa --- /dev/null +++ b/CHANGES/+guard_clause_scope.misc @@ -0,0 +1 @@ +Add a guard clause to the OAuth2 Client Credentials grant flow to avoid sending empty scopes to token issuer. diff --git a/pulp-glue/pulp_glue/common/authentication.py b/pulp-glue/pulp_glue/common/authentication.py index 646ee5306..1f44b98ce 100644 --- a/pulp-glue/pulp_glue/common/authentication.py +++ b/pulp-glue/pulp_glue/common/authentication.py @@ -78,10 +78,12 @@ def retrieve_token(self) -> None: data = { "client_id": self.client_id, "client_secret": self.client_secret, - "scope": " ".join(self.scopes), "grant_type": "client_credentials", } + if scope := " ".join(self.scopes): + data["scope"] = scope + response: requests.Response = requests.post(self.token_url, data=data) response.raise_for_status()