fusionauth / fusionauth-python-client Goto Github PK

Thanks for all your work on this library!

Small suggestion, but I believe making use of Python's optional parameters would greatly improve the usability of this library.

For example, the exchange_user_credentials_for_access_token method has 4 optional parameters, but they still need to be specified.

If I just wanted to specify the scope it would look like:

client.exchange_user_credentials_for_access_token(
  username='username', 
  password='password', 
  client_id=None, 
  client_secret=None, 
  scope='scope', 
  user_code=None)

However, I would prefer to do:

client.exchange_user_credentials_for_access_token(
  username='username',  
  password='password', 
  scope='scope')

This can be accomplished by changing the method signature to specify None for the optional parameters:

def exchange_user_credentials_for_access_token(self, 
  username, 
  password, 
  client_id=None, 
  client_secret=None, 
  scope=None, 
  user_code=None):

Let me know what you think. I can definitely put a PR up for this change!

Not sure if this is a needed part. Commenting this part out makes it run okay, but hey, not sure what I'm missing. The documentation of the Python code is lacking on your website.

[2022-08-11 09:16:40,469] ERROR in app: Exception on /oauth-callback [GET]
Traceback (most recent call last):
File "/home/michael/git/fusionauth-example-python-flask/venv/lib/python3.8/site-packages/flask/app.py", line 2525, in wsgi_app
response = self.full_dispatch_request()
File "/home/michael/git/fusionauth-example-python-flask/venv/lib/python3.8/site-packages/flask/app.py", line 1822, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/michael/git/fusionauth-example-python-flask/venv/lib/python3.8/site-packages/flask/app.py", line 1820, in full_dispatch_request
rv = self.dispatch_request()
File "/home/michael/git/fusionauth-example-python-flask/venv/lib/python3.8/site-packages/flask/app.py", line 1796, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File "/home/michael/git/fusionauth-example-python-flask/app/views.py", line 75, in oauth_callback
if registrations is None or len(registrations) == 0 or not any(r["applicationId"] == client_id for r in requirements):
NameError: name 'requirements' is not defined

It looks like search_users_by_ids does not work / never worked?

Reading to your API specs, it requires a parameter for each id. https://fusionauth.io/docs/apis/users#search-for-users
What it does however is somehow expecting a list of user ids and then converting that list value to a boolean value instead of looping trough all the ids and appending paramteres.

It could be changed in that way; however as this is auto-generated, I don't really know how to do it properly:

    uri = fa_client(tenant_id).start().uri("/api/user/search")
    for id in ids:
        uri.url_parameter("ids", id)
    search_res = await uri.get().go()

Hi,

This isn't a very useful issue sorry as I don't understand your build system, but, the package seems to be broken, both on PyPI and if I manually clone the repo and run setup.py

I managed to get it installing by moving the code around in src/ adjusting the setup.py and including requests as an install_requires but I didn't submit a pull request due to not understanding your larger build environment and guessing that would break it.

Cheers

Hi, I am using the python client to logout a user using this function logout(). After calling this function, the access_token remains invalid. I have tried this anonymous_client.logout_with_request() function but the results were same.

I have read these articles:
https://fusionauth.io/learn/expert-advice/tokens/revoking-jwts
https://fusionauth.io/learn/expert-advice/tokens/pros-and-cons-of-jwts
If I understood correctly, this is the intended behaviour but I can still achieve the desired behaviour using JWTManager. But I could not find JWTManager for the python client.

So, in summary, is there any way to invalidate access_token when a user logs out.

Versions
Fusionauth-client 1.31
FusionAuth 1.31

The documentation and/or test case coverage for this package is woefully lacking.

For example: I just took several hours of debugging, including stepping into this package code, to discover the correct format for the "request" parameter in the update_user(id,request) function (hint: you don't include the 'user' key).

Could you please add an example for each call or document the usage more carefully?

Can types be added? There are a lot of data structures coming back from the fusionauth API. It would be really helpful if they were defined here.

A lot of the examples and clients are based on rather old Python stylings.
Would be nice to have a python client that can work asynchronously.
Addtionally, documentation would be better moved into FastAPI for the following reasons:

• Depends, Requests, Response, cookies, etc. look much more clean and less ambiguous than in Flask.
• Doesn't require the boilerplate of django
• Newer features such as async support which is pretty important in a language like python where synchronous code can block threads in a high-level (aka SLOW) language.

Hi,
I might have understood the protocols wrong but I was looking for the introspect endpoint in the client with no luck. Why is it and some other endpoints missing? Are they not needed in backends perhaps?

Trying to search identity provider by its name:

 client.search_identity_providers({"search.name": "test"})

it returns all the identity providers instead of the one named "test".

Tried calling the API directly, same issue.

Please add searching by ID to the identity provider API.

Current workaround: adding the ID to provider name.

Hi, I am using the python client to logout a user. Unfortunately, I am getting the following response from the server.

{
   "fieldErrors":{
      "global":[
         {
            "code":"[couldNotConvert]global",
            "message":"Invalid"
         }
      ]
   }
}

Here is my code:

token = serializer.get_cleaned_data()["refreshToken"]
print(token)
client_response = anonymous_client.logout(True, token)

if not client_response.was_successful():
    code = client_response.response.status_code
    raise UnKnownError(http_code_number=code)

return Response({"detail": "Successfully logged out."}, status=status.HTTP_200_OK)

Versions
Fusionauth-client 1.19.8
FusionAuth 1.19.8

Hi.
With this code:
client_response = client.exchange_o_auth_code_for_access_token(authCode,redirectURL,applicationID,clientSecret)
the value of client_response.was_successful() is True with version 1.18.0, but with 1.19.0 the returned value is False.
In the last case the error_response was: <Response [401]>

Hi ! Trying to use the uri method, it seems to have some odd behavior when the url ends with a backslash. The method (link to code):

    def uri(self, uri):
        if self._url is None:
            return self
        if self._url.endswith('/') and uri.startswith('/'):
            self._url += uri[:1]
        elif self._url.endswith('/') and not uri.startswith('/'):
            self._url += "/" + uri
        else:
            self._url += uri
        return self

• For self._url = "http://example.com/" & uri = "/example/path", the method returns "http://example.com//"
• For self._url = "http://example.com/" & uri = "example/path", the method returns "http://example.com//example/path"

Is this intended for a particular reason / case ?

The validate_jwt method is passing an authorization header with _jwt as the token type, which is invalid as FusionAuth expects this to be JWT and thus always returns a 401 response. Replacing these here makes validation work (returns a 200 with the expected data).

This might be affecting other endpoints as well, as I see several other places where this pattern is used.