Change introspect call to send token in body and query

workfloworchestrator · Sep 20, 2023 · d02361a · d02361a
1 parent 090cc3f
commit d02361a
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/oauth2_lib/fastapi.py b/oauth2_lib/fastapi.py
@@ -255,6 +255,7 @@ async def introspect_token(self, async_request: AsyncClient, token: str) -> OIDC
         endpoint = self.openid_config.introspect_endpoint or self.openid_config.introspection_endpoint
         response = await async_request.post(
             endpoint,
+            params={"token": token},
             data={"token": token},
             auth=BasicAuth(self.resource_server_id, self.resource_server_secret),
             headers={"Content-Type": "application/x-www-form-urlencoded"},

diff --git a/tests/test_fastapi.py b/tests/test_fastapi.py
@@ -186,6 +186,7 @@ async def test_introspect_token(make_mock_async_client):
         discovery["introspect_endpoint"],
         auth=MockBasicAuth("id", "secret"),
         headers={"Content-Type": "application/x-www-form-urlencoded"},
+        params={"token": access_token},
         data={"token": access_token},
     )
 
@@ -215,6 +216,7 @@ async def mock_request(*args, **kwargs):
         discovery["introspect_endpoint"],
         auth=MockBasicAuth("id", "secret"),
         headers={"Content-Type": "application/x-www-form-urlencoded"},
+        params={"token": access_token},
         data={"token": access_token},
     )