Override `client_secret_post`: use JSON

Override the `client_secret_post` auth method to use JSON rather than
FORMDATA in order to gain some consistency while communicating with
the auth server.

1 files changed, 13 insertions, 0 deletions

diff --git a/uploader/oauth2/client.py b/uploader/oauth2/client.py
index 09e165a..6dde9cb 100644
--- a/uploader/oauth2/client.py
+++ b/uploader/oauth2/client.py
@@ -9,6 +9,7 @@ from flask import request, current_app as app
 from pymonad.either import Left, Right, Either
 
 from authlib.jose import jwt
+from authlib.common.urls import url_decode
 from authlib.jose import KeySet, JsonWebKey
 from authlib.jose.errors import BadSignatureError
 from authlib.integrations.requests_client import OAuth2Session
@@ -87,6 +88,16 @@ def oauth2_client():
         """Update the token when refreshed."""
         session.set_user_token(token)
 
+    def __json_auth__(client, method, uri, headers, body):
+        return (
+            uri,
+            {**headers, "Content-Type": "application/json"},
+            json.dumps({
+                **dict(url_decode(body)),
+                "client_id": oauth2_clientid(),
+                "client_secret": oauth2_clientsecret()
+            }))
+
     def __client__(token) -> OAuth2Session:
         client = OAuth2Session(
             oauth2_clientid(),
@@ -96,6 +107,8 @@ def oauth2_client():
             token_endpoint_auth_method="client_secret_post",
             token=token,
             update_token=__update_token__)
+        client.register_client_auth_method(
+            ("client_secret_post", __json_auth__))
         return client
 
     __update_auth_server_jwks__(session.session_info())