I would like to thank you for your explanation about OAuth 2 . I already used it in my mobile app., and followed your instructions in this topic and in the others, but I want more explanation about revoke_token,the purpose? and when I should do it ?
Also , Is the OAuth 2 always depends on the cookies and sessions data?
the last question is about refresh_token, I can not have any response from it, althought I used the responded token from get_token as mentioned here https://frappe.io/docs/user/en/guides/integration/using_oauth
but I got this msg
@revant_one I have some trubbles with OAuth 2 authorization way,
Now I used it in my mobile app as the following steps:
get the authorization code and login using frappe.integrations.oauth2.authorize
get the token of that code by frappe.integrations.oauth2.get_token
call the first frappe api “api/resource/Attendance” with Authorizaton: Bearer <bearer_token>
now the problem is when another user tried to login and call an api, it will execute it with the last authorized user!
Is it important to do the authorize and get the token process in each api call?
give me the right way and concept to do that in frappe plz
My case is with Mobile app that call some api’s from frappe, now I noticed that the requests depends on the user session, but in my Mobile app i just used the Auth 2 authorization to get a token in order to be in all the user request. and when i apply this logic, I faced a problem with multi user login, as my frappe server always using the last bearer token stored in the auth table, so when any user call an api it will called with the last stored token whatever whom the logged user.
I can not solve it by this protocol, but I need a solution to complete my app perfectly, Is this way is right for my case as you see?
This is a very interesting feature, and thanks to revant_one for all of the work that went into it.
I’m struggling to understand the instructions here, likely because of my limited understanding of how OAuth works. I know I have some homework to do, but I was hoping to understand the possibilities before I dig too deep. Using this, is it possible to create a single sign on system using Frappe/ERPNext as an identity provider for other compatible services? I have a minimal LDAP server set up right now, but as more and more of our data is moving into ERPNext it’d be great to start treating that as the authoritative repository.
We’ve been using this integration to great effect, and it has really put Frappe at the center of our information systems. Recently, however, we’ve hit a bit of a wall.
I’m trying to understand how to get an id_token, which the documentation seems to suggest should come along with the access_token if openid is included as a scope. I’m not finding that to be the case for implicit grant flows. Is this by design?
I’ve spent several hours on this now, but unfortunately without much to show yet. I’m struggling, I think, to fully grok the division of labour between the frappe.integrations.oauth2 endpoint methods, the frappe.oauth backend, and the oauthlib.oauth2 library functions.
To get response_type=token%20id_token implemented, would amending the frappe.integrations.oauth2.authorize RPC be enough, or does this require architectural changes deeper? I’m committed to adding this and getting it sent upstream, but I think I might be in a bit over my head!
Edit: Specifically, though I think I have a reasonable understanding of how the id_token is assembled in the get_token endpoint, I’m not really seeing where the parameters are getting added to the callback url from the authorize endpoint.
extend the frappe/tests/test_oauth20.py as per the features you add.
Just a thought, Implict grant flows don’t make sense for frappe/erpnext. They will let you have a token on browser app but then you have restriction related to CORS. Enabling CORS on frappe/erpnext backend is not a good idea.