Giters

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

Home Page:https://authlib.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Locking session doesn't work

AdamGold opened this issue · comments

commented

In AsyncOAuth2Client, there's self._token_refresh_lock = Lock() introduced here.

The problem is, that for every new request, a new instance of AsyncOAuth2Client is created, therefore the lock doesn't make any difference for multiple requests.

    def _get_oauth_client(self, **metadata):
        client_kwargs = {}
        client_kwargs.update(self.client_kwargs)
        client_kwargs.update(metadata)

        if self.authorize_url:
            client_kwargs['authorization_endpoint'] = self.authorize_url
        if self.access_token_url:
            client_kwargs['token_endpoint'] = self.access_token_url

        session = self.client_cls(
            client_id=self.client_id,
            client_secret=self.client_secret,
            update_token=self._on_update_token,
            **client_kwargs
        )

Am I missing something?