Giters

vangorra / python_withings_api

Library for the Withings Health API

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Wrong URL in OAuth token endpoint

Hansesto opened this issue · comments

commented

Hello,

Withings API documentation lists "https://wbsapi.withings.net/v2/oauth2" as the endpoint for refreshing the access_token.

However, in the python_withings_api package, in WithingsAuth class, the url is set to

URL: Final = "https://account.withings.com"
# And
PATH_TOKEN: Final = "oauth2/token"

Which is used to set the auto_refresh_url of the OAuth2Session

auto_refresh_url="%s/%s" % (WithingsAuth.URL, WithingsAuth.PATH_TOKEN),

That might be the reason refreshing the access_token fails when tried to be done using the refresh_token manual method.

According to the API documentation, the https://account.withings.com seems to be mostly used for user authorization.

Best regards,
Hannes Järvinen

commented

True, the documentation does list https://wbsapi.withings.net/v2/oauth2 as the oauth2 url. This, among other parts of the documentation, is wrong. Using that URL to fetch the token results in the Withings server throwing an error.

Error when fetching token with https://wbsapi.withings.net/v2/oauth2

Traceback (most recent call last):
  File "./scripts/integration_test.py", line 153, in <module>
    main()
  File "./scripts/integration_test.py", line 102, in main
    save_credentials(auth.get_credentials(auth_code))
  File "/home/rvangork/Documents/git/python_withings_api/withings_api/__init__.py", line 371, in get_credentials
    response: Final = self._session.fetch_token(
  File "/home/rvangork/Documents/git/python_withings_api/.venv/lib/python3.8/site-packages/requests_oauthlib/oauth2_session.py", line 360, in fetch_token
    self._client.parse_request_body_response(r.text, scope=self.scope)
  File "/home/rvangork/Documents/git/python_withings_api/.venv/lib/python3.8/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 421, in parse_request_body_response
    self.token = parse_token_response(body, scope=scope)
  File "/home/rvangork/Documents/git/python_withings_api/.venv/lib/python3.8/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 431, in parse_token_response
    validate_token_parameters(params)
  File "/home/rvangork/Documents/git/python_withings_api/.venv/lib/python3.8/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 438, in validate_token_parameters
    raise_from_error(params.get('error'), params)
  File "/home/rvangork/Documents/git/python_withings_api/.venv/lib/python3.8/site-packages/oauthlib/oauth2/rfc6749/errors.py", line 406, in raise_from_error
    raise CustomOAuth2Error(error=error, **kwargs)
oauthlib.oauth2.rfc6749.errors.CustomOAuth2Error: (Not implemented)

The issue with token refresh was fixed in the last release. It turns out that Withings changed their spec to required a specific url parameter when requesting or refreshing tokens. That change broke the client. See: #46