google.auth.transport.Request is called with type(body) == str

[Nikratio]

According to eg https://google-auth.readthedocs.io/en/latest/reference/google.auth.html#google.auth.default, classes implementing google.auth.transport.Request will be called with a body parameter of type bytes. This makes sense, because the request agent is in no position to decide how a str body should be encoded for transport.

Unfortunately, in some cases the googl.auth module does pass str value. One such call is made in

google-auth-library-python/google/oauth2/_client.py

Line 100 in 137b43b

body = urllib.parse.urlencode(body)

, but there may be more.

[SurferJeffAtGoogle]

@Nikratio Thank you for reporting this issue. I apologize for the late reply. I clicked on the link https://google-auth.readthedocs.io/en/latest/reference/google.auth.html#google.auth.default, and I don't see a discussion of a body parameter or bytes.

Is this issue still reproducible today? Is there another doc that describes the conflict between the docs and the code?

[busunkim96]

The link may have changed since the issue was posted:

google.auth.transport.Request documentation says that the body should have type bytes

https://google-auth.readthedocs.io/en/latest/reference/google.auth.transport.html#google.auth.transport.Request

---

Investigation (in progress):
_token_endpoint_request is a private method that makes a request using parameter body

google-auth-library-python/google/oauth2/_client.py

Lines 83 to 91 in 137b43b

	def _token_endpoint_request(request, token_uri, body):
	"""Makes a request to the OAuth 2.0 authorization server's token endpoint.
	Args:
	request (google.auth.transport.Request): A callable used to make
	HTTP requests.
	token_uri (str): The OAuth 2.0 authorizations server's token endpoint
	URI.
	body (Mapping[str, str]): The parameters to send in the request body.

All the public methods that call it specify parameter type str for the values that are used to make the body.

google-auth-library-python/google/oauth2/_client.py

Lines 118 to 138 in 137b43b

	def jwt_grant(request, token_uri, assertion):
	"""Implements the JWT Profile for OAuth 2.0 Authorization Grants.
	For more details, see `rfc7523 section 4`_.
	Args:
	request (google.auth.transport.Request): A callable used to make
	HTTP requests.
	token_uri (str): The OAuth 2.0 authorizations server's token endpoint
	URI.
	assertion (str): The OAuth 2.0 assertion.
	Returns:
	Tuple[str, Optional[datetime], Mapping[str, str]]: The access token,
	expiration, and additional data returned by the token endpoint.
	Raises:
	google.auth.exceptions.RefreshError: If the token endpoint returned
	an error.
	.. _rfc7523 section 4: https://tools.ietf.org/html/rfc7523#section-4

google.auth.transport.Request calls requests.Sesion.request.

google-auth-library-python/google/auth/transport/requests.py

Lines 94 to 124 in 137b43b

	def __call__(self, url, method='GET', body=None, headers=None,
	timeout=None, **kwargs):
	"""Make an HTTP request using requests.
	Args:
	url (str): The URI to be requested.
	method (str): The HTTP method to use for the request. Defaults
	to 'GET'.
	body (bytes): The payload / body in HTTP request.
	headers (Mapping[str, str]): Request headers.
	timeout (Optional[int]): The number of seconds to wait for a
	response from the server. If not specified or if None, the
	requests default timeout will be used.
	kwargs: Additional arguments passed through to the underlying
	requests :meth:`~requests.Session.request` method.
	Returns:
	google.auth.transport.Response: The HTTP response.
	Raises:
	google.auth.exceptions.TransportError: If any exception occurred.
	"""
	try:
	_LOGGER.debug('Making request: %s %s', method, url)
	response = self.session.request(
	method, url, data=body, headers=headers, timeout=timeout,
	**kwargs)
	return _Response(response)
	except requests.exceptions.RequestException as caught_exc:
	new_exc = exceptions.TransportError(caught_exc)
	six.raise_from(new_exc, caught_exc)

data – (optional) Dictionary, list of tuples, bytes, or file-like object to send in the body of the Request.