Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python SDK "return_session_token_exchange_code" ignored due to casing constraint #3839

Closed
4 of 5 tasks
ngc7293 opened this issue Mar 22, 2024 · 1 comment · Fixed by #3841
Closed
4 of 5 tasks

Python SDK "return_session_token_exchange_code" ignored due to casing constraint #3839

ngc7293 opened this issue Mar 22, 2024 · 1 comment · Fixed by #3841
Labels
bug Something is not working.

Comments

@ngc7293
Copy link
Contributor

ngc7293 commented Mar 22, 2024
edited

Preflight checklist

Ory Network Project

No response

Describe the bug

When create a new native login flow using the Python SDK, the return_session_token_exchange_code optional parameter is ignored.

This seems to be due to how Python's urllib3 serializes boolean values using Python casing ("True" / "False"), which is incompatible with the backend's strict casing (only checks for egality with "true", see here).

The Python SDK does not allow for non-boolean values (like str("true")), so I could not find any workaround besides performing the requests manually with requests.

Reproducing the bug

  1. docker compose -f quickstart.yml up
  2. run the following Python commands:
from ory_client.api.frontend_api import FrontendApi
from ory_client.configuration import Configuration
from ory_client.api_client import ApiClient
config = Configuration(host="http://localhost:4433/")
client = ApiClient(config)
api = FrontendApi(client)
flow = api.create_native_login_flow(return_session_token_exchange_code=True)
  1. Observe the flow object does not contain the expected session_token_exchange_code attribute.
assert "session_token_exchange_code" in flow

Relevant log output

No response

Relevant configuration

No response

Version

master, 1.1.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker Compose

Additional Context

No response
@ngc7293 ngc7293 added the bug Something is not working. label Mar 22, 2024
@ngc7293
Copy link
Contributor Author

ngc7293 commented Mar 22, 2024

After some more digging this seems to be a more generalized issue, it can also be reproduced with the refresh=True parameter:

from ory_client.api_client import ApiClient
config = Configuration(host="http://localhost:4433/")
client = ApiClient(config)
api = FrontendApi(client)
flow = api.create_native_login_flow(refresh=True)

assert flow["refresh"]  # This will fail

ngc7293 added a commit to ngc7293/kratos that referenced this issue Mar 22, 2024
@ngc7293
fix: tolerate more "truthy" values when creating new flows
7c6cc4a 
Use strconv.ParseBool to accept multiple "truthy" values for the
`refresh` and `return_session_token_exchange_code` query parameters when
creating a new login flow.

For some SDKs (e.g.: Python), these stringification of booleans is not
user-controlled and these endpoints could not be used fully due to the
backend ignoring any value other than `true` (all lowercase).

Closes ory#3839.
@ngc7293 ngc7293 mentioned this issue Mar 22, 2024
Merged
7 tasks
aeneasr pushed a commit that referenced this issue Mar 24, 2024
@ngc7293
fix: tolerate more "truthy" values when creating new flows (#3841)
49d93c0 
Use strconv.ParseBool to accept multiple "truthy" values for the
`refresh` and `return_session_token_exchange_code` query parameters when
creating a new login flow.

For some SDKs (e.g.: Python), these stringification of booleans is not
user-controlled and these endpoints could not be used fully due to the
backend ignoring any value other than `true` (all lowercase).

Closes #3839
panbanda pushed a commit to panbanda/kratos that referenced this issue Mar 25, 2024
@ngc7293 @panbanda
fix: tolerate more "truthy" values when creating new flows (ory#3841)
22f2adf 
Use strconv.ParseBool to accept multiple "truthy" values for the
`refresh` and `return_session_token_exchange_code` query parameters when
creating a new login flow.

For some SDKs (e.g.: Python), these stringification of booleans is not
user-controlled and these endpoints could not be used fully due to the
backend ignoring any value other than `true` (all lowercase).

Closes ory#3839
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: tolerate more "truthy" values when creating new flows ngc7293/kratos
1 participant
@ngc7293