Skip to content

Rewrite WebClient.oauth_access() #481

New issue
New issue
Closed
Closed
Rewrite WebClient.oauth_access()#481
Assignees
RodneyU215
Labels
Version: 2xbugM-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented
@pastelmind

Description

@pastelmind
pastelmind
opened on Jul 17, 2019

The oauth.access method, according to official documentation, accepts a temporary OAuth code and returns an API access token (xoxp-XXXXXXX...). This means that it does NOT require an Authorization: Bearer xxx header--in fact, this is impossible for an app that is being installed, as it does not have a token yet.

Thus, it makes no sense for WebClient.oauth_access() to be a normal instance method of WebClient, which requires an API token for instantiation. I suggest that it be moved to a @staticmethod or @classmethod, depending on its implementation.

Also, the current implementation sends the client ID and secret as POST parameters in the request body, even though the official document says:

We strongly recommend supplying the Client ID and Client Secret using the HTTP Basic authentication scheme, as discussed in RFC 6749.

Thus, this method needs to be rewritten to NOT use WebClient.api_call(), but manually send a request using HTTP Basic Authentication instead.

Metadata

Metadata

Assignees

Labels

Version: 2xbugM-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions