Skip to content

Commit

Permalink
url encode secret in client credentials flow (#1566)
Browse files Browse the repository at this point in the history
* url encode secret first

Signed-off-by: Yee Hing Tong <[email protected]>

* nit

Signed-off-by: Yee Hing Tong <[email protected]>

---------

Signed-off-by: Yee Hing Tong <[email protected]>
  • Loading branch information
wild-endeavor authored Mar 28, 2023
1 parent db7d1eb commit dd7fbe9
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
9 changes: 6 additions & 3 deletions flytekit/clients/auth/token_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import logging
import time
import typing
import urllib.parse
from dataclasses import dataclass
from datetime import datetime, timedelta

Expand Down Expand Up @@ -57,14 +58,16 @@ def from_json_response(cls, j: typing.Dict) -> "DeviceCodeResponse":
def get_basic_authorization_header(client_id: str, client_secret: str) -> str:
"""
This function transforms the client id and the client secret into a header that conforms with http basic auth.
It joins the id and the secret with a : then base64 encodes it, then adds the appropriate text
It joins the id and the secret with a : then base64 encodes it, then adds the appropriate text. Secrets are
first URL encoded to escape illegal characters.
:param client_id: str
:param client_secret: str
:rtype: str
"""
concated = "{}:{}".format(client_id, client_secret)
return "Basic {}".format(base64.b64encode(concated.encode(utf_8)).decode(utf_8))
encoded = urllib.parse.quote_plus(client_secret)
concatenated = "{}:{}".format(client_id, encoded)
return "Basic {}".format(base64.b64encode(concatenated.encode(utf_8)).decode(utf_8))


def get_token(
Expand Down
3 changes: 3 additions & 0 deletions tests/flytekit/unit/clients/auth/test_token_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ def test_get_basic_authorization_header():
header = get_basic_authorization_header("client_id", "abc")
assert header == "Basic Y2xpZW50X2lkOmFiYw=="

header = get_basic_authorization_header("client_id", "abc%%$?\\/\\/")
assert header == "Basic Y2xpZW50X2lkOmFiYyUyNSUyNSUyNCUzRiU1QyUyRiU1QyUyRg=="


@patch("flytekit.clients.auth.token_client.requests")
def test_get_token(mock_requests):
Expand Down

0 comments on commit dd7fbe9

Please sign in to comment.