OAuth tokens scoped to a context are never requested and don't work

Bug #552732 reported by Leonard Richardson on 2010-03-31
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Low
Unassigned
launchpadlib
Low
Unassigned

Bug Description

There's a launchpadlib problem here and a Launchpad problem. The launchpadlib problem is that if you pass in a context to Credential.request_access_token, the URL you get back doesn't mention a context (it doesn't set lp.context), and the end-user is asked to grant your application access to all of Launchpad.

If you do somehow get an access token that's scoped to some context (like firefox), you can't use the token with launchpadlib, because the service root is out of scope! (At least, I believe this is why.) Here's the error you get:

Traceback (most recent call last):
  File "/srv/staging.launchpad.net/staging/launchpad/eggs/zope.publisher-3.10.0-py2.5.egg/zope/publisher/publish.py", line 134, in publish
    result = publication.callObject(request, obj)
  File "/srv/staging.launchpad.net/staging/launchpad/eggs/lazr.restful-0.9.24-py2.5.egg/lazr/restful/publisher.py", line 171, in callObject
    WebServicePublicationMixin, self).callObject(request, object)
  File "/srv/staging.launchpad.net/staging/launchpad/lib/canonical/launchpad/webapp/publication.py", line 421, in callObject
    return mapply(ob, request.getPositionalArguments(), request)
  File "/srv/staging.launchpad.net/staging/launchpad/eggs/zope.publisher-3.10.0-py2.5.egg/zope/publisher/publish.py", line 109, in mapply
    return debug_call(obj, args)
  File "/srv/staging.launchpad.net/staging/launchpad/eggs/zope.publisher-3.10.0-py2.5.egg/zope/publisher/publish.py", line 115, in debug_call
    return obj(*args)
  File "/srv/staging.launchpad.net/staging/launchpad/lib/canonical/database/sqlbase.py", line 728, in block_implicit_flushes_decorator
    return func(*args, **kwargs)
  File "/srv/staging.launchpad.net/staging/launchpad/lib/canonical/launchpad/webapp/authorization.py", line 168, in checkPermission
    principal, objecttoauthorize)
  File "/srv/staging.launchpad.net/staging/launchpad/lib/canonical/launchpad/webapp/authorization.py", line 92, in _getPrincipalsAccessLevel
    if container.isWithin(principal.scope):
AttributeError: 'NoneType' object has no attribute 'isWithin'

Until recently (my second attempt at making it possible to use launchpadlib from Launchpad pagetests) we did not have an end-to-end test of launchpadlib using a credential with a context. (We thought we did, but we didn't, because the launchpadlib side of things didn't work.) Fortunately, nobody uses this feature (or we'd have a lot of complaints), so it's not _too_ bad.

summary: - OAuth tokens with scoped permissions are never requested and don't work
+ OAuth tokens scoped to a context are never requested and don't work
Gary Poster (gary) on 2010-04-01
Changed in launchpad-foundations:
status: New → Triaged
importance: Undecided → Low
Changed in launchpadlib:
status: New → Triaged
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers