Launchpad itself

OAuth tokens scoped to a context are never requested and don't work

Bug #552732 reported by Leonard Richardson on 2010-03-31

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Triaged	Low	Unassigned
	launchpadlib	Triaged	Low	Unassigned

Bug Description

There's a launchpadlib problem here and a Launchpad problem. The launchpadlib problem is that if you pass in a context to Credential.request_access_token, the URL you get back doesn't mention a context (it doesn't set lp.context), and the end-user is asked to grant your application access to all of Launchpad.

If you do somehow get an access token that's scoped to some context (like firefox), you can't use the token with launchpadlib, because the service root is out of scope! (At least, I believe this is why.) Here's the error you get:

Traceback (most recent call last):
  File "/srv/staging.launchpad.net/staging/launchpad/eggs/zope.publisher-3.10.0-py2.5.egg/zope/publisher/publish.py", line 134, in publish
    result = publication.callObject(request, obj)
  File "/srv/staging.launchpad.net/staging/launchpad/eggs/lazr.restful-0.9.24-py2.5.egg/lazr/restful/publisher.py", line 171, in callObject
    WebServicePublicationMixin, self).callObject(request, object)
  File "/srv/staging.launchpad.net/staging/launchpad/lib/canonical/launchpad/webapp/publication.py", line 421, in callObject
    return mapply(ob, request.getPositionalArguments(), request)
  File "/srv/staging.launchpad.net/staging/launchpad/eggs/zope.publisher-3.10.0-py2.5.egg/zope/publisher/publish.py", line 109, in mapply
    return debug_call(obj, args)
  File "/srv/staging.launchpad.net/staging/launchpad/eggs/zope.publisher-3.10.0-py2.5.egg/zope/publisher/publish.py", line 115, in debug_call
    return obj(*args)
  File "/srv/staging.launchpad.net/staging/launchpad/lib/canonical/database/sqlbase.py", line 728, in block_implicit_flushes_decorator
    return func(*args, **kwargs)
  File "/srv/staging.launchpad.net/staging/launchpad/lib/canonical/launchpad/webapp/authorization.py", line 168, in checkPermission
    principal, objecttoauthorize)
  File "/srv/staging.launchpad.net/staging/launchpad/lib/canonical/launchpad/webapp/authorization.py", line 92, in _getPrincipalsAccessLevel
    if container.isWithin(principal.scope):
AttributeError: 'NoneType' object has no attribute 'isWithin'

Until recently (my second attempt at making it possible to use launchpadlib from Launchpad pagetests) we did not have an end-to-end test of launchpadlib using a credential with a context. (We thought we did, but we didn't, because the launchpadlib side of things didn't work.) Fortunately, nobody uses this feature (or we'd have a lot of complaints), so it's not _too_ bad.

Tags:

Leonard Richardson (leonardr) on 2010-03-31

summary:

- OAuth tokens with scoped permissions are never requested and don't work
+ OAuth tokens scoped to a context are never requested and don't work

Gary Poster (gary) on 2010-04-01

Changed in launchpad-foundations:
status:	New → Triaged
importance:	Undecided → Low
Changed in launchpadlib:
status:	New → Triaged
importance:	Undecided → Low

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.