Monday, 26 December 2022

Missing "nonce" claim with Quickbooks + Authlib

When I try to implement an OAuth flow into Quickbooks Online with the openid scope, I receive an error authlib.jose.errors.MissingClaimError: missing_claim: Missing "nonce" claim.

Here is the code:

from authlib.integrations.flask_client import OAuth

oauth = OAuth(app)
oauth.register(
    name="qbo",
    client_id='x',
    client_secret='x',
    server_metadata_url='https://developer.api.intuit.com/.well-known/openid_sandbox_configuration',
    client_kwargs={"scope": "openid email profile com.intuit.quickbooks.accounting"},
)


@app.route("/login")
def login():
    redirect_uri = url_for("callback", _external=True)
    client = getattr(oauth, 'qbo')
    return client.authorize_redirect(redirect_uri, state='hello')


@app.route("/callback")
def callback():
    client = getattr(oauth, 'qbo')
    token = client.authorize_access_token()
    return 'authorized'

The line client.authorize_access_token() is failing. This also fails when I pass a nonce param to the authorize_redirect() method.

When I remove the openid email profile scopes, then this works without an issue. I have similar code for openid and Google, and that works without any issues.

Any ideas on what is happening in this case?



from Missing "nonce" claim with Quickbooks + Authlib

No comments:

Post a Comment