or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

compliance-fixes.mdindex.mdoauth1.mdoauth2.md

compliance-fixes.mddocs/

0
# Provider Compliance Fixes
1


2
Pre-built compliance fixes for popular OAuth providers that implement non-standard OAuth behaviors. These fixes enable seamless integration with services that deviate from the OAuth 2.0 specification.
3


4
## Capabilities
5


6
### Facebook Compliance Fix
7


8
Handles Facebook's non-standard OAuth 2.0 implementation that returns tokens as URL-encoded form data with incorrect content-type headers instead of JSON.
9


10
```python { .api }
11
def facebook_compliance_fix(session: OAuth2Session) -> OAuth2Session:
12
    """
13
    Apply Facebook-specific OAuth compliance fixes.
14


15
    Fixes:
16
    - Handles text/plain content-type for token responses
17
    - Converts 'expires' field to standard 'expires_in' field
18
    - Adds missing 'token_type': 'Bearer' to token response
19
    - Converts response to proper JSON format
20


21
    Args:
22
        session (OAuth2Session): OAuth session to modify
23


24
    Returns:
25
        OAuth2Session: Modified session with Facebook compliance fixes
26
    """
27
```
28


29
**Usage Example:**
30


31
```python
32
from requests_oauthlib import OAuth2Session
33
from requests_oauthlib.compliance_fixes import facebook_compliance_fix
34


35
# Create session and apply Facebook fixes
36
oauth = OAuth2Session('client_id', redirect_uri='https://example.com/callback')
37
oauth = facebook_compliance_fix(oauth)
38


39
# Now works with Facebook's non-standard responses
40
auth_url, state = oauth.authorization_url('https://www.facebook.com/dialog/oauth')
41
token = oauth.fetch_token(
42
    'https://graph.facebook.com/oauth/access_token',
43
    authorization_response=callback_url,
44
    client_secret='client_secret'
45
)
46
```
47


48
### Slack Compliance Fix
49


50
Handles Slack's non-standard parameter name for access tokens in API requests.
51


52
```python { .api }
53
def slack_compliance_fix(session: OAuth2Session) -> OAuth2Session:
54
    """
55
    Apply Slack-specific OAuth compliance fixes.
56


57
    Fixes:
58
    - Uses 'token' parameter instead of standard Authorization header
59
    - Automatically adds token to request data or URL parameters
60
    - Preserves existing token parameter if already present
61


62
    Args:
63
        session (OAuth2Session): OAuth session to modify
64


65
    Returns:
66
        OAuth2Session: Modified session with Slack compliance fixes
67
    """
68
```
69


70
**Usage Example:**
71


72
```python
73
from requests_oauthlib import OAuth2Session
74
from requests_oauthlib.compliance_fixes import slack_compliance_fix
75


76
# Create session and apply Slack fixes
77
oauth = OAuth2Session('client_id', redirect_uri='https://example.com/callback')
78
oauth = slack_compliance_fix(oauth)
79


80
# Token automatically added as 'token' parameter
81
auth_url, state = oauth.authorization_url('https://slack.com/oauth/authorize')
82
token = oauth.fetch_token(
83
    'https://slack.com/api/oauth.access',
84
    authorization_response=callback_url,
85
    client_secret='client_secret'
86
)
87


88
# API calls automatically include token parameter
89
response = oauth.post('https://slack.com/api/chat.postMessage', data={
90
    'channel': '#general',
91
    'text': 'Hello from OAuth!'
92
})
93
```
94


95
### Instagram Compliance Fix
96


97
Handles Instagram's token response format variations.
98


99
```python { .api }
100
def instagram_compliance_fix(session: OAuth2Session) -> OAuth2Session:
101
    """
102
    Apply Instagram-specific OAuth compliance fixes.
103


104
    Args:
105
        session (OAuth2Session): OAuth session to modify
106


107
    Returns:
108
        OAuth2Session: Modified session with Instagram compliance fixes
109
    """
110
```
111


112
### Mailchimp Compliance Fix
113


114
Handles Mailchimp's OAuth implementation specifics.
115


116
```python { .api }
117
def mailchimp_compliance_fix(session: OAuth2Session) -> OAuth2Session:
118
    """
119
    Apply Mailchimp-specific OAuth compliance fixes.
120


121
    Args:
122
        session (OAuth2Session): OAuth session to modify
123


124
    Returns:
125
        OAuth2Session: Modified session with Mailchimp compliance fixes
126
    """
127
```
128


129
### Fitbit Compliance Fix
130


131
Handles Fitbit's OAuth implementation requirements.
132


133
```python { .api }
134
def fitbit_compliance_fix(session: OAuth2Session) -> OAuth2Session:
135
    """
136
    Apply Fitbit-specific OAuth compliance fixes.
137


138
    Args:
139
        session (OAuth2Session): OAuth session to modify
140


141
    Returns:
142
        OAuth2Session: Modified session with Fitbit compliance fixes
143
    """
144
```
145


146
### Weibo Compliance Fix
147


148
Handles Weibo's OAuth implementation variations.
149


150
```python { .api }
151
def weibo_compliance_fix(session: OAuth2Session) -> OAuth2Session:
152
    """
153
    Apply Weibo-specific OAuth compliance fixes.
154


155
    Args:
156
        session (OAuth2Session): OAuth session to modify
157


158
    Returns:
159
        OAuth2Session: Modified session with Weibo compliance fixes
160
    """
161
```
162


163
### PlentyMarkets Compliance Fix
164


165
Handles PlentyMarkets OAuth implementation specifics.
166


167
```python { .api }
168
def plentymarkets_compliance_fix(session: OAuth2Session) -> OAuth2Session:
169
    """
170
    Apply PlentyMarkets-specific OAuth compliance fixes.
171


172
    Args:
173
        session (OAuth2Session): OAuth session to modify
174


175
    Returns:
176
        OAuth2Session: Modified session with PlentyMarkets compliance fixes
177
    """
178
```
179


180
### eBay Compliance Fix
181


182
Handles eBay's OAuth implementation requirements.
183


184
```python { .api }
185
def ebay_compliance_fix(session: OAuth2Session) -> OAuth2Session:
186
    """
187
    Apply eBay-specific OAuth compliance fixes.
188


189
    Args:
190
        session (OAuth2Session): OAuth session to modify
191


192
    Returns:
193
        OAuth2Session: Modified session with eBay compliance fixes
194
    """
195
```
196


197
## How Compliance Fixes Work
198


199
Compliance fixes modify OAuth2Session behavior by registering custom hooks that intercept and modify requests and responses. They typically:
200


201
1. **Register compliance hooks** using `session.register_compliance_hook()`
202
2. **Modify request parameters** before sending to provider
203
3. **Transform response data** to match OAuth 2.0 specification
204
4. **Handle provider-specific quirks** like custom parameter names or response formats
205


206
## Common OAuth Provider Issues
207


208
### Non-Standard Token Responses
209
- **Issue**: Providers return tokens in unexpected formats or with incorrect content-type headers
210
- **Solution**: Parse and normalize token responses to standard JSON format
211


212
### Custom Parameter Names
213
- **Issue**: Providers expect tokens in non-standard parameter names or locations
214
- **Solution**: Intercept requests and add tokens using provider-specific parameter names
215


216
### Missing Token Information
217
- **Issue**: Providers omit required fields like `token_type` or use non-standard field names
218
- **Solution**: Add missing fields or rename fields to match OAuth 2.0 specification
219


220
### Content-Type Issues
221
- **Issue**: Providers return JSON data with incorrect content-type headers
222
- **Solution**: Override content-type detection and force JSON parsing
223


224
## Creating Custom Compliance Fixes
225


226
You can create custom compliance fixes for other providers:
227


228
```python
229
def custom_provider_compliance_fix(session):
230
    def fix_token_response(response):
231
        # Modify response as needed
232
        if 'custom_token_field' in response.text:
233
            # Transform response to standard format
234
            pass
235
        return response
236
    
237
    def fix_protected_request(url, headers, data):
238
        # Modify request parameters as needed
239
        if session.access_token:
240
            # Add token in provider-specific way
241
            pass
242
        return url, headers, data
243
    
244
    # Register hooks
245
    session.register_compliance_hook('access_token_response', fix_token_response)
246
    session.register_compliance_hook('protected_request', fix_protected_request)
247
    
248
    return session
249
```
250


251
## Available Hook Types
252


253
Compliance fixes can register hooks for different points in the OAuth flow:
254


255
- **access_token_response**: Modify token endpoint responses before parsing
256
- **refresh_token_response**: Modify refresh token responses before parsing  
257
- **protected_request**: Modify authenticated API requests before sending
258
- **access_token_request**: Modify token fetch requests before sending
259
- **refresh_token_request**: Modify token refresh requests before sending
260


261
## Best Practices
262


263
1. **Apply fixes early**: Apply compliance fixes immediately after creating the OAuth2Session
264
2. **Test thoroughly**: Provider APIs can change, so test compliance fixes regularly
265
3. **Document provider-specific behavior**: Keep notes on what each fix addresses
266
4. **Monitor provider updates**: Watch for changes in provider OAuth implementations
267
5. **Combine fixes carefully**: Some providers may need multiple fixes or custom combinations