fix(oauth2): ACCESS_TOKEN_METHOD defaults to POST

This is possibly a breaking change for a few backends but makes the code
follow RFC and removes need for every backend to override this.

Fixes #284

Author: nijel

social_core/backends/amazon.py

@@ -13,7 +13,6 @@ class AmazonOAuth2(BaseOAuth2):
     ACCESS_TOKEN_URL = "https://api.amazon.com/auth/o2/token"
     DEFAULT_SCOPE = ["profile"]
     REDIRECT_STATE = False
-    ACCESS_TOKEN_METHOD = "POST"
     EXTRA_DATA = [
         ("refresh_token", "refresh_token", True),
         ("user_id", "user_id"),

social_core/backends/angel.py

@@ -9,7 +9,6 @@
 class AngelOAuth2(BaseOAuth2):
     name = "angel"
     AUTHORIZATION_URL = "https://angel.co/api/oauth/authorize/"
-    ACCESS_TOKEN_METHOD = "POST"
     ACCESS_TOKEN_URL = "https://angel.co/api/oauth/token/"
     REDIRECT_STATE = False
 

social_core/backends/apple.py

@@ -44,7 +44,6 @@ class AppleIdAuth(BaseOAuth2):
     JWK_URL = "https://appleid.apple.com/auth/keys"
     AUTHORIZATION_URL = "https://appleid.apple.com/auth/authorize"
     ACCESS_TOKEN_URL = "https://appleid.apple.com/auth/token"
-    ACCESS_TOKEN_METHOD = "POST"
     RESPONSE_MODE = None
 
     ID_KEY = "sub"

social_core/backends/appsfuel.py

@@ -11,7 +11,6 @@ class AppsfuelOAuth2(BaseOAuth2):
     ID_KEY = "user_id"
     AUTHORIZATION_URL = "http://app.appsfuel.com/content/permission"
     ACCESS_TOKEN_URL = "https://api.appsfuel.com/v1/live/oauth/token"
-    ACCESS_TOKEN_METHOD = "POST"
     USER_DETAILS_URL = "https://api.appsfuel.com/v1/live/user"
 
     def get_user_details(self, response):

social_core/backends/arcgis.py

@@ -10,7 +10,6 @@ class ArcGISOAuth2(BaseOAuth2):
     ID_KEY = "username"
     AUTHORIZATION_URL = "https://www.arcgis.com/sharing/rest/oauth2/authorize"
     ACCESS_TOKEN_URL = "https://www.arcgis.com/sharing/rest/oauth2/token"
-    ACCESS_TOKEN_METHOD = "POST"
     EXTRA_DATA = [("expires_in", "expires_in"), ("refresh_token", "refresh_token")]
 
     def get_user_details(self, response):

social_core/backends/asana.py

@@ -6,7 +6,6 @@
 class AsanaOAuth2(BaseOAuth2):
     name = "asana"
     AUTHORIZATION_URL = "https://app.asana.com/-/oauth_authorize"
-    ACCESS_TOKEN_METHOD = "POST"
     ACCESS_TOKEN_URL = "https://app.asana.com/-/oauth_token"
     REFRESH_TOKEN_URL = "https://app.asana.com/-/oauth_token"
     REDIRECT_STATE = False

social_core/backends/atlassian.py

@@ -4,7 +4,6 @@
 class AtlassianOAuth2(BaseOAuth2):
     name = "atlassian"
     AUTHORIZATION_URL = "https://auth.atlassian.com/authorize"
-    ACCESS_TOKEN_METHOD = "POST"
     ACCESS_TOKEN_URL = "https://auth.atlassian.com/oauth/token"
     DEFAULT_SCOPE = ["read:jira-user", "offline_access"]
     ID_KEY = "accountId"

social_core/backends/auth0.py

@@ -13,7 +13,6 @@ class Auth0OAuth2(BaseOAuth2):
 
     name = "auth0"
     SCOPE_SEPARATOR = " "
-    ACCESS_TOKEN_METHOD = "POST"
     EXTRA_DATA = [("picture", "picture")]
 
     def api_path(self, path=""):

social_core/backends/azuread.py

@@ -43,7 +43,6 @@ class AzureADOAuth2(BaseOAuth2):
     BASE_URL = "https://{authority_host}/{tenant_id}"
     AUTHORIZATION_URL = "{base_url}/oauth2/authorize"
     ACCESS_TOKEN_URL = "{base_url}/oauth2/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     DEFAULT_SCOPE = ["openid", "profile", "user_impersonation", "email"]
     EXTRA_DATA = [

social_core/backends/battlenet.py

@@ -14,7 +14,6 @@ class BattleNetOAuth2(BaseOAuth2):
     REDIRECT_STATE = False
     AUTHORIZATION_URL = "https://eu.battle.net/oauth/authorize"
     ACCESS_TOKEN_URL = "https://eu.battle.net/oauth/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REVOKE_TOKEN_METHOD = "GET"
     DEFAULT_SCOPE = ["wow.profile"]
     EXTRA_DATA = [

social_core/backends/beats.py

@@ -15,7 +15,6 @@ class BeatsOAuth2(BaseOAuth2):
     ID_KEY = "user_context"
     AUTHORIZATION_URL = "https://partner.api.beatsmusic.com/v1/oauth2/authorize"
     ACCESS_TOKEN_URL = "https://partner.api.beatsmusic.com/oauth2/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
 
     def get_user_id(self, details, response):

social_core/backends/behance.py

@@ -12,7 +12,6 @@ class BehanceOAuth2(BaseOAuth2):
     name = "behance"
     AUTHORIZATION_URL = "https://www.behance.net/v2/oauth/authenticate"
     ACCESS_TOKEN_URL = "https://www.behance.net/v2/oauth/token"
-    ACCESS_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = "|"
     EXTRA_DATA = [("username", "username")]
     REDIRECT_STATE = False

social_core/backends/bitbucket.py

@@ -58,7 +58,6 @@ class BitbucketOAuth2(BitbucketOAuthBase, BaseOAuth2):
     SCOPE_SEPARATOR = " "
     AUTHORIZATION_URL = "https://bitbucket.org/site/oauth2/authorize"
     ACCESS_TOKEN_URL = "https://bitbucket.org/site/oauth2/access_token"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     EXTRA_DATA = [
         ("scopes", "scopes"),

social_core/backends/bitbucket_datacenter.py

@@ -16,7 +16,6 @@ class BitbucketDataCenterOAuth2(BaseOAuth2PKCE):
     name = "bitbucket-datacenter-oauth2"
     ID_KEY = "id"
     SCOPE_SEPARATOR = " "
-    ACCESS_TOKEN_METHOD = "POST"
     REFRESH_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     STATE_PARAMETER = True

social_core/backends/box.py

@@ -11,7 +11,6 @@ class BoxOAuth2(BaseOAuth2):
 
     name = "box"
     AUTHORIZATION_URL = "https://www.box.com/api/oauth2/authorize"
-    ACCESS_TOKEN_METHOD = "POST"
     ACCESS_TOKEN_URL = "https://www.box.com/api/oauth2/token"
     REVOKE_TOKEN_URL = "https://www.box.com/api/oauth2/revoke"
     SCOPE_SEPARATOR = ","

social_core/backends/bungie.py

@@ -11,7 +11,6 @@ class BungieOAuth2(BaseOAuth2):
     AUTHORIZATION_URL = "https://www.bungie.net/en/oauth/authorize/"
     ACCESS_TOKEN_URL = "https://www.bungie.net/platform/app/oauth/token/"
     REFRESH_TOKEN_URL = "https://www.bungie.net/platform/app/oauth/token/"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     EXTRA_DATA = [
         ("refresh_token", "refresh_token", True),

social_core/backends/changetip.py

@@ -9,7 +9,6 @@ class ChangeTipOAuth2(BaseOAuth2):
     name = "changetip"
     AUTHORIZATION_URL = "https://www.changetip.com/o/authorize/"
     ACCESS_TOKEN_URL = "https://www.changetip.com/o/token/"
-    ACCESS_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = " "
 
     def get_user_details(self, response):

social_core/backends/chatwork.py

@@ -14,7 +14,6 @@ class ChatworkOAuth2(BaseOAuth2):
     API_URL = "https://api.chatwork.com/v2"
     AUTHORIZATION_URL = "https://www.chatwork.com/packages/oauth2/login.php"
     ACCESS_TOKEN_URL = "https://oauth.chatwork.com/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = True
     DEFAULT_SCOPE = ["users.profile.me:read"]
     ID_KEY = "account_id"

social_core/backends/cilogon.py

@@ -11,7 +11,6 @@ class CILogonOAuth2(BaseOAuth2):
     name = "cilogon-oauth2"
     AUTHORIZATION_URL = "https://cilogon.org/authorize"
     ACCESS_TOKEN_URL = "https://cilogon.org/oauth2/token"
-    ACCESS_TOKEN_METHOD = "POST"
     DEFAULT_SCOPE = ["openid", "email", "profile", "org.cilogon.userinfo"]
     REDIRECT_STATE = False
     SCOPE_SEPARATOR = "+"

social_core/backends/classlink.py

@@ -11,7 +11,6 @@ class ClasslinkOAuth(BaseOAuth2):
     name = "classlink"
     AUTHORIZATION_URL = "https://launchpad.classlink.com/oauth2/v2/auth"
     ACCESS_TOKEN_URL = "https://launchpad.classlink.com/oauth2/v2/token"
-    ACCESS_TOKEN_METHOD = "POST"
     DEFAULT_SCOPE = ["profile"]
     REDIRECT_STATE = False
     SCOPE_SEPARATOR = " "

social_core/backends/clef.py

@@ -15,7 +15,6 @@ class ClefOAuth2(BaseOAuth2):
     name = "clef"
     AUTHORIZATION_URL = "https://clef.io/iframes/qr"
     ACCESS_TOKEN_URL = "https://clef.io/api/v1/authorize"
-    ACCESS_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = ","
 
     def auth_params(self, *args, **kwargs):

social_core/backends/clever.py

@@ -11,7 +11,6 @@ class CleverOAuth2(BaseOAuth2):
     name = "clever"
     AUTHORIZATION_URL = "https://clever.com/oauth/authorize"
     ACCESS_TOKEN_URL = "https://clever.com/oauth/tokens"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     STATE_PARAMETER = False
     SCOPE_SEPARATOR = " "

social_core/backends/coding.py

@@ -14,7 +14,6 @@ class CodingOAuth2(BaseOAuth2):
     API_URL = "https://coding.net/api/"
     AUTHORIZATION_URL = "https://coding.net/oauth_authorize.html"
     ACCESS_TOKEN_URL = "https://coding.net/api/oauth/access_token"
-    ACCESS_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = ","
     DEFAULT_SCOPE = ["user"]
     REDIRECT_STATE = False

social_core/backends/cognito.py

@@ -5,7 +5,6 @@ class CognitoOAuth2(BaseOAuth2):
     name = "cognito"
     ID_KEY = "username"
     DEFAULT_SCOPE = ["openid", "profile", "email"]
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
 
     def user_pool_domain(self):

social_core/backends/coinbase.py

@@ -13,7 +13,6 @@ class CoinbaseOAuth2(BaseOAuth2):
     AUTHORIZATION_URL = "https://www.coinbase.com/oauth/authorize"
     ACCESS_TOKEN_URL = "https://api.coinbase.com/oauth/token"
     REVOKE_TOKEN_URL = "https://api.coinbase.com/oauth/revoke"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
 
     def get_user_id(self, details, response):

social_core/backends/coursera.py

@@ -13,7 +13,6 @@ class CourseraOAuth2(BaseOAuth2):
     ID_KEY = "username"
     AUTHORIZATION_URL = "https://accounts.coursera.org/oauth2/v1/auth"
     ACCESS_TOKEN_URL = "https://accounts.coursera.org/oauth2/v1/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     SCOPE_SEPARATOR = ","
     DEFAULT_SCOPE = ["view_profile"]

social_core/backends/dailymotion.py

@@ -15,7 +15,6 @@ class DailymotionOAuth2(BaseOAuth2):
     AUTHORIZATION_URL = "https://api.dailymotion.com/oauth/authorize"
     REQUEST_TOKEN_URL = "https://api.dailymotion.com/oauth/token"
     ACCESS_TOKEN_URL = "https://api.dailymotion.com/oauth/token"
-    ACCESS_TOKEN_METHOD = "POST"
 
     def get_user_details(self, response):
         return {"username": response.get("screenname")}

social_core/backends/deezer.py

@@ -16,7 +16,6 @@ class DeezerOAuth2(BaseOAuth2):
     ID_KEY = "name"
     AUTHORIZATION_URL = "https://connect.deezer.com/oauth/auth.php"
     ACCESS_TOKEN_URL = "https://connect.deezer.com/oauth/access_token.php"
-    ACCESS_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = ","
     REDIRECT_STATE = False
 

social_core/backends/digitalocean.py

@@ -11,7 +11,6 @@ class DigitalOceanOAuth(BaseOAuth2):
     name = "digitalocean"
     AUTHORIZATION_URL = "https://cloud.digitalocean.com/v1/oauth/authorize"
     ACCESS_TOKEN_URL = "https://cloud.digitalocean.com/v1/oauth/token"
-    ACCESS_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = " "
     EXTRA_DATA = [("expires_in", "expires_in")]
 

social_core/backends/discord.py

@@ -11,7 +11,6 @@ class DiscordOAuth2(BaseOAuth2):
     HOSTNAME = "discord.com"
     AUTHORIZATION_URL = f"https://{HOSTNAME}/api/oauth2/authorize"
     ACCESS_TOKEN_URL = f"https://{HOSTNAME}/api/oauth2/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REVOKE_TOKEN_URL = f"https://{HOSTNAME}/api/oauth2/token/revoke"
     REVOKE_TOKEN_METHOD = "GET"
     DEFAULT_SCOPE = ["identify"]

social_core/backends/disqus.py

@@ -10,7 +10,6 @@ class DisqusOAuth2(BaseOAuth2):
     name = "disqus"
     AUTHORIZATION_URL = "https://disqus.com/api/oauth/2.0/authorize/"
     ACCESS_TOKEN_URL = "https://disqus.com/api/oauth/2.0/access_token/"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     SCOPE_SEPARATOR = ","
     EXTRA_DATA = [

social_core/backends/docker.py

@@ -12,7 +12,6 @@ class DockerOAuth2(BaseOAuth2):
     AUTHORIZATION_URL = "https://hub.docker.com/api/v1.1/o/authorize/"
     ACCESS_TOKEN_URL = "https://hub.docker.com/api/v1.1/o/token/"
     REFRESH_TOKEN_URL = "https://hub.docker.com/api/v1.1/o/token/"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     EXTRA_DATA = [
         ("refresh_token", "refresh_token", True),

social_core/backends/douban.py

@@ -36,7 +36,6 @@ class DoubanOAuth2(BaseOAuth2):
     name = "douban-oauth2"
     AUTHORIZATION_URL = "https://www.douban.com/service/auth2/auth"
     ACCESS_TOKEN_URL = "https://www.douban.com/service/auth2/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     EXTRA_DATA = [
         ("id", "id"),

social_core/backends/dribbble.py

@@ -13,7 +13,6 @@ class DribbbleOAuth2(BaseOAuth2):
     name = "dribbble"
     AUTHORIZATION_URL = "https://dribbble.com/oauth/authorize"
     ACCESS_TOKEN_URL = "https://dribbble.com/oauth/token"
-    ACCESS_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = ","
     EXTRA_DATA = [
         ("id", "id"),

social_core/backends/drip.py

@@ -10,7 +10,6 @@ class DripOAuth(BaseOAuth2):
     name = "drip"
     AUTHORIZATION_URL = "https://www.getdrip.com/oauth/authorize"
     ACCESS_TOKEN_URL = "https://www.getdrip.com/oauth/token"
-    ACCESS_TOKEN_METHOD = "POST"
 
     def get_user_id(self, details, response):
         return details["email"]

social_core/backends/dropbox.py

@@ -11,7 +11,6 @@ class DropboxOAuth2V2(BaseOAuth2):
     ID_KEY = "uid"
     AUTHORIZATION_URL = "https://www.dropbox.com/oauth2/authorize"
     ACCESS_TOKEN_URL = "https://api.dropboxapi.com/oauth2/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
 
     def get_user_details(self, response):

social_core/backends/echosign.py

@@ -4,7 +4,6 @@
 class EchosignOAuth2(BaseOAuth2):
     name = "echosign"
     REDIRECT_STATE = False
-    ACCESS_TOKEN_METHOD = "POST"
     REFRESH_TOKEN_METHOD = "POST"
     REVOKE_TOKEN_METHOD = "POST"
     AUTHORIZATION_URL = "https://secure.echosign.com/public/oauth"

social_core/backends/edmodo.py

@@ -12,7 +12,6 @@ class EdmodoOAuth2(BaseOAuth2):
     name = "edmodo"
     AUTHORIZATION_URL = "https://api.edmodo.com/oauth/authorize"
     ACCESS_TOKEN_URL = "https://api.edmodo.com/oauth/token"
-    ACCESS_TOKEN_METHOD = "POST"
 
     def get_user_details(self, response):
         """Return user details from Edmodo account"""

social_core/backends/etsy.py

@@ -8,7 +8,6 @@ class EtsyOAuth2(BaseOAuth2PKCE):
     ACCESS_TOKEN_URL = "https://api.etsy.com/v3/public/oauth/token"
     REFRESH_TOKEN_URL = "https://api.etsy.com/v3/public/oauth/token"
     PKCE_DEFAULT_CODE_CHALLENGE_METHOD = "S256"
-    ACCESS_TOKEN_METHOD = "POST"
     REQUEST_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = " "
     REDIRECT_STATE = False

social_core/backends/eventbrite.py

@@ -8,7 +8,6 @@ class EventbriteOAuth2(BaseOAuth2):
     AUTHORIZATION_URL = "https://www.eventbrite.com/oauth/authorize"
     ACCESS_TOKEN_URL = "https://www.eventbrite.com/oauth/token"
     METADATA_URL = "https://www.eventbriteapi.com/v3/users/me"
-    ACCESS_TOKEN_METHOD = "POST"
     STATE_PARAMETER = False
     REDIRECT_STATE = False
 

social_core/backends/eveonline.py

@@ -14,7 +14,6 @@ class EVEOnlineOAuth2(BaseOAuth2):
     AUTHORIZATION_URL = BASE_URL + "/authorize"
     ACCESS_TOKEN_URL = BASE_URL + "/token"
     ID_KEY = "CharacterID"
-    ACCESS_TOKEN_METHOD = "POST"
     EXTRA_DATA = [
         ("CharacterID", "id"),
         ("expires_in", "expires"),

social_core/backends/fence.py

@@ -10,7 +10,6 @@ class Fence(OpenIdConnectAuth):
     name = "fence"
     OIDC_ENDPOINT = "https://nci-crdc.datacommons.io"
     ID_KEY = "username"
-    ACCESS_TOKEN_METHOD = "POST"
     DEFAULT_SCOPE = ["openid", "user"]
     JWT_DECODE_OPTIONS = {"verify_at_hash": False}
 

social_core/backends/fitbit.py

@@ -36,7 +36,6 @@ class FitbitOAuth2(BaseOAuth2):
     name = "fitbit"
     AUTHORIZATION_URL = "https://www.fitbit.com/oauth2/authorize"
     ACCESS_TOKEN_URL = "https://api.fitbit.com/oauth2/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REFRESH_TOKEN_URL = "https://api.fitbit.com/oauth2/token"
     DEFAULT_SCOPE = ["profile"]
     ID_KEY = "encodedId"

social_core/backends/flat.py

@@ -13,7 +13,6 @@ class FlatOAuth2(BaseOAuth2):
     DEFAULT_SCOPE = ["account.public_profile"]
     AUTHORIZATION_URL = "https://flat.io/auth/oauth"
     ACCESS_TOKEN_URL = "https://api.flat.io/oauth/access_token"
-    ACCESS_TOKEN_METHOD = "POST"
 
     def get_user_id(self, details, response):
         return response.get("id")

social_core/backends/foursquare.py

@@ -10,7 +10,6 @@ class FoursquareOAuth2(BaseOAuth2):
     name = "foursquare"
     AUTHORIZATION_URL = "https://foursquare.com/oauth2/authenticate"
     ACCESS_TOKEN_URL = "https://foursquare.com/oauth2/access_token"
-    ACCESS_TOKEN_METHOD = "POST"
     API_VERSION = "20140128"
 
     def get_user_id(self, details, response):

social_core/backends/gitea.py

@@ -13,7 +13,6 @@ class GiteaOAuth2(BaseOAuth2):
     API_URL = "https://gitea.com"
     AUTHORIZATION_URL = "https://gitea.com/login/oauth/authorize"
     ACCESS_TOKEN_URL = "https://gitea.com/login/oauth/access_token"
-    ACCESS_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = ","
     REDIRECT_STATE = False
     STATE_PARAMETER = True

social_core/backends/github.py

@@ -18,7 +18,6 @@ class GithubOAuth2(BaseOAuth2):
     API_URL = "https://api.github.com/"
     AUTHORIZATION_URL = "https://github.com/login/oauth/authorize"
     ACCESS_TOKEN_URL = "https://github.com/login/oauth/access_token"
-    ACCESS_TOKEN_METHOD = "POST"
     SCOPE_SEPARATOR = ","
     REDIRECT_STATE = False
     STATE_PARAMETER = True

social_core/backends/gitlab.py

@@ -18,7 +18,6 @@ class GitLabOAuth2(BaseOAuth2):
     API_URL = "https://gitlab.com"
     AUTHORIZATION_URL = "https://gitlab.com/oauth/authorize"
     ACCESS_TOKEN_URL = "https://gitlab.com/oauth/token"
-    ACCESS_TOKEN_METHOD = "POST"
     REDIRECT_STATE = False
     DEFAULT_SCOPE = ["read_user"]
     EXTRA_DATA = [

social_core/backends/goclio.py

@@ -4,7 +4,6 @@
 class GoClioOAuth2(BaseOAuth2):
     name = "goclio"
     AUTHORIZATION_URL = "https://app.goclio.com/oauth/authorize/"
-    ACCESS_TOKEN_METHOD = "POST"
     ACCESS_TOKEN_URL = "https://app.goclio.com/oauth/token/"
     REDIRECT_STATE = False
     STATE_PARAMETER = False