Merge branch 'refs/heads/master' into do_no_block_user_exceptions

Author: ArtyomVancyan

Diff for: docs/references/tutorials.md

@@ -28,31 +28,6 @@ generated the client ID and secret to configure your `OAuth2Middleware` with at
 Once the authentication is successful, the user will be redirected to the `redirect_uri` and the `request.user` will
 contain the user information obtained from the IDP.
 
-## Access token
-
-When the user is authenticated, the `request.user` will contain the user information obtained from the IDP and
-the `request.auth` will contain the authentication related information including the access token issued by the IDP. It
-can be used to perform authorized requests to the IDP's API endpoints. Just make sure the token is issued with the
-scopes required for the API endpoint.
-
-::: details `request.auth.provider.access_token`
-
-```mermaid
-flowchart TB
-    subgraph level2["request (Starlette's Request object)"]
-        direction TB
-        subgraph level1["auth (Starlette's extended Auth Credentials)"]
-            direction TB
-            subgraph level0["provider (OAuth2 provider with client's credentials)"]
-                direction TB
-                token["access_token (Access token for the specified scopes)"]
-            end
-        end
-    end
-```
-
-:::
-
 ## Claims mapping
 
 The `Claims` class includes permanent attributes like `display_name`, `identity`, `picture`, and `email`. It also allows
@@ -150,31 +125,7 @@ The request is considered invalid when one of the mandatory parameters, such as
 request fails. And the errors that occur during the OAuth steps are considered authentication errors.
 
 <style>
-.info, .details {
+.info {
   border: 0;
 }
-
-g#level2 rect,
-g#level1 rect,
-g#level0 rect,
-g[id^="flowchart-token"] rect {
-	color: #f6f6f7 !important;
-	stroke: #3c3c43 !important;
-}
-
-g#level2 rect {
-	fill: #00948680 !important;
-}
-
-g#level1 rect {
-	fill: #2b75a080 !important;
-}
-
-g#level0 rect {
-	fill: #5c837480 !important;
-}
-
-g[id^="flowchart-token"] rect {
-	fill: #44506980 !important;
-}
 </style>

Diff for: src/fastapi_oauth2/core.py

@@ -54,7 +54,6 @@ class OAuth2Core:
     _oauth_client: Optional[WebApplicationClient] = None
     _authorization_endpoint: str = None
     _token_endpoint: str = None
-    _access_token: str = None
     _state: str = None
 
     def __init__(self, client: OAuth2Client) -> None:
@@ -71,9 +70,7 @@ def __init__(self, client: OAuth2Client) -> None:
 
     @property
     def access_token(self) -> str:
-        if not self._access_token:
-            self._access_token = self._oauth_client.access_token
-        return self._access_token
+        return self._oauth_client.access_token
 
     def get_redirect_uri(self, request: Request) -> str:
         return urljoin(str(request.base_url), "/oauth2/%s/token" % self.provider)
@@ -124,6 +121,9 @@ async def token_data(self, request: Request, **httpx_client_args) -> dict:
         async with httpx.AsyncClient(auth=auth, **httpx_client_args) as session:
             try:
                 response = await session.post(token_url, headers=headers, content=content)
+                if response.status_code == 401:
+                    content = re.sub(r"client_id=[^&]+", "", content)
+                    response = await session.post(token_url, headers=headers, content=content)
                 self._oauth_client.parse_request_body_response(json.dumps(response.json()))
                 return self.standardize(self.backend.user_data(self.access_token))
             except (OAuth2Error, httpx.HTTPError) as e: