diff --git a/connexion/decorators/security.py b/connexion/decorators/security.py index 82c1fbe80..e12e4de13 100644 --- a/connexion/decorators/security.py +++ b/connexion/decorators/security.py @@ -13,6 +13,7 @@ # Authentication and authorization related decorators +import certifi import logging import functools import types @@ -38,7 +39,7 @@ def wrapper(*args, **kwargs): else: _, token = authorization.split() logger.debug("... Getting token '%s' from %s", token, token_info_url) - token_request = requests.get(token_info_url, params={'access_token': token}) + token_request = requests.get(token_info_url, params={'access_token': token}, verify=certifi.where()) logger.debug("... Token info (%d): %s", token_request.status_code, token_request.text) if not token_request.ok: raise abort(401) diff --git a/setup.py b/setup.py index 81ab39ac0..d2f914fa2 100755 --- a/setup.py +++ b/setup.py @@ -6,7 +6,7 @@ from setuptools import setup, find_packages from setuptools.command.test import test as TestCommand -version = '0.4.1' +version = '0.4.2' class PyTest(TestCommand): @@ -36,7 +36,7 @@ def run_tests(self): author='Zalando SE', url='https://github.com/zalando/connexion', license='Apache License Version 2.0', - install_requires=['flask', 'PyYAML', 'tornado', 'requests'], + install_requires=['flask', 'PyYAML', 'tornado', 'requests', 'certifi'], tests_require=['pytest-cov', 'pytest'], cmdclass={'test': PyTest}, classifiers=[ diff --git a/tests/test_app.py b/tests/test_app.py index 71a5100f8..1ed2dd781 100644 --- a/tests/test_app.py +++ b/tests/test_app.py @@ -26,7 +26,7 @@ def json(self): @pytest.fixture def oauth_requests(monkeypatch: '_pytest.monkeypatch.monkeypatch'): - def fake_get(url:str, params:dict=None): + def fake_get(url:str, params:dict=None, verify=None): params = params or {} if url == "https://ouath.example/token_info": token = params['access_token']