Update password flow to fetch client_id from service (#653)

RyaliNvidia · web-flow · commit 5f067f854ce0 · 2026-03-09T15:54:39.000-07:00
* Update password flow to fetch client_id from service

* lint
diff --git a/src/cli/login.py b/src/cli/login.py
@@ -98,17 +98,9 @@ class UrlValidator(pydantic.BaseModel):
         password = args.password_file.read().strip('\n')
         args.password_file.close()
 
-    # Construct device endpoint
-    device_endpoint = args.device_endpoint
-    client_id: str = service_client.login_manager.login_config.client_id
-    if not device_endpoint:
-        login_info = login.fetch_login_info(url)
-        device_endpoint = login_info['device_endpoint']
-        client_id = login_info['device_client_id'] or client_id
-
     # Login through device code flow
     if args.method == 'code':
-        service_client.login_manager.device_code_login(url, device_endpoint, client_id)
+        service_client.login_manager.device_code_login(url, args.device_endpoint)
 
     # Login through resource owner password flow
     elif args.method == 'password':
diff --git a/src/lib/utils/client.py b/src/lib/utils/client.py
@@ -155,9 +155,13 @@ def login_storage(self) -> login.LoginStorage:
     def login_config(self) -> login.LoginConfig:
         return self._login_config
 
-    def device_code_login(self, url: str, device_endpoint: str, client_id: str):
+    def device_code_login(self, url: str, device_endpoint: str | None):
         """ Log in using OAUTH2 device flow """
         # Generate a user code
+        login_info = login.fetch_login_info(url)
+        device_endpoint = device_endpoint or login_info['device_endpoint']
+        client_id = self._login_config.client_id or login_info['client_id']
+
         response = requests.post(device_endpoint, data={
             'client_id': client_id,
             'scope': 'openid offline_access profile'
diff --git a/src/lib/utils/login.py b/src/lib/utils/login.py
@@ -78,9 +78,9 @@ class LoginConfig(pydantic.BaseModel):
         command_line='token_endpoint',
         default = None,
         description='The url to get a token from device auth, client auth, or refresh token.')
-    client_id: str = pydantic.Field(
+    client_id: str | None = pydantic.Field(
         command_line='client_id',
-        default='osmo-device',
+        default=None,
         description='The client id for the OSMO application.')
     login_method: Literal['password', 'token'] | None = pydantic.Field(
         command_line='login_method',
@@ -176,17 +176,18 @@ def owner_password_login(config: LoginConfig,
                          url: str,
                          username: str,
                          password: str,
-                         user_agent: str| None) -> LoginStorage:
+                         user_agent: str| None,) -> LoginStorage:
     """ Log in using OAUTH2 resource owner password flow """
     # Do not allow IPV6 which doesn't work in some of our configurations
     urllib3.util.connection.HAS_IPV6 = False
 
     headers = {}
     if user_agent:
         headers['User-Agent'] = user_agent
-    token_endpoint = config.token_or_default(url)
+    login_info = fetch_login_info(url)
+    token_endpoint = config.token_endpoint or login_info['token_endpoint']
     result = requests.post(token_endpoint, data={
-        'client_id': config.client_id,
+        'client_id': config.client_id or login_info['client_id'],
         'username': username,
         'password': password,
         'grant_type': 'password',
