Merge pull request #19 from xdevplatform/fix-oauth2-bugs

Fix OAuth2 PKCE Implementation Issues

Author: tcaldwell-x

xdk-gen/templates/python/main_client.j2

@@ -22,7 +22,7 @@ class Client:
     """Client for interacting with the X API."""
 
     def __init__(self, 
-                 base_url: str = "https://api.twitter.com", 
+                 base_url: str = "https://api.x.com", 
                  bearer_token: str = None, 
                  client_id: str = None, 
                  client_secret: str = None,

xdk-gen/templates/python/oauth2_auth.j2

@@ -21,7 +21,7 @@ class OAuth2PKCEAuth:
     """OAuth2 PKCE authentication for the X API."""
 
     def __init__(self, 
-                 base_url: str = "https://api.twitter.com",
+                 base_url: str = "https://api.x.com",
                  client_id: str = None,
                  client_secret: str = None,
                  redirect_uri: str = None,
@@ -30,7 +30,7 @@ class OAuth2PKCEAuth:
         """Initialize the OAuth2 PKCE authentication.
 
         Args:
-            base_url: The base URL for the X API.
+            base_url: The base URL for the X API token endpoint (defaults to https://api.x.com).
             client_id: The client ID for the X API.
             client_secret: The client secret for the X API.
             redirect_uri: The redirect URI for OAuth2 authorization.
@@ -100,8 +100,10 @@ class OAuth2PKCEAuth:
             scope=self.scope
         )
 
+        # Authorization URL is always https://x.com/i/oauth2/authorize
+        # (not using base_url since it's for API calls, not authorization)
         auth_url, state = self.oauth2_session.authorization_url(
-            f"{self.base_url}/oauth2/authorize",
+            "https://x.com/i/oauth2/authorize",
             code_challenge=self.code_challenge,
             code_challenge_method="S256"
         )
@@ -121,7 +123,7 @@ class OAuth2PKCEAuth:
             raise ValueError("OAuth2 session not initialized. Call get_authorization_url first.")
 
         self.token = self.oauth2_session.fetch_token(
-            f"{self.base_url}/oauth2/token",
+            f"{self.base_url}/2/oauth2/token",
             authorization_response=authorization_response,
             code_verifier=self.code_verifier,
             client_id=self.client_id,
@@ -139,7 +141,7 @@ class OAuth2PKCEAuth:
         if not self.oauth2_session or not self.token:
             raise ValueError("No token to refresh")
 
-        refresh_url = f"{self.base_url}/oauth2/token"
+        refresh_url = f"{self.base_url}/2/oauth2/token"
 
         self.token = self.oauth2_session.refresh_token(
             refresh_url,

xdk-gen/templates/python/process_for_mintlify.j2

@@ -1042,43 +1042,48 @@ This example shows how to use OAuth 2.0 with Proof Key for Code Exchange (PKCE).
 **Example** (using a web server for callback):
 
 ```python
-from xdk.auth import OAuth2PKCE
+from xdk.oauth2_auth import OAuth2PKCEAuth
 from urllib.parse import urlparse
 import webbrowser
 
 # Step 1: Create PKCE instance
-auth = OAuth2PKCE(
-    client_id="your_client_id",
-    redirect_uri="http://localhost:8080/callback",
-    scopes=["tweet.read", "users.read", "offline.access"]  # Adjust scopes as needed
+auth = OAuth2PKCEAuth(
+    client_id="YOUR_CLIENT_ID",
+    redirect_uri="YOUR_CALLBACK_URL",
+    scope="tweet.read users.read offline.access"
 )
 
 # Step 2: Get authorization URL
-auth_url = auth.get_authorization_url()
+auth_url, state = auth.get_authorization_url()
 print(f"Visit this URL to authorize: {auth_url}")
 webbrowser.open(auth_url)
 
 # Step 3: Handle callback (in a real app, use a web framework like Flask)
 # Assume callback_url = "http://localhost:8080/callback?code=AUTH_CODE_HERE"
 callback_url = input("Paste the full callback URL here: ")
-parsed = urlparse(callback_url)
-code = parsed.query.split("=")[1]
 
 # Step 4: Exchange code for tokens
-tokens = auth.fetch_token(authorization_code=code)
+tokens = auth.fetch_token(authorization_response=callback_url)
 access_token = tokens["access_token"]
 refresh_token = tokens["refresh_token"]  # Store for renewal
 
 # Step 5: Create client
-client = Client(oauth2_access_token=access_token)
+# Option 1: Use bearer_token (OAuth2 access tokens work as bearer tokens)
+client = Client(bearer_token=access_token)
+
+# Option 2: Pass the full token dict for automatic refresh support
+# client = Client(token=tokens)
 ```
 
 **Token Refresh** (automatic in SDK for long-lived sessions):
 
 ```python
 # If access token expires, refresh using stored refresh_token
-tokens = auth.refresh_token(refresh_token=refresh_token)
-client = Client(oauth2_access_token=tokens["access_token"])
+# The refresh_token method uses the stored token from the OAuth2PKCEAuth instance
+tokens = auth.refresh_token()
+# Use the refreshed token
+client = Client(bearer_token=tokens["access_token"])
+# Or pass the full token dict: client = Client(token=tokens)
 ```
 
 ### 3. OAuth 1.0a User Context

xdk-gen/templates/typescript/oauth2_auth.j2

@@ -64,7 +64,11 @@ export class OAuth2 {
       state: state || ''
     });
 
-    // PKCE parameters are handled separately - not generated automatically
+    // Add PKCE parameters if they've been set
+    if (this.codeChallenge) {
+      params.append('code_challenge', this.codeChallenge);
+      params.append('code_challenge_method', 'S256');
+    }
 
     return `https://x.com/i/oauth2/authorize?${params.toString()}`;
   }