如何在 Flask 上使用 Authlib 2.0 获取身份验证码/令牌?
How to get a authentication code / token using Authlib 2.0 on Flask?
我已经阅读了Authlib and the example multiple times, I also have read articles about the concept of Auth 2.0的部分文档,但我不知道该怎么做。我希望我的用户登录(使用用户名和密码),然后我的应用程序 return 一个令牌。之后用户可以使用私有资源@require_oauth('profile').
我的客户:
*************************** 1. row ***************************
client_id: wmahDfsran1jk6CaH1knpi3n
client_secret: mnr4j15pZurBPYHq4KW4LY8HC7pS4TwjzMlJAUGmo7Bpy5gP
issued_at: 1531271519
expires_at: 0
redirect_uri: http://127.0.0.1:5000/oauth/token
token_endpoint_auth_method: client_secret_basic
grant_type: authorization_code password
response_type: code
scope: profile
client_name: client_test
client_uri: http://127.0.0.1:5000/
logo_uri: NULL
contact: NULL
tos_uri: NULL
policy_uri: NULL
jwks_uri: NULL
jwks_text: NULL
i18n_metadata: NULL
software_id: NULL
software_version: NULL
id: 2
user_id: 1
我的POST请求(使用Postman):
http://127.0.0.1:5000/oauth/authorize?response_type=code&client_id=wmahDfsran1jk6CaH1knpi3n
请求后报错:
{
"error": "invalid_grant"
}
授权:
@routes.route('/oauth/authorize', methods=['GET', 'POST'])
def authorize():
user = current_user()
try:
grant = authorization.validate_consent_request(end_user=user)
except OAuth2Error as error:
return error.error
return authorization.create_authorization_response(grant_user=user)
令牌:
@routes.route('/oauth/token', methods=['POST', 'GET'])
def issue_token():
return authorization.create_token_response()
简介:
@routes.route('/resource/profile', methods=['GET', 'POST'])
@require_oauth('profile')
def profile():
user = current_user()
return jsonify(id=user.id, username=user.username, secret=user.secret, client_id=user.client_id)
令牌继续与身份验证示例相同。
如果我尝试在没有令牌/autorização 的情况下访问 /resource/profile :
{"error": "missing_authorization", "error_description": "Missing \"Authorization\" in headers."}
我该如何解决?
Obs:在我解决这个问题之后,我如何才能获得 Auth Token 并将 header 发送到 /resource/profile?
另一个参考:Authorize access to Azure Active Directory web applications using the OAuth 2.0 code grant flow, OAuth 2.0: An Overview, invalid_grant 试图从 google 获取 oAuth 令牌
问, 刷新访问令牌时出现“invalid_grant”错误的情况?
, 授权码授予 return invalid_grant
...
I want my user to make login (Using username and password) and then my application to return a token
在这种情况下,您需要的是 grant_type=password 流程,可以在 https://docs.authlib.org/en/latest/flask/oauth2.html#resource-owner-password-credentials-grant
处找到
我已经阅读了Authlib and the example multiple times, I also have read articles about the concept of Auth 2.0的部分文档,但我不知道该怎么做。我希望我的用户登录(使用用户名和密码),然后我的应用程序 return 一个令牌。之后用户可以使用私有资源@require_oauth('profile').
我的客户:
*************************** 1. row ***************************
client_id: wmahDfsran1jk6CaH1knpi3n
client_secret: mnr4j15pZurBPYHq4KW4LY8HC7pS4TwjzMlJAUGmo7Bpy5gP
issued_at: 1531271519
expires_at: 0
redirect_uri: http://127.0.0.1:5000/oauth/token
token_endpoint_auth_method: client_secret_basic
grant_type: authorization_code password
response_type: code
scope: profile
client_name: client_test
client_uri: http://127.0.0.1:5000/
logo_uri: NULL
contact: NULL
tos_uri: NULL
policy_uri: NULL
jwks_uri: NULL
jwks_text: NULL
i18n_metadata: NULL
software_id: NULL
software_version: NULL
id: 2
user_id: 1
我的POST请求(使用Postman):
http://127.0.0.1:5000/oauth/authorize?response_type=code&client_id=wmahDfsran1jk6CaH1knpi3n
请求后报错:
{
"error": "invalid_grant"
}
授权:
@routes.route('/oauth/authorize', methods=['GET', 'POST'])
def authorize():
user = current_user()
try:
grant = authorization.validate_consent_request(end_user=user)
except OAuth2Error as error:
return error.error
return authorization.create_authorization_response(grant_user=user)
令牌:
@routes.route('/oauth/token', methods=['POST', 'GET'])
def issue_token():
return authorization.create_token_response()
简介:
@routes.route('/resource/profile', methods=['GET', 'POST'])
@require_oauth('profile')
def profile():
user = current_user()
return jsonify(id=user.id, username=user.username, secret=user.secret, client_id=user.client_id)
令牌继续与身份验证示例相同。
如果我尝试在没有令牌/autorização 的情况下访问 /resource/profile :
{"error": "missing_authorization", "error_description": "Missing \"Authorization\" in headers."}
我该如何解决?
Obs:在我解决这个问题之后,我如何才能获得 Auth Token 并将 header 发送到 /resource/profile?
另一个参考:Authorize access to Azure Active Directory web applications using the OAuth 2.0 code grant flow, OAuth 2.0: An Overview, invalid_grant 试图从 google 获取 oAuth 令牌 问, 刷新访问令牌时出现“invalid_grant”错误的情况? , 授权码授予 return invalid_grant ...
I want my user to make login (Using username and password) and then my application to return a token
在这种情况下,您需要的是 grant_type=password 流程,可以在 https://docs.authlib.org/en/latest/flask/oauth2.html#resource-owner-password-credentials-grant