Authlib 在使用 android appauth 和使用多个范围值时报告 "Error trying to decode a non urlencoded string"
Authlib reports "Error trying to decode a non urlencoded string" when using android appauth and using multiple scope values
我正在试用 Authlib。我有一个工作的 pyoidc 后端和一个使用 android appauth 的测试应用程序(从 google codelabs 教程修改而来)。我为本地机器上的 Authlib 安装重新配置了 android 测试应用程序。现在我在尝试使用多个范围发出授权请求时收到此错误(我将字符串部分缩减为相关部分):
ValueError: Error trying to decode a non urlencoded string. Found invalid characters: {' '} in the string: '...&scope=openid offline_access&...'. Please ensure the request/response body is x-www-form-urlencoded.
我开始从堆栈跟踪和 request_uri 从 android 端跟踪问题。但是请求 uri 的违规部分为 ...&scope=openid%20offline_access&....
我打印了 flask/app.py 的 __call__ 中的 environ 参数,我看到这些相关条目再次缩小到范围:
{
...
'QUERY_STRING': '...&scope=openid%20offline_access&...',
...
'werkzeug.request': <BaseRequest 'http://10.0.2.2:5000/oauth/authorize?...&scope=openid offline_access&...' [GET]>
}
我很困惑。为什么 werkzeug.request 在 environ 中填充此参数之前似乎对字符串进行了预解码,然后在 werkzeug.request 上调用了 authlib 的 urls/url_decode? %20 编码不充分或不正确吗?但是,如果是这样的话,这与默认的 app_auth_android 行为对不同的 oidc 后端和 google 的单点登录方案有效的事实有什么关系呢?
完整堆栈跟踪:
Traceback (most recent call last):
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 2309, in __call__
return self.wsgi_app(environ, start_response)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 2295, in wsgi_app
response = self.handle_exception(e)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1741, in handle_exception
reraise(exc_type, exc_value, tb)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/Users/mliu/Documents/Development/authlib/example-oauth2-server/website/routes.py", line 69, in authorize
grant = authorization.validate_consent_request(end_user=user)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/flask/oauth2/authorization_server.py", line 206, in validate_consent_request
req = _create_oauth2_request(request)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/flask/oauth2/authorization_server.py", line 272, in _create_oauth2_request
q.headers
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/specs/rfc6749/wrappers.py", line 39, in __init__
self.query_params = url_decode(self.query)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/common/urls.py", line 64, in url_decode
raise ValueError(error % (set(query) - urlencoded, query))
ValueError: Error trying to decode a non urlencoded string. Found invalid characters: {' '} in the string: '...&scope=openid offline_access&...'. Please ensure the request/response body is x-www-form-urlencoded.
是的,我确认了。目前,您只能使用 +:
发出请求
scope=openid+offline_access
以防止此问题。我已经在 Authlib 中修复了它:https://github.com/lepture/authlib/commit/d8ab09fb97169fc47070f48c2ede43348f1feff0
它也应该由 werkzeug 修复:https://github.com/pallets/werkzeug/pull/1363
我正在试用 Authlib。我有一个工作的 pyoidc 后端和一个使用 android appauth 的测试应用程序(从 google codelabs 教程修改而来)。我为本地机器上的 Authlib 安装重新配置了 android 测试应用程序。现在我在尝试使用多个范围发出授权请求时收到此错误(我将字符串部分缩减为相关部分):
ValueError: Error trying to decode a non urlencoded string. Found invalid characters: {' '} in the string: '...&scope=openid offline_access&...'. Please ensure the request/response body is x-www-form-urlencoded.
我开始从堆栈跟踪和 request_uri 从 android 端跟踪问题。但是请求 uri 的违规部分为 ...&scope=openid%20offline_access&....
我打印了 flask/app.py 的 __call__ 中的 environ 参数,我看到这些相关条目再次缩小到范围:
{
...
'QUERY_STRING': '...&scope=openid%20offline_access&...',
...
'werkzeug.request': <BaseRequest 'http://10.0.2.2:5000/oauth/authorize?...&scope=openid offline_access&...' [GET]>
}
我很困惑。为什么 werkzeug.request 在 environ 中填充此参数之前似乎对字符串进行了预解码,然后在 werkzeug.request 上调用了 authlib 的 urls/url_decode? %20 编码不充分或不正确吗?但是,如果是这样的话,这与默认的 app_auth_android 行为对不同的 oidc 后端和 google 的单点登录方案有效的事实有什么关系呢?
完整堆栈跟踪:
Traceback (most recent call last):
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 2309, in __call__
return self.wsgi_app(environ, start_response)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 2295, in wsgi_app
response = self.handle_exception(e)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1741, in handle_exception
reraise(exc_type, exc_value, tb)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/Users/mliu/Documents/Development/authlib/example-oauth2-server/website/routes.py", line 69, in authorize
grant = authorization.validate_consent_request(end_user=user)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/flask/oauth2/authorization_server.py", line 206, in validate_consent_request
req = _create_oauth2_request(request)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/flask/oauth2/authorization_server.py", line 272, in _create_oauth2_request
q.headers
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/specs/rfc6749/wrappers.py", line 39, in __init__
self.query_params = url_decode(self.query)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/common/urls.py", line 64, in url_decode
raise ValueError(error % (set(query) - urlencoded, query))
ValueError: Error trying to decode a non urlencoded string. Found invalid characters: {' '} in the string: '...&scope=openid offline_access&...'. Please ensure the request/response body is x-www-form-urlencoded.
是的,我确认了。目前,您只能使用 +:
scope=openid+offline_access
以防止此问题。我已经在 Authlib 中修复了它:https://github.com/lepture/authlib/commit/d8ab09fb97169fc47070f48c2ede43348f1feff0
它也应该由 werkzeug 修复:https://github.com/pallets/werkzeug/pull/1363