带有 Authlib 0.11 的 JWT 令牌生成器
JWT token generator with Authlib 0.11
首先:非常感谢 Authlib 创建者/其他开源创建者和支持者。
我想要 Authlib 0.11 到 return oauth 令牌作为 JWT。
我尝试按照 Authlib 网站中提供的文档使用 Authlib 0.11 https://docs.authlib.org/en/latest/flask/2/authorization-server.html#token.
创建 JWT 令牌生成器
因为我是这个主题的新手,所以我仍然无法找到将我的 JWT 令牌生成器方法传递给 config:OAUTH2_ACCESS_TOKEN_GENERATOR
的正确方法
感谢任何帮助。
这是我的虚拟 jwt 令牌生成器:
from authlib.jose import jwt
def gen_access_token(client, grant_type, user, scope):
log.debug('Not used yet in the JWT:: {} \n{} \n{} \n{}'.format( client, grant_type, user, scope))
header = {'alg': 'RS256'}
payload = {
'iss': 'http://127.0.0.1:5000/oauth/token',
'sub': 'test client',
'aud': 'profile'
}
try:
key = open('wf-app-server.key', 'r').read()
s = jwt.encode(header, payload, key)
claims = jwt.decode(s, open('wf-app-pub.pem', 'r').read())
except Exception as e:
log.debug('JWT exception', e)
log.debug("jwt encoded:{}\n decoded :{} \n header:{}".format(
s, claims, claims.header))
return s
OAUTH2_REFRESH_TOKEN_GENERATOR = True
OAUTH2_TOKEN_EXPIRES_IN = {
'authorization_code': 874000,
'implicit': 3600,
'password': 600000,
'client_credentials': 600000
}
OAUTH2_ACCESS_TOKEN_GENERATOR = gen_access_token('bCsNV2Lo8hxD593Km84lWM5d', 'client_credentials', 'admin', 'profile')
-- 显示我的 JWT 令牌生成器工作正常并且 returned 值可以正确解码的输出--
2019-06-22 13:37:38,024 DEBUG gen_access_token (7) Not used yet in the JWT:: bCsNV2Lo8hxD593Km84lWM5d client_credentials admin profile
2019-06-22 13:37:38,052 DEBUG gen_access_token (21) jwt encoded:b'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjUwMDAvb2F1dGgvdG9rZW4iLCJzdWIiOiJ0ZXN0IGNsaWVudCIsImF1ZCI6InByb2ZpbGUifQ.BU5dSbPAFzoDDo4vathd6jlQVmDHaygEUh4GCwknCdbf4AVig3SgOW8JbITuPCKTf7qnxE8iJCWUOAd_wDCZwWKXdpisG6EGGmNpwZLAsDqL1CLgqTsRuGrc2kUfyMOHXfGXGkqsNROuPFV0-XYgxCQOz4LolNcB3Knvu1ApRcZyej8nAFXKxccDkLYyhldjRJwRehRZ4tMjDlbP4ghmEUFBF1Msx5Yzot26IK3ps4dfLnYVJr2dKUIPK75BzYR5kgUm3nkJRe4F0898j8tIMZwvKa2lKSypORDQXUxC3i8-x7A2vsVk7Jw3qcbZBarqstUEWITCZSVPYoHoF5l8iw'
decoded :{'iss': 'http://127.0.0.1:5000/oauth/token', 'sub': 'test client', 'aud': 'profile'} header:{'alg': 'RS256', 'typ': 'JWT'}
首先,为了测试我的 oauth 令牌请求凭据是否正确,我尝试从 Authlib 请求一个正确的 client_credentials 和默认的 token_generator 的 oauth 令牌。有了这个,我得到了默认的 oauth 令牌。
其次,我使用令牌生成器更新了配置,然后当我请求具有相同客户端凭据的 oauth 令牌时,出现以下错误:
2019-06-22 13:40:56,700 DEBUG authenticate_client_secret_basic (65)
Authenticate bCsNV2Lo8hxD593Km84lWM5d via "client_secret_basic"
success
I created this custom debug line below to understand what the default access_token_generator() takes as input parameters. It is exactly take the same types - my input parameter types also match!
2019-06-22 13:40:56,701 DEBUG validate_token_request (67)
Validate token request of <OAuth2Client 2> client: <OAuth2Client 2>
type:<class 'website.models.OAuth2Client'> grant_type:
client_credentials type:<class 'str'> user: None type:<class
'NoneType'> scope: rs1secret type:<class 'str'>
2019-06-22 13:40:56,708 INFO _log (122) 127.0.0.1 - - [22/Jun/2019 13:40:56] "POST /oauth/token HTTP/1.1" 500 - Traceback (most recent call last): File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 2328, in __call__
return self.wsgi_app(environ, start_response) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 2314, in wsgi_app
response = self.handle_exception(e) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1760, in handle_exception
reraise(exc_type, exc_value, tb) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/_compat.py",
line 36, in reraise
raise value File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 2311, in wsgi_app
response = self.full_dispatch_request() File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1834, in full_dispatch_request
rv = self.handle_user_exception(e) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1737, in handle_user_exception
reraise(exc_type, exc_value, tb) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/_compat.py",
line 36, in reraise
raise value File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1832, in full_dispatch_request
rv = self.dispatch_request() File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1818, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args) File "/home/pksec/xx/oAuthProvider/website/routes.py",
line 193, in issue_token
return authorization.create_token_response() File "/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/authlib/oauth2/rfc6749/authorization_server.py",
line 186, in create_token_response
args = grant.create_token_response() File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/authlib/oauth2/rfc6749/grants/client_credentials.py",
line 104, in create_token_response
include_refresh_token=False, File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/authlib/oauth2/rfc6749/grants/base.py",
line 58, in generate_token
include_refresh_token=include_refresh_token, File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/authlib/oauth2/rfc6750/wrappers.py",
line 91, in __call__
access_token = self.access_token_generator(client, grant_type, user, scope) TypeError: 'NoneType' object is not callable
当我将 gen_acc_token() 方法传递给配置时,我知道我做错了什么 - 但无法准确找出问题所在。
通过示例 gen_JWT_access_token() 的小代码片段会很棒。
我终于找到了将我的 JWT 令牌生成器方法传递给 config:OAUTH2_ACCESS_TOKEN_GENERATOR
的正确方法
这是我的虚拟 jwt 令牌生成器:
from authlib.jose import jwt
def gen_access_token(client, grant_type, user, scope):
log.debug('Not used yet in the JWT:: {} \n{} \n{} \n{}'.format( client, grant_type, user, scope))
header = {'alg': 'RS256'}
payload = {
'iss': 'http://127.0.0.1:5000/oauth/token',
'sub': 'test client',
'aud': 'profile'
}
try:
key = open('wf-app-server.key', 'r').read()
s = jwt.encode(header, payload, key)
claims = jwt.decode(s, open('wf-app-pub.pem', 'r').read())
except Exception as e:
log.debug('JWT exception', e)
log.debug("jwt encoded:{}\n decoded :{} \n header:{}".format(
s, claims, claims.header))
return s
OAUTH2_REFRESH_TOKEN_GENERATOR = True
OAUTH2_TOKEN_EXPIRES_IN = {
'authorization_code': 874000,
'implicit': 3600,
'password': 600000,
'client_credentials': 600000
}
OAUTH2_ACCESS_TOKEN_GENERATOR = gen_access_token
不传递函数参数:Python NoneType object is not callable (beginner)
这是初学者的错误!按照您的错误输出,您将找到解决方案!
这就是你不应该传递你的生成器函数的方式:
OAUTH2_ACCESS_TOKEN_GENERATOR = gen_access_token('bCsNV2Lo8hxD593Km84lWM5d', 'client_credentials', 'admin', 'profile')
首先:非常感谢 Authlib 创建者/其他开源创建者和支持者。
我想要 Authlib 0.11 到 return oauth 令牌作为 JWT。 我尝试按照 Authlib 网站中提供的文档使用 Authlib 0.11 https://docs.authlib.org/en/latest/flask/2/authorization-server.html#token.
创建 JWT 令牌生成器因为我是这个主题的新手,所以我仍然无法找到将我的 JWT 令牌生成器方法传递给 config:OAUTH2_ACCESS_TOKEN_GENERATOR
的正确方法感谢任何帮助。
这是我的虚拟 jwt 令牌生成器:
from authlib.jose import jwt
def gen_access_token(client, grant_type, user, scope):
log.debug('Not used yet in the JWT:: {} \n{} \n{} \n{}'.format( client, grant_type, user, scope))
header = {'alg': 'RS256'}
payload = {
'iss': 'http://127.0.0.1:5000/oauth/token',
'sub': 'test client',
'aud': 'profile'
}
try:
key = open('wf-app-server.key', 'r').read()
s = jwt.encode(header, payload, key)
claims = jwt.decode(s, open('wf-app-pub.pem', 'r').read())
except Exception as e:
log.debug('JWT exception', e)
log.debug("jwt encoded:{}\n decoded :{} \n header:{}".format(
s, claims, claims.header))
return s
OAUTH2_REFRESH_TOKEN_GENERATOR = True
OAUTH2_TOKEN_EXPIRES_IN = {
'authorization_code': 874000,
'implicit': 3600,
'password': 600000,
'client_credentials': 600000
}
OAUTH2_ACCESS_TOKEN_GENERATOR = gen_access_token('bCsNV2Lo8hxD593Km84lWM5d', 'client_credentials', 'admin', 'profile')
-- 显示我的 JWT 令牌生成器工作正常并且 returned 值可以正确解码的输出--
2019-06-22 13:37:38,024 DEBUG gen_access_token (7) Not used yet in the JWT:: bCsNV2Lo8hxD593Km84lWM5d client_credentials admin profile
2019-06-22 13:37:38,052 DEBUG gen_access_token (21) jwt encoded:b'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vMTI3LjAuMC4xOjUwMDAvb2F1dGgvdG9rZW4iLCJzdWIiOiJ0ZXN0IGNsaWVudCIsImF1ZCI6InByb2ZpbGUifQ.BU5dSbPAFzoDDo4vathd6jlQVmDHaygEUh4GCwknCdbf4AVig3SgOW8JbITuPCKTf7qnxE8iJCWUOAd_wDCZwWKXdpisG6EGGmNpwZLAsDqL1CLgqTsRuGrc2kUfyMOHXfGXGkqsNROuPFV0-XYgxCQOz4LolNcB3Knvu1ApRcZyej8nAFXKxccDkLYyhldjRJwRehRZ4tMjDlbP4ghmEUFBF1Msx5Yzot26IK3ps4dfLnYVJr2dKUIPK75BzYR5kgUm3nkJRe4F0898j8tIMZwvKa2lKSypORDQXUxC3i8-x7A2vsVk7Jw3qcbZBarqstUEWITCZSVPYoHoF5l8iw'
decoded :{'iss': 'http://127.0.0.1:5000/oauth/token', 'sub': 'test client', 'aud': 'profile'} header:{'alg': 'RS256', 'typ': 'JWT'}
首先,为了测试我的 oauth 令牌请求凭据是否正确,我尝试从 Authlib 请求一个正确的 client_credentials 和默认的 token_generator 的 oauth 令牌。有了这个,我得到了默认的 oauth 令牌。
其次,我使用令牌生成器更新了配置,然后当我请求具有相同客户端凭据的 oauth 令牌时,出现以下错误:
2019-06-22 13:40:56,700 DEBUG authenticate_client_secret_basic (65)
Authenticate bCsNV2Lo8hxD593Km84lWM5d via "client_secret_basic"
success
I created this custom debug line below to understand what the default access_token_generator() takes as input parameters. It is exactly take the same types - my input parameter types also match!
2019-06-22 13:40:56,701 DEBUG validate_token_request (67)
Validate token request of <OAuth2Client 2> client: <OAuth2Client 2>
type:<class 'website.models.OAuth2Client'> grant_type:
client_credentials type:<class 'str'> user: None type:<class
'NoneType'> scope: rs1secret type:<class 'str'>
2019-06-22 13:40:56,708 INFO _log (122) 127.0.0.1 - - [22/Jun/2019 13:40:56] "POST /oauth/token HTTP/1.1" 500 - Traceback (most recent call last): File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 2328, in __call__
return self.wsgi_app(environ, start_response) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 2314, in wsgi_app
response = self.handle_exception(e) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1760, in handle_exception
reraise(exc_type, exc_value, tb) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/_compat.py",
line 36, in reraise
raise value File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 2311, in wsgi_app
response = self.full_dispatch_request() File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1834, in full_dispatch_request
rv = self.handle_user_exception(e) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1737, in handle_user_exception
reraise(exc_type, exc_value, tb) File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/_compat.py",
line 36, in reraise
raise value File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1832, in full_dispatch_request
rv = self.dispatch_request() File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/flask/app.py",
line 1818, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args) File "/home/pksec/xx/oAuthProvider/website/routes.py",
line 193, in issue_token
return authorization.create_token_response() File "/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/authlib/oauth2/rfc6749/authorization_server.py",
line 186, in create_token_response
args = grant.create_token_response() File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/authlib/oauth2/rfc6749/grants/client_credentials.py",
line 104, in create_token_response
include_refresh_token=False, File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/authlib/oauth2/rfc6749/grants/base.py",
line 58, in generate_token
include_refresh_token=include_refresh_token, File "/home/pksec/.local/share/virtualenvs/oAuthProvider-n_KOMqPA/lib/python3.7/site-packages/authlib/oauth2/rfc6750/wrappers.py",
line 91, in __call__
access_token = self.access_token_generator(client, grant_type, user, scope) TypeError: 'NoneType' object is not callable
当我将 gen_acc_token() 方法传递给配置时,我知道我做错了什么 - 但无法准确找出问题所在。
通过示例 gen_JWT_access_token() 的小代码片段会很棒。
我终于找到了将我的 JWT 令牌生成器方法传递给 config:OAUTH2_ACCESS_TOKEN_GENERATOR
的正确方法这是我的虚拟 jwt 令牌生成器:
from authlib.jose import jwt
def gen_access_token(client, grant_type, user, scope):
log.debug('Not used yet in the JWT:: {} \n{} \n{} \n{}'.format( client, grant_type, user, scope))
header = {'alg': 'RS256'}
payload = {
'iss': 'http://127.0.0.1:5000/oauth/token',
'sub': 'test client',
'aud': 'profile'
}
try:
key = open('wf-app-server.key', 'r').read()
s = jwt.encode(header, payload, key)
claims = jwt.decode(s, open('wf-app-pub.pem', 'r').read())
except Exception as e:
log.debug('JWT exception', e)
log.debug("jwt encoded:{}\n decoded :{} \n header:{}".format(
s, claims, claims.header))
return s
OAUTH2_REFRESH_TOKEN_GENERATOR = True
OAUTH2_TOKEN_EXPIRES_IN = {
'authorization_code': 874000,
'implicit': 3600,
'password': 600000,
'client_credentials': 600000
}
OAUTH2_ACCESS_TOKEN_GENERATOR = gen_access_token
不传递函数参数:Python NoneType object is not callable (beginner)
这是初学者的错误!按照您的错误输出,您将找到解决方案!
这就是你不应该传递你的生成器函数的方式:
OAUTH2_ACCESS_TOKEN_GENERATOR = gen_access_token('bCsNV2Lo8hxD593Km84lWM5d', 'client_credentials', 'admin', 'profile')