缺少必需的参数:范围。在 doorkeeper gem 从 5.1.0 升级到 5.2.1 之后
Missing required parameter: scope. after doorkeeper gem upgrade from 5.1.0 to 5.2.1
在提供授权的Rails(5.2.3)应用程序上gem将doorkeeper从5.1.0升级到5.2.1后,请求授权的应用程序登录不起作用了。尽管我们不使用范围,但授权应用程序上的页面指出 Missing required parameter: scope.。
迁移说明中有几行关于范围的内容,但它们没有告诉我。 https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions#database-changes
我知道我必须创建一个像这样的迁移,但问题仍然存在:
# frozen_string_literal: true
class ChangeScopesOnOAuthAccessGrants < ActiveRecord::Migration[5.2]
def up
change_column_default :oauth_access_grants, :scopes, from: nil, to: ''
change_column_null :oauth_access_grants, :scopes, false
end
def down
change_column_default :oauth_access_grants, :scopes, from: '', to: nil
change_column_null :oauth_access_grants, :scopes, true
end
end
授权应用程序上的配置 doorkeeper.rb 非常简单:
Doorkeeper.configure do
orm :active_record
resource_owner_authenticator do
current_admin_user || redirect_to(new_admin_user_session_path(params.permit(:client_id, :redirect_uri, :response_type, :state)))
end
admin_authenticator do
current_admin_user || redirect_to(new_admin_user_session_path)
end
access_token_expires_in 24.hours
end
我深入研究了 运行 迁移前后的响应。在 Doorkeeper 模块的 AuthorizationsController#new(继承自 Doorkeeper::ApplicationController)中使用 binding.pry,我可以确认 Doorkeeper::OAuth::PreAuthorization returns nil 的实例对于属性scope 但不适用于 scopes.
调用 pre_auth.authorizable? 后,我得到了这个对象和这些值:
#<Doorkeeper::OAuth::PreAuthorization:0x00007fad33f25390
@client=
#<Doorkeeper::OAuth::Client:0x00007fad364b22e8
@application=
#<Doorkeeper::Application:0x00007fad364b26d0
id: 2,
name: "...",
uid: "...",
secret: "..",
redirect_uri:
"http://localhost:3001/users/auth/doorkeeper/callback",
scopes: "",
created_at: Tue, 24 Oct 2017 11:56:13 CEST +02:00,
updated_at: Thu, 03 Oct 2019 18:53:35 CEST +02:00,
confidential: true>>,
@client_id="...",
@code_challenge=nil,
@code_challenge_method=nil,
@error=:invalid_request,
@missing_param=:scope,
@redirect_uri="http://localhost:3001/users/auth/doorkeeper/callback",
@response_type="code",
@scope=nil,
@server=
#<Doorkeeper::Config:0x00007fad33b72180
@access_token_expires_in=24 hours,
@api_only=false,
@application_secret_strategy=Doorkeeper::SecretStoring::???,
@authenticate_admin=#<Proc:0x00007fad33b71d20@/Users/.../config/initializers/doorkeeper.rb:11>,
@authenticate_resource_owner=#<Proc:0x00007fad33b71eb0@/Users/.../config/initializers/doorkeeper.rb:6>,
@default_scopes=#<Doorkeeper::OAuth::Scopes:0x00007fad364cb7c0 @scopes=[]>,
@orm=:active_record,
@token_secret_strategy=Doorkeeper::SecretStoring::???>,
@state="...">
我目前没有任何解决问题的线索。感谢您的提示!
您需要重新运行此命令以生成与新版本兼容的迁移。这将为 oauth_access_grants.
的 scopes 属性添加一个非空选项
bundle exec rails generate doorkeeper:migration
在你完成之后,运行你的迁移像往常一样使用 rake。
rake db:migrate
我遇到了同样的问题。似乎你总是需要提供一个 scope 参数,无论是在你的授权请求中还是配置一个 default_scope (配置中有一个例子)。此外,默认或请求的范围必须与您的客户端应用程序范围之一匹配,否则您将得到 The requested scope is invalid, unknown, or malformed..
这在Migration from old versions, but explained as a database change. The linked RFC6749#section-3.3中更清楚地说明了新要求:
If the client omits the scope parameter when requesting
authorization, the authorization server MUST either process the
request using a pre-defined default value or fail the request
indicating an invalid scope. The authorization server SHOULD
document its scope requirements and default value (if defined).
我同意 Migration from old versions or Scopes but it seems important that they're more faithful to RFC6749. I'm using grant_type: 'authorization_code', and "scope" isn't even mentioned in Authorization Code Flow.
中似乎没有对此进行充分记录
在提供授权的Rails(5.2.3)应用程序上gem将doorkeeper从5.1.0升级到5.2.1后,请求授权的应用程序登录不起作用了。尽管我们不使用范围,但授权应用程序上的页面指出 Missing required parameter: scope.。
迁移说明中有几行关于范围的内容,但它们没有告诉我。 https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions#database-changes
我知道我必须创建一个像这样的迁移,但问题仍然存在:
# frozen_string_literal: true
class ChangeScopesOnOAuthAccessGrants < ActiveRecord::Migration[5.2]
def up
change_column_default :oauth_access_grants, :scopes, from: nil, to: ''
change_column_null :oauth_access_grants, :scopes, false
end
def down
change_column_default :oauth_access_grants, :scopes, from: '', to: nil
change_column_null :oauth_access_grants, :scopes, true
end
end
授权应用程序上的配置 doorkeeper.rb 非常简单:
Doorkeeper.configure do
orm :active_record
resource_owner_authenticator do
current_admin_user || redirect_to(new_admin_user_session_path(params.permit(:client_id, :redirect_uri, :response_type, :state)))
end
admin_authenticator do
current_admin_user || redirect_to(new_admin_user_session_path)
end
access_token_expires_in 24.hours
end
我深入研究了 运行 迁移前后的响应。在 Doorkeeper 模块的 AuthorizationsController#new(继承自 Doorkeeper::ApplicationController)中使用 binding.pry,我可以确认 Doorkeeper::OAuth::PreAuthorization returns nil 的实例对于属性scope 但不适用于 scopes.
调用 pre_auth.authorizable? 后,我得到了这个对象和这些值:
#<Doorkeeper::OAuth::PreAuthorization:0x00007fad33f25390
@client=
#<Doorkeeper::OAuth::Client:0x00007fad364b22e8
@application=
#<Doorkeeper::Application:0x00007fad364b26d0
id: 2,
name: "...",
uid: "...",
secret: "..",
redirect_uri:
"http://localhost:3001/users/auth/doorkeeper/callback",
scopes: "",
created_at: Tue, 24 Oct 2017 11:56:13 CEST +02:00,
updated_at: Thu, 03 Oct 2019 18:53:35 CEST +02:00,
confidential: true>>,
@client_id="...",
@code_challenge=nil,
@code_challenge_method=nil,
@error=:invalid_request,
@missing_param=:scope,
@redirect_uri="http://localhost:3001/users/auth/doorkeeper/callback",
@response_type="code",
@scope=nil,
@server=
#<Doorkeeper::Config:0x00007fad33b72180
@access_token_expires_in=24 hours,
@api_only=false,
@application_secret_strategy=Doorkeeper::SecretStoring::???,
@authenticate_admin=#<Proc:0x00007fad33b71d20@/Users/.../config/initializers/doorkeeper.rb:11>,
@authenticate_resource_owner=#<Proc:0x00007fad33b71eb0@/Users/.../config/initializers/doorkeeper.rb:6>,
@default_scopes=#<Doorkeeper::OAuth::Scopes:0x00007fad364cb7c0 @scopes=[]>,
@orm=:active_record,
@token_secret_strategy=Doorkeeper::SecretStoring::???>,
@state="...">
我目前没有任何解决问题的线索。感谢您的提示!
您需要重新运行此命令以生成与新版本兼容的迁移。这将为 oauth_access_grants.
scopes 属性添加一个非空选项
bundle exec rails generate doorkeeper:migration
在你完成之后,运行你的迁移像往常一样使用 rake。
rake db:migrate
我遇到了同样的问题。似乎你总是需要提供一个 scope 参数,无论是在你的授权请求中还是配置一个 default_scope (配置中有一个例子)。此外,默认或请求的范围必须与您的客户端应用程序范围之一匹配,否则您将得到 The requested scope is invalid, unknown, or malformed..
这在Migration from old versions, but explained as a database change. The linked RFC6749#section-3.3中更清楚地说明了新要求:
If the client omits the scope parameter when requesting authorization, the authorization server MUST either process the request using a pre-defined default value or fail the request indicating an invalid scope. The authorization server SHOULD document its scope requirements and default value (if defined).
我同意 Migration from old versions or Scopes but it seems important that they're more faithful to RFC6749. I'm using grant_type: 'authorization_code', and "scope" isn't even mentioned in Authorization Code Flow.