Python Flask oauth 2资源所有者密码流
我正在使用FlaskOAuthlib模块来开发OAuth2客户端和提供者 使用资源所有者密码流时,提供程序不会重定向到客户端的重定向url 以下是我向提供商发送帖子的客户端代码:Python Flask oauth 2资源所有者密码流,python,flask,oauth-2.0,flask-oauthlib,Python,Flask,Oauth 2.0,Flask Oauthlib,我正在使用FlaskOAuthlib模块来开发OAuth2客户端和提供者 使用资源所有者密码流时,提供程序不会重定向到客户端的重定向url 以下是我向提供商发送帖子的客户端代码: @app.route('/signin', methods=['POST', 'GET']) def signin(): if request.method == 'POST': username = request.form.get('username') password =
@app.route('/signin', methods=['POST', 'GET'])
def signin():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
f = {'client_id': 'jCce40zAaHXLxP0prU*************',
'client_secret': 'vzf7U219hrAjIYN70NcFo3VBQzott******',
'grant_type': 'password', 'scope': 'email',
'redirect_uri': 'http://localhost:8000/authorized', 'response_type': 'token'}
data = {'username': username, 'password': password}
encoded_url = 'http://127.0.0.1:5000/oauth/authorize?' + parse.urlencode(f)
headers = {"Content-Type": "application/json"}
requests.post(encoded_url, data=json.dumps(data), headers=headers)
return render_template('signin.html')
这是提供者授权的处理器
@app.route('/oauth/authorize', methods=['GET', 'POST'])
@oauth.authorize_handler
def authorize(*args, **kwargs):
if request.method == 'POST':
details = json.loads(request.data)
username = details['username']
password = details['password']
user = User.query.filter_by(user_name=username).first()
if user:
if user.check_password(password):
session['id'] = user.id
return True
return False
return False
if request.method == 'GET':
user = current_user()
if not user:
session['redirect_after_login'] = request.url
return redirect('/home')
client_id = kwargs.get('client_id')
client = Client.query.filter_by(client_id=client_id).first()
kwargs['client'] = client
kwargs['user'] = user
return render_template('authorize.html', **kwargs)
confirm = request.form.get('confirm', 'no')
return confirm == 'yes'
还包括oauthlib oauth 2提供程序日志记录
Fetched credentials from request {'response_type': 'token', 'state': None, 'client_id': 'jCce40zAaHXLxP0prU************', 'redirect_uri': 'http://localhost:8000/authorized'}.
Found redirect_uri http://localhost:8000/authorized.
Validate client 'jCce40zAaHXLxP0prU***********'
Save bearer token {'scope': 'email', 'access_token': 'y08hkm594YbLe2*****', 'expires_in': 180, 'token_type': 'Bearer'}
Authorization successful.
127.0.0.1 - - [20/Sep/2015 17:40:53] "POST /oauth/authorize?client_id=jCce40zAaHXLxP0prU*********&client_secret=vzf7U219hrAjIYN70NcFo3VBQzot**********&response_type=token&grant_type=password&scope=email&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fauthorized HTTP/1.1" 302 -
在我看来,令牌正在保存,但:-
我对flask还是个新手,我认为您正在混合不同类型的OAuth2。使用资源所有者密码凭据授予,授权服务器不执行重定向,而是向客户端提供令牌响应 重定向\u URI与授权代码关联