如 DrEdit 示例应用程序中所示,我在掌握身份验证期间的重定向概念时遇到问题。在这里,redirect_url 是通过从请求 url 中剥离所有参数来设置的:
def CreateOAuthFlow(self):
"""Create OAuth2.0 flow controller
This controller can be used to perform all parts of the OAuth 2.0 dance
including exchanging an Authorization code.
Args:
request: HTTP request to create OAuth2.0 flow for
Returns:
OAuth2.0 Flow instance suitable for performing OAuth2.0.
"""
flow = flow_from_clientsecrets('client_secrets.json', scope='')
# Dynamically set the redirect_uri based on the request URL. This is extremely
# convenient for debugging to an alternative host without manually setting the
# redirect URI.
flow.redirect_uri = self.request.url.split('?', 1)[0].rsplit('/', 1)[0]
return flow
当从 Google Drive UI 调用应用程序时(使用 get 参数code和对应用程序根 url 的 get 请求state),应用程序检查它是否有权向 Google Drive 发出请求。如果访问权限被撤销,它会尝试使用以下代码重新授权自己,我相信:
creds = self.GetCodeCredentials()
if not creds:
return self.RedirectAuth()
其中RedirectAuth()定义为:
def RedirectAuth(self):
"""Redirect a handler to an authorization page.
Used when a handler fails to fetch credentials suitable for making Drive API
requests. The request is redirected to an OAuth 2.0 authorization approval
page and on approval, are returned to application.
Args:
handler: webapp.RequestHandler to redirect.
"""
flow = self.CreateOAuthFlow()
# Manually add the required scopes. Since this redirect does not originate
# from the Google Drive UI, which authomatically sets the scopes that are
# listed in the API Console.
flow.scope = ALL_SCOPES
# Create the redirect URI by performing step 1 of the OAuth 2.0 web server
# flow.
uri = flow.step1_get_authorize_url(flow.redirect_uri)
# Perform the redirect.
self.redirect(uri)
我的问题是,当我从 Google Dashboard 撤消对应用程序的访问权限并尝试通过 Google Drive UI 打开它时,它会将我重定向到授权页面,然后在我授权后重定向回应用程序,但它设法保留状态(获取从 Drive UI 传递的参数)。我认为这与代码描述的内容不一致,我想知道这种行为是否有任何解释。可以在此处找到 DrEdit 应用程序的托管版本:http: //idning-gdrive-test.appspot.com/