我正在尝试使用库requests_oauthlib模拟消费者和提供者(server_to_server)之间的令牌交换。在提供商端授权后收到代码并将代码交换为令牌后,我收到错误消息。
所以我在我的回调函数中得到了我的代码,但它说重定向 uri 不匹配。我已经在提供商的数据库中检查了重定向 uri。他们是一样的。(作为下面代码中的变量 redirect_uri)
查看我的 Django 实现:
视图.py
# create session
from importlib import import_module
SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
session = SessionStore()
client_id = "123456"
client_secret = "123456"
authorization_base_url = 'http://localhost:8000/o/authorize/'
token_url = 'http://localhost:8000/o/token/'
redirect_uri = 'http://localhost:8888/callback'
# ONLY FOR A LOCALHOST
import os
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
def index(request):
provider = OAuth2Session(client_id, redirect_uri=redirect_uri)
authorization_url, state = provider .authorization_url(authorization_base_url)
# state is used to prevent CSRF, keep this for later.
session['oauth_state'] = state
# redirect to provider
return redirect(authorization_url)
def callback(request):
# handles code from provider and redirects to profile page
redirect_response = request.build_absolute_uri()
# (http://localhost:8888/callback?code=123456&state=SomeStateCode)
state = session.get('oauth_state')
laas = OAuth2Session(client_id, state=state)
token = laas.fetch_token(token_url,
client_secret=client_secret,
authorization_response=redirect_response) # here is mismatch error
session['oauth_token'] = token
return HttpResponseRedirect(reverse('app:profile'))
def profile(request):
# shows access token if existing
if session.get('oauth_token') is not None:
return HttpResponse("Token: " + session.get('oauth_token'))
return HttpResponse('No token')
这是来自消费者的错误堆栈跟踪:
Traceback (most recent call last):
File "C:\work\envs\consumer\lib\site-packages\django\core\handlers\exception.py", line 35, in inner
response = get_response(request)
File "C:\work\envs\consumer\lib\site-packages\django\core\handlers\base.py", line 128, in _get_response
response = self.process_exception_by_middleware(e, request)
File "C:\work\envs\consumer\lib\site-packages\django\core\handlers\base.py", line 126, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "C:\work\dev\consumer\rbuz\views.py", line 60, in callback
authorization_response=redirect_response)
File "C:\work\envs\consumer\lib\site-packages\requests_oauthlib\oauth2_session.py", line 244, in fetch_token
self._client.parse_request_body_response(r.text, scope=self.scope)
File "C:\work\envs\consumer\lib\site-packages\oauthlib\oauth2\rfc6749\clients\base.py", line 408, in parse_request_body_response
self.token = parse_token_response(body, scope=scope)
File "C:\work\envs\consumer\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py", line 379, in parse_token_response
validate_token_parameters(params)
File "C:\work\envs\consumer\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py", line 386, in validate_token_parameters
raise_from_error(params.get('error'), params)
File "C:\work\envs\consumer\lib\site-packages\oauthlib\oauth2\rfc6749\errors.py", line 415, in raise_from_error
raise cls(**kwargs)
oauthlib.oauth2.rfc6749.errors.InvalidClientIdError: (invalid_request) Mismatching redirect URI.
[19/Jan/2018 15:57:48] "GET /callback?code=vsWF65mitTtacLQrGDpqsenW3R7Z3k&state=CHsMYmrhzEb12f3KiOkOVz1KEgrzjs HTTP/1.1" 500 90555
有什么帮助吗?谢谢!