2

我正在尝试使用库requests_oauthlib模拟消费者和提供者(server_to_server)之间的令牌交换。在提供商端授权后收到代码并将代码交换为令牌后,我收到错误消息。

所以我在我的回调函数中得到了我的代码,但它说重定向 uri 不匹配。我已经在提供商的数据库中检查了重定向 uri。他们是一样的。(作为下面代码中的变量 redirect_uri)

查看我的 Django 实现:

视图.py

# create session
from importlib import import_module
SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
session = SessionStore()

client_id = "123456"
client_secret = "123456"
authorization_base_url = 'http://localhost:8000/o/authorize/'
token_url = 'http://localhost:8000/o/token/'

redirect_uri = 'http://localhost:8888/callback'

# ONLY FOR A LOCALHOST
import os
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'


def index(request):
    provider = OAuth2Session(client_id, redirect_uri=redirect_uri)
    authorization_url, state = provider .authorization_url(authorization_base_url)

    # state is used to prevent CSRF, keep this for later.
    session['oauth_state'] = state
    # redirect to provider    
    return redirect(authorization_url)

def callback(request):
    # handles code from provider and redirects to profile page
    redirect_response = request.build_absolute_uri()
    # (http://localhost:8888/callback?code=123456&state=SomeStateCode)

    state = session.get('oauth_state')
    laas = OAuth2Session(client_id, state=state)

    token = laas.fetch_token(token_url,
                     client_secret=client_secret,
                     authorization_response=redirect_response) # here is mismatch error    
    session['oauth_token'] = token    
    return HttpResponseRedirect(reverse('app:profile'))



def profile(request):
    # shows access token if existing
    if session.get('oauth_token') is not None:
        return HttpResponse("Token: " + session.get('oauth_token'))
    return HttpResponse('No token')

这是来自消费者的错误堆栈跟踪:

Traceback (most recent call last):
  File "C:\work\envs\consumer\lib\site-packages\django\core\handlers\exception.py", line 35, in inner
    response = get_response(request)
  File "C:\work\envs\consumer\lib\site-packages\django\core\handlers\base.py", line 128, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "C:\work\envs\consumer\lib\site-packages\django\core\handlers\base.py", line 126, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "C:\work\dev\consumer\rbuz\views.py", line 60, in callback
    authorization_response=redirect_response)
  File "C:\work\envs\consumer\lib\site-packages\requests_oauthlib\oauth2_session.py", line 244, in fetch_token
    self._client.parse_request_body_response(r.text, scope=self.scope)
  File "C:\work\envs\consumer\lib\site-packages\oauthlib\oauth2\rfc6749\clients\base.py", line 408, in parse_request_body_response
    self.token = parse_token_response(body, scope=scope)
  File "C:\work\envs\consumer\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py", line 379, in parse_token_response
    validate_token_parameters(params)
  File "C:\work\envs\consumer\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py", line 386, in validate_token_parameters
    raise_from_error(params.get('error'), params)
  File "C:\work\envs\consumer\lib\site-packages\oauthlib\oauth2\rfc6749\errors.py", line 415, in raise_from_error
    raise cls(**kwargs)
oauthlib.oauth2.rfc6749.errors.InvalidClientIdError: (invalid_request) Mismatching redirect URI.
[19/Jan/2018 15:57:48] "GET /callback?code=vsWF65mitTtacLQrGDpqsenW3R7Z3k&state=CHsMYmrhzEb12f3KiOkOVz1KEgrzjs HTTP/1.1" 500 90555

有什么帮助吗?谢谢!

4

2 回答 2

4

我想通了,您也需要在回调函数中将“redirect_uri”传递给 OAuth2Session。OAuth2Session(client_id, state=state, redirect_uri=redirect_uri**)

于 2018-02-16T17:54:57.377 回答
2

我正在使用不同的库,但相同的方法通过传递 redirect_uri 参数起作用,该参数不在 Google API 文档的原始示例中。

    flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
    CLIENT_SECRET_FILE,
    scopes=GDRIVE_API_SCOPE,
    state=state,
    redirect_uri=GDRIVE_REDIRECT_URI)
于 2021-04-01T18:25:18.057 回答