我有一个从 Javascript 客户端调用的 Flask rest api。尝试将 Keycloak 集成为身份验证服务器时,我使用烧瓶(使用 flask_oidc)没有成功,所以我首先从 javascript 客户端(有效)进行身份验证,然后使用令牌与烧瓶 rest api 对话。
但是,每当我尝试使用令牌调用休息服务时,我都会收到此错误:
ERROR:flask_oidc:ERROR: Unable to get token info
ERROR:flask_oidc:'token_introspection_uri'
Traceback (most recent call last):
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 2295, in wsgi_app
response = self.handle_exception(e)
File "/app/env/lib/python3.6/site-packages/flask_cors/extension.py", line 161, in wrapped_function
return cors_after_request(app.make_response(f(*args, **kwargs)))
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1741, in handle_exception
reraise(exc_type, exc_value, tb)
File "/app/env/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/app/env/lib/python3.6/site-packages/flask_cors/extension.py", line 161, in wrapped_function
return cors_after_request(app.make_response(f(*args, **kwargs)))
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/app/env/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/app/env/lib/python3.6/site-packages/flask_oidc/__init__.py", line 860, in decorated
return view_func(*args, **kwargs)
File "/app/controller/engine.py", line 111, in welcome
return json.dumps('Welcome %s' % g.oidc_token_info['sub'])
File "/app/env/lib/python3.6/site-packages/werkzeug/local.py", line 347, in __getattr__
return getattr(self._get_current_object(), name)
AttributeError: '_AppCtxGlobals' object has no attribute 'oidc_token_info'
这是我在烧瓶中的代码、设置和 keycloak.json:
OIDC_CLIENT_SECRETS='/app/keycloak.json',
OIDC_RESOURCE_SERVER_ONLY='true',
OIDC_INTROSPECTION_AUTH_METHOD='bearer'
...
{
"web": {
"client_id": "MyClient",
"client_secret": "xxxxxx-xxxxx-xxxxx-xxxx-xxxxxxxxxxx",
"token_introspection_uri": "http://myservice_auth/auth/realms/myservice/protocol/openid-connect/token/introspect",
"token_uri": "http://myservice_auth/auth/realms/myservice/protocol/openid-connect/token",
"auth_uri": "http://myservice_auth/auth",
"realm": "myservice",
"ssl-required": "external",
"resource": "MyClient",
"public-client": true,
"use-resource-role-mappings": true,
"confidential-port": 0
}
}
...
oidc = OpenIDConnect(app)
@app.route('/welcome', methods=['GET'])
@oidc.accept_token()
def welcome():
return json.dumps('Welcome %s' % g.oidc_token_info['sub'])
有任何想法吗?
更新 我将 httplib2 降级为 0.11.3,现在错误是:
ERROR:flask_oidc:ERROR: Unable to get token info
ERROR:flask_oidc:[Errno 111] ECONNREFUSED
在定义其余入口点时也添加(require_token=True)
到@oidc.accept_token
装饰器中,然后在邮递员中,当我尝试使用在 javascript 客户端中获得的相同令牌(成功通过身份验证)对服务执行获取请求时,我收到此错误:
{"error": "invalid_token", "error_description": "Token required but invalid"}