1

我有一个从 Javascript 客户端调用的 Flask rest api。尝试将 Keycloak 集成为身份验证服务器时,我使用烧瓶(使用 flask_oidc)没有成功,所以我首先从 javascript 客户端(有效)进行身份验证,然后使用令牌与烧瓶 rest api 对话。

但是,每当我尝试使用令牌调用休息服务时,我都会收到此错误:

ERROR:flask_oidc:ERROR: Unable to get token info
  ERROR:flask_oidc:'token_introspection_uri'
  Traceback (most recent call last):
    File "/app/env/lib/python3.6/site-packages/flask/app.py", line 2295, in wsgi_app
      response = self.handle_exception(e)
    File "/app/env/lib/python3.6/site-packages/flask_cors/extension.py", line 161, in wrapped_function
      return cors_after_request(app.make_response(f(*args, **kwargs)))
    File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1741, in handle_exception
      reraise(exc_type, exc_value, tb)
    File "/app/env/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
      raise value
    File "/app/env/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
      response = self.full_dispatch_request()
    File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
      rv = self.handle_user_exception(e)
    File "/app/env/lib/python3.6/site-packages/flask_cors/extension.py", line 161, in wrapped_function
      return cors_after_request(app.make_response(f(*args, **kwargs)))
    File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
      reraise(exc_type, exc_value, tb)
    File "/app/env/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
      raise value
    File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
      rv = self.dispatch_request()
    File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
      return self.view_functions[rule.endpoint](**req.view_args)
    File "/app/env/lib/python3.6/site-packages/flask_oidc/__init__.py", line 860, in decorated
      return view_func(*args, **kwargs)
    File "/app/controller/engine.py", line 111, in welcome
      return json.dumps('Welcome %s' % g.oidc_token_info['sub'])
    File "/app/env/lib/python3.6/site-packages/werkzeug/local.py", line 347, in __getattr__
      return getattr(self._get_current_object(), name)
  AttributeError: '_AppCtxGlobals' object has no attribute 'oidc_token_info'

这是我在烧瓶中的代码、设置和 keycloak.json:

OIDC_CLIENT_SECRETS='/app/keycloak.json',
OIDC_RESOURCE_SERVER_ONLY='true',
OIDC_INTROSPECTION_AUTH_METHOD='bearer'

...

{
  "web": {
    "client_id": "MyClient",
    "client_secret": "xxxxxx-xxxxx-xxxxx-xxxx-xxxxxxxxxxx",
    "token_introspection_uri": "http://myservice_auth/auth/realms/myservice/protocol/openid-connect/token/introspect",
    "token_uri": "http://myservice_auth/auth/realms/myservice/protocol/openid-connect/token",
    "auth_uri": "http://myservice_auth/auth",
    "realm": "myservice",
    "ssl-required": "external",
    "resource": "MyClient",
    "public-client": true,
    "use-resource-role-mappings": true,
    "confidential-port": 0
  }
}

...

oidc = OpenIDConnect(app)

@app.route('/welcome', methods=['GET'])
@oidc.accept_token()
def welcome():
    return json.dumps('Welcome %s' % g.oidc_token_info['sub'])

有任何想法吗?

更新 我将 httplib2 降级为 0.11.3,现在错误是:

ERROR:flask_oidc:ERROR: Unable to get token info
ERROR:flask_oidc:[Errno 111] ECONNREFUSED

在定义其余入口点时也添加(require_token=True)@oidc.accept_token装饰器中,然后在邮递员中,当我尝试使用在 javascript 客户端中获得的相同令牌(成功通过身份验证)对服务执行获取请求时,我收到此错误:

{"error": "invalid_token", "error_description": "Token required but invalid"}

4

0 回答 0