澄清Python Google Drive示例应用程序中的OAuth流程(CrEdit)

时间:2012-07-14 15:29:04

标签: google-app-engine oauth-2.0 google-drive-api

我在掌握DrEdit示例应用程序中提供的身份验证过程中遇到重定向概念时遇到了问题。 这里通过从请求URL中删除所有参数来设置redirect_url:

  def CreateOAuthFlow(self):
    """Create OAuth2.0 flow controller

    This controller can be used to perform all parts of the OAuth 2.0 dance
    including exchanging an Authorization code.

    Args:
      request: HTTP request to create OAuth2.0 flow for
    Returns:
      OAuth2.0 Flow instance suitable for performing OAuth2.0.
    """
    flow = flow_from_clientsecrets('client_secrets.json', scope='')
    # Dynamically set the redirect_uri based on the request URL. This is extremely
    # convenient for debugging to an alternative host without manually setting the
    # redirect URI.
    flow.redirect_uri = self.request.url.split('?', 1)[0].rsplit('/', 1)[0]
    return flow

当从Google云端硬盘用户界面调用应用程序时(应用程序的根网址获取请求获取参数codestate),应用程序会检查是否有权向Google云端硬盘发送请求。如果访问被撤销,它会尝试使用以下代码重新授权自己,我相信:

creds = self.GetCodeCredentials()
    if not creds:
      return self.RedirectAuth()

其中RedirectAuth()定义为:

  def RedirectAuth(self):
    """Redirect a handler to an authorization page.

    Used when a handler fails to fetch credentials suitable for making Drive API
    requests. The request is redirected to an OAuth 2.0 authorization approval
    page and on approval, are returned to application.

    Args:
      handler: webapp.RequestHandler to redirect.
    """
    flow = self.CreateOAuthFlow()

    # Manually add the required scopes. Since this redirect does not originate
    # from the Google Drive UI, which authomatically sets the scopes that are
    # listed in the API Console.
    flow.scope = ALL_SCOPES

    # Create the redirect URI by performing step 1 of the OAuth 2.0 web server
    # flow.
    uri = flow.step1_get_authorize_url(flow.redirect_uri)

    # Perform the redirect.
    self.redirect(uri)

我的问题是,当我从Google信息中心取消对应用程序的访问并尝试通过Google云端硬盘用户界面打开它时,它会将我重定向到授权页面,然后在我授权后重定向回应用程序,但它会设法保留state(从Drive UI传递的get参数)。我认为这与代码描述的内容不一致,我想知道是否对此行为有任何解释。 可以在此处找到DrEdit应用程序的托管版本:http://idning-gdrive-test.appspot.com/

1 个答案:

答案 0 :(得分:3)

如果从云端硬盘用户界面启动应用,则永远不会触及该代码路径。重定向到授权端点是直接从Drive启动的。换句话说,路径是:

云端硬盘 - > auth - > DrEdit

当它到达应用程序时,用户已经做出了决定。状态在状态查询参数中传递。

要查看您在操作中引用的代码路径,请再次撤消访问权限。但是,不要从Drive启动,只需尝试直接加载应用程序。您可能还需要删除应用程序的cookie。无论如何,在这种情况下,当应用程序加载时,它会检测到用户未被授权并重定向到auth端点:

DrEdit - > auth - > DrEdit

希望有所帮助。