Flask-Dance错误:范围已更改

时间:2015-01-18 15:16:18

标签: python python-2.7 flask flask-oauthlib

我正在使用flask-dance向Google的服务器进行身份验证。

配置烧瓶舞:

from flask.ext.dance.contrib.google import make_google_blueprint
google_blueprint = make_google_blueprint (
    client_id=app.config['GOOGLE']['client_id'],
    client_secret=app.config['GOOGLE']['client_secret'],
    scope=["profile", "email"],
    redirect_to="main.index",
    login_url="/",
    authorized_url="/authorized",
)
app.register_blueprint(google_blueprint,url_prefix="/login")

但是,在您通过Google的凭据对话框后,我将获得Warning: Scope has changed from "profile email" to "".

这里有完整的痕迹:

Traceback (most recent call last):
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/flask/app.py", line 1836, in __call__
    return self.wsgi_app(environ, start_response)
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/flask/app.py", line 1820, in wsgi_app
    response = self.make_response(self.handle_exception(e))
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/flask/app.py", line 1403, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/flask/app.py", line 1817, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/flask/app.py", line 1477, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/flask/app.py", line 1381, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/flask_dance/consumer/oauth2.py", line 168, in authorized
    client_secret=self.client_secret,
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/requests_oauthlib/oauth2_session.py", line 199, in fetch_token
    self._client.parse_request_body_response(r.text, scope=self.scope)
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 409, in parse_request_body_response
    self.token = parse_token_response(body, scope=scope)
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 376, in parse_token_response
    validate_token_parameters(params)
  File "/home/xxx/.virtualenvs/flask/lib/python2.7/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 406, in validate_token_parameters
    raise w
Warning: Scope has changed from "profile email" to "".

在Chrome开发者控制台上我得到了这个(在追溯之前的“帐户选择器”窗口之后):

GET http://localhost:5000/login/authorized?state=11rtXcAHJm0jloiDpM8IrazD9uLT3b…xnXM0ZB1DumOPqFOgu-x19CDSbDfQoKLWVEfBRTQIg.gvDk1rm330AV3oEBd8DOtNAR0Vr7lQI 500 (INTERNAL SERVER ERROR)
Navigated to http://localhost:5000/login/authorized?state=11rtXcAHJm0jloiDpM8IrazD9uLT3b…xnXM0ZB1DumOPqFOgu-x19CDSbDfQoKLWVEfBRTQIg.gvDk1rm330AV3oEBd8DOtNAR0Vr7lQI

如果我os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE'] = '1'它有效,但我认为这不是解决方案,而是现在更多的解决方法。 :(

我就问题Google OAuth2 returns no scope on authentication breaks scope test #306打开了一张关于该问题的门票。

据我所知http://tools.ietf.org/html/rfc6749#section-3.3,谷歌不需要退回范围(除非范围已更改),我是否正确阅读?

1 个答案:

答案 0 :(得分:1)

我能想到的最近的事情是oauthlib插件中有一个错误,我已经打开了bug report

通过错误报告,您可以通过将第30行插件中的文件/oauth2/rfc6749/tokens.pyself._new_scope = set(utils.scope_to_list(params.get('scope', '')))更改为self._new_scope = set(utils.scope_to_list(params.get('scope', old_scope)))

来解决此问题。

修复已合并:https://github.com/idan/oauthlib/pull/323