Question

我正在使用Django OAuth Toolkit并且我成功创建了sign_up调用 - 这反过来给了我这个回复：

{
  "username": "boban16",
  "client_id": "sxFB8WOd5qupdyp5c4pjJHXAQQFPVCW7FKA3SUmy",
  "client_secret": "3nUreBDpx9cCSEeVyOhpXZ76Om0keOxFwK2rRQJNK5wvYuA1tUF37sH0Of473wCgeJ3tCmflN9kPnP9VkgepWxrARC6iimqI6y34pyVU7otlcXHjS2SSOmsP2c0XNxrA"
}

所以，我现在正试图使用Postman应用程序调用生成令牌 - 请求如下所示： Postman token generation call

这就是回应：

{
  "error_description": "Invalid credentials given.",
  "error": "invalid_grant"
}

这是我的代码来自 urls.py

urlpatterns = patterns('',
    url(r'^sign_up/$', SignUp.as_view(), name="sign_up"),
    url(r'^login/$', Login.as_view(), name="login"),
    url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
)

这是 settings.py

的一部分

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        # 'rest_framework.authentication.BasicAuthentication',
        'oauth2_provider.ext.rest_framework.OAuth2Authentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.AllowAny',
    ),
}

我不确定是什么问题，我该如何解决它。有没有人建议如何让它工作？非常感谢！

-------更新--------

我终于得到了一些回应：

curl -v http://127.0.0.1:8000/o/token/ -X POST -u "<client_id>:<client_secret>" -d "grant_type=client_credentials"

这就是回应：

* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
* Server auth using Basic with user 'JNBUdgUJ44ndu49yeokHxU0ZUNfIbpdESC8PVTQU'
> POST /o/token/ HTTP/1.1
> Authorization: Basic Sk5CVWRnVUo0NG5kdTQ5eWVva0h4VTBaVU5mSWJwZEVTQzhQVlRRVTpaQVNwZ0xLY3didXA2ajJ2YlJqakc1WlFZenpWWFZWQU5HcHJ0WWZVNnIya2VpUkEzZW9vNlh5M0tSMENkOGpWN3FLT2xFTENoTHZTUk5vTzBkUE5YNGdoRXdvRnB4UDNKbHdxY0FqRkpIV0RmSkJzYnpmNjJ5dE5DaEFVM29RcA==
> User-Agent: curl/7.37.1
> Host: 127.0.0.1:8000
> Accept: */*
> Content-Length: 29
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 29 out of 29 bytes
* HTTP 1.0, assume close after body
< HTTP/1.0 401 UNAUTHORIZED
< Date: Sat, 13 Jun 2015 16:14:19 GMT
< Server: WSGIServer/0.2 CPython/3.4.3
< Content-Type: application/json
< Cache-Control: no-store
< Pragma: no-cache
< X-Frame-Options: SAMEORIGIN
< 
* Closing connection 0
{"error": "unauthorized_client"}

正如你在回复中看到的那样 - 我获得了授权令牌，但它最后说的是未经授权的客户端。这样可以吗？谢谢！

Answer 1

我发现了问题。

post_save信号中存在一个问题，即自动创建应用程序。

def create_auth_client(sender, instance=None, created=False, **kwargs):
    """
    Intended to be used as a receiver function for a `post_save` signal
    on a custom User model
    Creates client_id and client_secret for authenticated users
    """
    if created:
        Application.objects.create(user=instance,
                                   client_type=Application.CLIENT_CONFIDENTIAL,
                                   authorization_grant_type=Application.GRANT_CLIENT_CREDENTIALS)

# TODO
post_save.connect(create_auth_client, sender=User)

现在这是正确的解决方案。然后你可以使用这些调用sign_up /获取oauth2标记：

curl -X POST -F "username=test1" -F "password=test1" http://127.0.0.1:8000/sign_up/

curl -X POST -d "grant_type=client_credentials" -u "<client_id>:<client_secret>" http://127.0.0.1:8000/o/token/

Django OAuth2无效grant_type

1 个答案: