ruby的oauth2 grant_type

时间:2010-09-16 20:26:36

标签: ruby-on-rails devise oauth-2.0 oauth-provider

我开始在intridea(http://github.com/intridea/oauth2)中使用oauth2 gem,并且不知道如何解决这个问题。我已经开发了客户端和服务器,并且根据请求access_token,我看不到grant_type参数。我的代码来自客户端回调控制器

class CallbackController < Devise::OauthCallbacksController
  def accounts
    access_token = accounts_config.access_token_by_code(params[:code])
    @user = User.find_for_accounts_oauth(access_token,
signed_in_resource)

    if @user.persisted? && @user.errors.empty?
      sign_in @user
      set_oauth_flash_message :notice, :success
      redirect_to after_oauth_success_path_for(@user) #=> redirects to
user_root_path or root_path
    else
      session[:user_accounts_oauth_token] = access_token.token
      render_for_auth #=> renders sign up view by default
    end

  end
end 

和用户模型

class User < ActiveRecord::Base
  devise :database_authenticatable, :oauthable

  def self.find_for_accounts_oauth(access_token,
signed_in_resource=nil)

    data =
ActiveSupport::JSON.decode(access_token.get(Settings.oauth.site +
Settings.oauth.access_token_path))

    if user = User.find_by_username(data["username"])
      user
    else
      # Create an user with a stub password.
      User.create!(:username => data["username"], :password =>
Devise.friendly_token)
    end

  end
end 

提供商的日志

Started POST "/oauth/token" for 127.0.0.1 at 2010-09-17 00:17:44 +0400
  Processing by Oauth::TokenController#get_token as */*
  Parameters:
{"client_id"=>"9ddf5f526127a8858485f2c9401c7152cfaf870da62267e6f54643de53eb6a76",
"client_secret"=>"84388e2ca839c2834177024a6f358b1415bcd3ea936be1148443d9df2f7cf363",
"redirect_uri"=>"http://test.local.lo/users/oauth/accounts/callback",
"type"=>"web_server",
"code"=>"d264c2496d0dc5c494b7269f2f9e4c30cd55a571b6944d3231f63577acd12b1b"}
  SQL (0.8ms)   SELECT a.attname, format_type(a.atttypid,
a.atttypmod), d.adsrc, a.attnotnull
 FROM pg_attribute a LEFT JOIN pg_attrdef d
 ON a.attrelid = d.adrelid AND a.attnum = d.adnum
 WHERE a.attrelid = '"oauth_clients"'::regclass
 AND a.attnum > 0 AND NOT a.attisdropped
 ORDER BY a.attnum
Oauth error: invalid grant_type
Rendered text template (0.0ms)
Completed 400 Bad Request in 112ms (Views: 37.9ms | ActiveRecord:
178.2ms) 

来自客户

Started GET "/users/oauth/accounts/callback?
code=d264c2496d0dc5c494b7269f2f9e4c30cd55a571b6944d3231f63577acd12b1b&&expires_in=3599"
for 127.0.0.1 at 2010-09-17 00:17:44 +0400
  Processing by Devise::OauthCallbacksController#accounts as HTML
  Parameters:
{"code"=>"d264c2496d0dc5c494b7269f2f9e4c30cd55a571b6944d3231f63577acd12b1b",
"expires_in"=>"3599"}
Completed   in 343ms

OAuth2::HTTPError (Received HTTP 400 during request.):

Rendered /opt/local/lib/ruby1.9/gems/1.9.1/gems/actionpack-3.0.0/lib/
action_dispatch/middleware/templates/rescues/_trace.erb (1.4ms)
Rendered /opt/local/lib/ruby1.9/gems/1.9.1/gems/actionpack-3.0.0/lib/
action_dispatch/middleware/templates/rescues/_request_and_response.erb
(30.0ms)
Rendered /opt/local/lib/ruby1.9/gems/1.9.1/gems/actionpack-3.0.0/lib/
action_dispatch/middleware/templates/rescues/diagnostics.erb within
rescues/layout (36.7ms) 

知道怎么解决吗?

1 个答案:

答案 0 :(得分:2)

OAuth 2.0规范自上次更新oauth2 gem以来一直在继续。

草稿10,可能更早,使用grant_type参数代替type,值也发生了变化:authorization_code取代web_server

OAuth 2.0规范解释了更多:

http://tools.ietf.org/html/draft-ietf-oauth-v2-10

要解决此问题,需要更新gem以与更高版本的规范兼容。