我的python oauth2客户端正试图通过python requests
获取access_token 加入第三方通过令牌代码。
auth_session = OAuth2Session(
self.configuration_store.client_id, redirect_uri=self.configuration_store.redirect_url)
auth_session.fetch_token(
self.configuration_store.token_url, client_secret=self.configuration_store.client_secret, code=code,
headers=utils.generate_header(self.configuration_store.client_id, self.configuration_store.client_secret),
**{"access_token": "TOKEN", "token_type": "bearer", "expires_in": 3599, 'scope': 'bar read write'})
使用django oauth toolkit实现对我们的本地测试服务器使用相同的代码,上面的代码成功检索了一个令牌。但是,针对spring提供者,返回401。
此外,如果我使用直接python请求手动构建对第三方的请求,我可以获得成功。
result = requests.post(self.configuration_store.token_url,
params = {'grant_type':'authorization_code', 'client_id': self.configuration_store.client_id, 'code':code, 'client_secret':self.configuration_store.client_secret, 'redirect_uri':self.configuration_store.redirect_url },
headers =utils.generate_header(self.configuration_store.client_id, self.configuration_store.client_secret), data={"access_token": "TOKEN","token_type": "bearer","expires_in": 3599,"scope": ["bar", "read", "write"]})
然而,POST请求完全不同。
使用request.post...
# Working
INFO 2016-11-28 08:19:15,303 connectionpool 50122 123145426345984 Starting new HTTPS connection (1): example.com
send: b'POST /authorization/oauth/token?redirect_uri=https://theredirecturl.com/login&client_secret=XXXXXXXXXXXX&code=XXXXXXX&grant_type=authorization_code&client_id=clientid HTTP/1.1
Host: example.com
Accept: */*
Content-Length: 85
Connection: keep-alive
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: python-requests/2.9.1
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
Cache-Control: no-cache
scope=bar&scope=read&scope=write&token_type=bearer&access_token=TOKEN&expires_in=3599'
reply: 'HTTP/1.1 200 OK
'
无法使用oauth python requests
INFO 2016-11-29 23:32:18,063 connectionpool 73412 123145511739392 Starting new HTTPS connection (1): example.com
send: b'POST /authorization/oauth/token/ HTTP/1.1
Host: example.com
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
Connection: keep-alive
Content-Length: 247
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: python-requests/2.9.1
Cache-Control: no-cache
Accept: */*
grant_type=authorization_code&expires_in=3599&client_secret=XXXXXXXXXXXXX&access_token=TOKEN&scope=bar+read+write&client_id=clientid&code=XXXXXX&redirect_uri=https://theredirecturl.com/login&token_type=bearer'
reply: 'HTTP/1.1 401 Unauthorized
'
这两个请求有完全不同的主体,对我来说似乎很奇怪,oauth会将诸如client_secret之类的东西放在URL中。
对此的任何帮助都将非常感激。