Flask-Appbuilder应用程序带有自定义SecurityManager,可以查找从浏览器获取的用户令牌。我们在应用程序启动时获取客户端凭据。它一直工作正常,直到证书轮换
是否有可以从外部资源实施请求customer_id和customer_secret的扩展点?
SecurityManager实施:
class MySecurityManager(SecurityManager):
TOKENINFO_URL = "..."
USERINFO_URL = ".../{}"
def __init__(self, appbuilder):
super(MySecurityManager, self).__init__(appbuilder)
def get_oauth_user_info(self, provider, resp=None):
"""
We authenticate users against Our OAuth provider
"""
if provider == 'MyProvider':
tokeninfo = self.appbuilder.sm.oauth_remotes[provider].get(self.TOKENINFO_URL)
uid = tokeninfo.data.get('uid')
user = self.appbuilder.sm.oauth_remotes[provider].get(self.USERINFO_URL.format(uid))
log.debug("Token info: {0}".format(tokeninfo.data))
log.debug("User info: {0}".format(user.data))
return {'username': tokeninfo.data.get('uid', ''),
'email': user.data.get('email', ''),
'first_name': user.data.get('name', '').split(" ")[0],
'last_name': user.data.get('name', '').split(" ")[-1]}
else:
return super(MySecurityManager, self).get_oauth_user_info(provider, resp=None)
config.py:
OAUTH_PROVIDERS = [
{
'name': 'MyProvider',
'icon': ...,
'token_key': ...,
'remote_app': {
'base_url': ...,
'consumer_key': SUPERSET_OAUTH_CONSUMER_KEY,
'consumer_secret': SUPERSET_OAUTH_CONSUMER_SECRET,
'request_token_params': {
'scope': ...,
},
'request_token_url': ...,
'access_token_url': ...,
'authorize_url': ...,
}
}
]
答案 0 :(得分:1)
我解决了它,它覆盖了https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/manager.py#L306的get oauth_providers形式。 这里是一个例子:
@property
def oauth_providers(self):
providers = self.appbuilder.get_app.config['OAUTH_PROVIDERS']
for provider in providers:
if provider['name'] == 'XXXX':
# rotate logic here
provider['remote_app']['consumer_key'] = xxxxx
provider['remote_app']['consumer_secret'] = xxxx
return providers