我在烧瓶应用中实施了OAuth2客户端凭据授权。
模型
class User(UserMixin, db.Model):
__tablename__ = 'users'
id = db.Column(db.Integer, primary_key=True)
confirmed = db.Column(db.Boolean, default=False)
first_name = db.Column(db.String(64), index=True)
last_name = db.Column(db.String(64), index=True)
email = db.Column(db.String(64), unique=True, index=True)
password_hash = db.Column(db.String(128))
role_id = db.Column(db.Integer, db.ForeignKey('roles.id'))
from authlib.flask.oauth2.sqla import OAuth2ClientMixin
class Client(db.Model, OAuth2ClientMixin):
id = db.Column(db.Integer, primary_key=True)
user_id = db.Column(
db.Integer, db.ForeignKey('users.id', ondelete='CASCADE')
)
user = db.relationship('User')
app_id = db.Column(db.ForeignKey('app.application_id'))
app = db.relationship('App')
from authlib.flask.oauth2.sqla import OAuth2TokenMixin
class Token(db.Model, OAuth2TokenMixin):
id = db.Column(db.Integer, primary_key=True)
user_id = db.Column(
db.Integer, db.ForeignKey('users.id', ondelete='CASCADE')
)
user = db.relationship('User')
初始化的.py
from authlib.flask.oauth2 import AuthorizationServer
server = AuthorizationServer()
def create_app(config_name):
app = Flask(__name__)
...
from app.api.auth.views import query_client, ClientCredentialsGrant
server.init_app(app, query_client=query_client)
server.register_grant_endpoint(ClientCredentialsGrant)
应用程序/ API / AUTH / views.py
def query_client(client_id):
return Client.query.filter_by(client_id=client_id).first()
from authlib.specs.rfc6749.grants import (
ClientCredentialsGrant as _ClientCredentialsGrant
)
class ClientCredentialsGrant(_ClientCredentialsGrant):
def create_access_token(self, token, client):
current_app.logger.info("RadhaKrishna")
item = Token(
client_id=client.client_id,
user_id=client.user_id,
**token
)
db.session.add(item)
db.session.commit()
@auth.route('/oauth/token', methods=['POST'])
@csrf.exempt
def issue_token():
return server.create_token_response()
但是,我无法使身份验证工作。我使用正确的客户端凭据,范围和grant_type向令牌端点发出请求,但是获取invalid_client错误。
答案 0 :(得分:0)
你试过https://play.authlib.org吗?您的客户如何运作?
请阅读https://tools.ietf.org/html/rfc6749#section-4.4.2
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
您需要使用Authorization
标头发送客户端凭据。