客户端凭据授予无效的客户端错误

时间:2018-02-16 04:33:54

标签: flask authlib

我在烧瓶应用中实施了OAuth2客户端凭据授权。

模型

class User(UserMixin, db.Model):
    __tablename__ = 'users'
    id = db.Column(db.Integer, primary_key=True)
    confirmed = db.Column(db.Boolean, default=False)
    first_name = db.Column(db.String(64), index=True)
    last_name = db.Column(db.String(64), index=True)
    email = db.Column(db.String(64), unique=True, index=True)
    password_hash = db.Column(db.String(128))
    role_id = db.Column(db.Integer, db.ForeignKey('roles.id'))


from authlib.flask.oauth2.sqla import OAuth2ClientMixin

class Client(db.Model, OAuth2ClientMixin):
    id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(
        db.Integer, db.ForeignKey('users.id', ondelete='CASCADE')
    )
    user = db.relationship('User')
    app_id = db.Column(db.ForeignKey('app.application_id'))
    app = db.relationship('App')


from authlib.flask.oauth2.sqla import OAuth2TokenMixin

class Token(db.Model, OAuth2TokenMixin):
    id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(
        db.Integer, db.ForeignKey('users.id', ondelete='CASCADE')
    )
    user = db.relationship('User')

初始化的.py

from authlib.flask.oauth2 import AuthorizationServer
server = AuthorizationServer()

def create_app(config_name):
    app = Flask(__name__)
    ...

    from app.api.auth.views import query_client, ClientCredentialsGrant
    server.init_app(app, query_client=query_client)
    server.register_grant_endpoint(ClientCredentialsGrant)

应用程序/ API / AUTH / views.py

def query_client(client_id):
    return Client.query.filter_by(client_id=client_id).first()


from authlib.specs.rfc6749.grants import (
    ClientCredentialsGrant as _ClientCredentialsGrant
)

class ClientCredentialsGrant(_ClientCredentialsGrant):
    def create_access_token(self, token, client):
        current_app.logger.info("RadhaKrishna")
        item = Token(
            client_id=client.client_id,
            user_id=client.user_id,
            **token
        )
        db.session.add(item)
        db.session.commit()

@auth.route('/oauth/token', methods=['POST'])
@csrf.exempt
def issue_token():
    return server.create_token_response()

但是,我无法使身份验证工作。我使用正确的客户端凭据,范围和grant_type向令牌端点发出请求,但是获取invalid_client错误。

1 个答案:

答案 0 :(得分:0)

你试过https://play.authlib.org吗?您的客户如何运作?

请阅读https://tools.ietf.org/html/rfc6749#section-4.4.2

 POST /token HTTP/1.1
 Host: server.example.com
 Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
 Content-Type: application/x-www-form-urlencoded

 grant_type=client_credentials

您需要使用Authorization标头发送客户端凭据。