我正在一个需要实施SSO的项目中。我的SSO OAuth2凭据大致如下:
SECRET = 'abcdefghijklmn12345678'
ACCESS_TOKEN_URL = "https://myprovider.example.com/as/token.oauth2"
USER_API_URL = "https://myprovider.example.com/idp/userinfo.openid"
JWKS_URL = "https://myprovider.example.com/pf/JWKS"
REDIRECT_URI = "http://localhost/api/1/auth/ping"
AUTH_ENDPOINT = "https://myprovider.example.com/as/authorization.oauth2"
我正在使用的库已经过测试,应该可以运行,但是由于某些原因失败:
[2018-09-13 14:09:29,796] ERROR in app: Exception on /api/1/auth/ping [POST]
Traceback (most recent call last):
File "/www/lemur/lib/python3.6/site-packages/urllib3/connection.py", line 171, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw)
File "/www/lemur/lib/python3.6/site-packages/urllib3/util/connection.py", line 59, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib/python3.6/socket.py", line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/www/lemur/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/www/lemur/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/www/lemur/lib/python3.6/site-packages/urllib3/connectionpool.py", line 849, in _validate_conn
conn.connect()
File "/www/lemur/lib/python3.6/site-packages/urllib3/connection.py", line 314, in connect
conn = self._new_conn()
File "/www/lemur/lib/python3.6/site-packages/urllib3/connection.py", line 180, in _new_conn
self, "Failed to establish a new connection: %s" % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7fc15ed415f8>: Failed to establish a new connection: [Errno -2] Name or service not known
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/www/lemur/lib/python3.6/site-packages/requests/adapters.py", line 445, in send
timeout=timeout
File "/www/lemur/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/www/lemur/lib/python3.6/site-packages/urllib3/util/retry.py", line 398, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='myprovider.example.com', port=443): Max retries exceeded with url: /as/token.oauth2?grant_type=authorization_code&scope=openid+email+profile&code=abcdef123-ghijklm456&redirect_uri=http%3A%2F%2Flocalhost%2Fapi%2F1%2Fauth%2Fping&client_id=lemur (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fc15ed415f8>: Failed to establish a new connection: [Errno -2] Name or service not known',))
经过一些调试,我发现该异常源自SSO库中的r = requests.post(access_token_url, headers=headers, params=params, verify=verify_cert)。
我打印出access_token_url的值,即https://myprovider.example.com/as/token.oauth2。
一些Google搜索人员告诉我,socket.gaierror: [Errno -2] Name or service not known可能来自这样一个事实,即它期望使用主机名而不是URL,即仅使用myprovider.example.com/as/token.oauth2(不带https://)。主机名myprovider.example.com/as/token.oauth2不会随处可见,在浏览器上访问它会返回“无法接收重发”消息。不过,访问https://myprovider.example.com/as/token.oauth2很好。
我的提供者要求前面有https://(例如https://myprovider.example.com/as/token.oauth2),否则我将收到来自浏览器的“无法接收响应”消息。即使将端口443附加为myprovider.example.com:443/as/token.oauth2也将不起作用。 http://myprovider.example.com也不重定向到https,并返回“无法接收响应”消息。
解析https://,使access_token_url = 'myprovider.example.com/as/token.oauth2'也失败。
是否可能需要使用https://(或更可能是无法使用它)?
谢谢!