我正在尝试使用我的授权代码获取访问令牌:
curl --basic --user "{client_id}:{client_secret}" -X POST -d "grant_type=authorization_code&code={code}&state={state}" http://127.0.0.1:5000/oauth/token
当我请求授权代码时,我通过了 state 参数:
http://127.0.0.1:5000/oauth/authorize?response_type=code&client_id={client_id}&state={state}
但是我的身份验证服务响应:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>
我在调试模式下检查了执行情况,Authlib试图获取OAuthRequest中的 state 键,但找不到它。
我无法理解我做错了什么?
路线:
@bp.route("/oauth/authorize", methods=['GET'])
@login_required
def authorize():
user = current_user()
return server.create_authorization_response(grant_user=user)
@bp.route('/oauth/token', methods=['POST'])
def issue_token():
return server.create_token_response()