将'flask_oauthlib.client'更新/转换为'authlib.flask.client'-没有用户的Microsoft Graph v2访问

Question

我的目标是实现这一目标： https://github.com/Azure-Samples/active-directory-python-flask-graphapi-web-v2

使用更新的Authlib库。 https://github.com/lepture/authlib

我需要一个使用证书进行身份验证的应用程序（无需用户登录），并使用Microsoft的Graph API从Azure AD（v2.0终结点）SharePoint文档库中获取数据。

这是使用'flask_oauthlib'的原始代码：

from flask import Flask, redirect, url_for, session, request, jsonify, render_template
from flask_oauthlib.client import OAuth, OAuthException

# from flask_sslify import SSLify

from logging import Logger
import uuid

app = Flask(__name__)
# sslify = SSLify(app)
app.debug = True
app.secret_key = 'development'
oauth = OAuth(app)

# Put your consumer key and consumer secret into a config file
# and don't check it into github!!
microsoft = oauth.remote_app(
    'microsoft',
    consumer_key='Register your app at apps.dev.microsoft.com',
    consumer_secret='Register your app at apps.dev.microsoft.com',
    request_token_params={'scope': 'offline_access User.Read'},
    base_url='https://graph.microsoft.com/v1.0/',
    request_token_url=None,
    access_token_method='POST',
    access_token_url='https://login.microsoftonline.com/common/oauth2/v2.0/token',
    authorize_url='https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
)


@app.route('/')
def index():
    return render_template('hello.html')

@app.route('/login', methods = ['POST', 'GET'])
def login():

    if 'microsoft_token' in session:
        return redirect(url_for('me'))

    # Generate the guid to only accept initiated logins
    guid = uuid.uuid4()
    session['state'] = guid

    return microsoft.authorize(callback=url_for('authorized', _external=True), state=guid)

@app.route('/logout', methods = ['POST', 'GET'])
def logout():
    session.pop('microsoft_token', None)
    session.pop('state', None)
    return redirect(url_for('index'))

@app.route('/login/authorized')
def authorized():
    response = microsoft.authorized_response()

    if response is None:
        return "Access Denied: Reason=%s\nError=%s" % (
            response.get('error'),
            request.get('error_description')
        )

    # Check response for state
    print("Response: " + str(response))
    if str(session['state']) != str(request.args['state']):
        raise Exception('State has been messed with, end authentication')

    # Okay to store this in a local variable, encrypt if it's going to client
    # machine or database. Treat as a password.
    session['microsoft_token'] = (response['access_token'], '')

    return redirect(url_for('me'))

@app.route('/me')
def me():
    me = microsoft.get('me')
    return render_template('me.html', me=str(me.data))



# If library is having trouble with refresh, uncomment below and implement refresh handler
# see https://github.com/lepture/flask-oauthlib/issues/160 for instructions on how to do this

# Implements refresh token logic
# @app.route('/refresh', methods=['POST'])
# def refresh():

@microsoft.tokengetter
def get_microsoft_oauth_token():
    return session.get('microsoft_token')

if __name__ == '__main__':
    app.run()

这是我到目前为止已更新为“ authlib.flask”的代码：

from flask import Flask
from flask import redirect, url_for, session, request, jsonify, render_template
from authlib.flask.client import OAuth
from logging import Logger

import uuid


app = Flask(__name__)

app.debug = True
app.secret_key = 'development'
oauth = OAuth(app)

# Put your consumer key and consumer secret into a config file
    # and don't check it into github!!
microsoft = oauth.register(
    'microsoft',
    client_id='Register your app at apps.dev.microsoft.com',
    client_secret='Register your app at apps.dev.microsoft.com',
    request_token_params={'scope': 'offline_access User.Read'},
    api_base_url='https://graph.microsoft.com/v1.0/',
    request_token_url=None,
    access_token_method='POST',
    access_token_url='https://login.microsoftonline.com/common/oauth2/v2.0/token',
    authorize_url='https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
)

@app.route('/')
def index():
    return render_template('hello.html')

@app.route('/login', methods = ['POST', 'GET'])
def login():
    if 'microsoft_token' in session:
        return redirect(url_for('me'))

    # Generate the guid to only accept initiated logins
    guid0 = uuid.uuid4()
    guid = guid0.bytes
    session['state'] = guid

    return microsoft.authorize_redirect(url_for('authorized', _external=True), state=guid)

@app.route('/logout', methods = ['POST', 'GET'])
def logout():
    session.pop('microsoft_token', None)
    session.pop('state', None)
    return redirect(url_for('index'))

@app.route('/login/authorized')
def authorized():
    response = microsoft.authorize_access_token()

    if response is None:
        return "Access Denied: Reason=%s\nError=%s" % (
            response.get('error'),
            request.get('error_description')
        )

    # Check response for state
    print("Response: " + str(response))
    if str(session['state']) != str(request.args['state']):
        raise Exception('State has been messed with, end authentication')

    # Okay to store this in a local variable, encrypt if it's going to client
    # machine or database. Treat as a password.
    session['microsoft_token'] = (response['access_token'], '')

    return redirect(url_for('me'))

@app.route('/me')
def me():
    me = microsoft.get('me')
    return render_template('me.html', me=str(me.data))


# If library is having trouble with refresh, uncomment below and implement refresh handler
# see https://github.com/lepture/flask-oauthlib/issues/160 for instructions on how to do this

# Implements refresh token logic
# @app.route('/refresh', methods=['POST'])
# def refresh():

@microsoft.tokengetter
def get_microsoft_oauth_token():
    return session.get('microsoft_token')

if __name__ == '__main__':
    app.run()

我受困的部分是如何处理：

@microsoft.tokengetter
def get_microsoft_oauth_token():
    return session.get('microsoft_token')

“将OAuth客户端从Flask-OAuthlib迁移到Authlib”中的Authlib文档指出：

  

如果要使用类似方法访问资源   oauth.twitter.get（...），您需要确保准备好   使用访问令牌。这部分在Flask-OAuthlib之间有很大的不同   和Authlib。

     

在Flask-OAuthlib中，它由装饰器处理：

 @twitter.tokengetter
 def get_twitter_oauth_token():
     token = fetch_from_somewhere()
     return token

  

tokengetter返回的令牌可以是元组或dict。但在   Authlib，它只能是字典，并且Authlib不使用装饰器来   而是获取令牌，您应该将此函数传递给注册表：

 # register the two methods oauth.register('twitter',
     client_id='Twitter Consumer Key',
     client_secret='Twitter Consumer Secret',
     request_token_url='https://api.twitter.com/oauth/request_token',
     request_token_params=None,
     access_token_url='https://api.twitter.com/oauth/access_token',
     access_token_params=None,
     refresh_token_url=None,
     authorize_url='https://api.twitter.com/oauth/authenticate',
     api_base_url='https://api.twitter.com/1.1/',
     client_kwargs=None,
     # NOTICE HERE
     fetch_token=fetch_twitter_token,
     save_request_token=save_request_token,
     fetch_request_token=fetch_request_token, )

https://blog.authlib.org/2018/migrate-flask-oauthlib-client-to-authlib

我不知道如何处理'@ microsoft.tokengetter'

有人有什么建议吗？

Answer 1

在http://docs.authlib.org/en/latest/flask/client.html#flask-client上查看文档

以下是您的问题中的一些无效代码：

1. session ['state']没有用，请删除相关代码
2. request_token_params仅用于OAuth1
3. 天蓝色示例：https://github.com/authlib/loginpass/blob/master/loginpass/azure.py

Answer 2

lepture

  

在http://docs.authlib.org/en/latest/flask/client.html#flask-client上查看文档

     

以下是您的问题中的一些无效代码：

     

  
1. session ['state']没有用，请删除相关代码
  
2. request_token_params仅用于OAuth1
  
3. 天蓝色示例：https://github.com/authlib/loginpass/blob/master/loginpass/azure.py
  

有机会的话我会澄清。

我想使用Flask，在您的烧瓶示例中，我没有看到Azure的字段。 在config.py中，我是否需要像其他所有站点一样为天蓝色添加一个部分：

SECRET_KEY = b'secret'
TWITTER_CLIENT_ID = ''
TWITTER_CLIENT_SECRET = ''

更改为？：

SECRET_KEY = b'secret'
AZURE_CLIENT_ID = ''
AZURE_CLIENT_SECRET = ''

然后我想我只需要Loginpass文件夹中的 init ，_ const，_core，_flask和Azure Py文件。 然后，我将需要flask_example文件夹中的app和config py文件，并从loginpass导入azure。

我正确地考虑了吗？