我的目标是实现这一目标: https://github.com/Azure-Samples/active-directory-python-flask-graphapi-web-v2
使用更新的Authlib库。 https://github.com/lepture/authlib
我需要一个使用证书进行身份验证的应用程序(无需用户登录),并使用Microsoft的Graph API从Azure AD(v2.0终结点)SharePoint文档库中获取数据。
这是使用'flask_oauthlib'的原始代码:
from flask import Flask, redirect, url_for, session, request, jsonify, render_template
from flask_oauthlib.client import OAuth, OAuthException
# from flask_sslify import SSLify
from logging import Logger
import uuid
app = Flask(__name__)
# sslify = SSLify(app)
app.debug = True
app.secret_key = 'development'
oauth = OAuth(app)
# Put your consumer key and consumer secret into a config file
# and don't check it into github!!
microsoft = oauth.remote_app(
'microsoft',
consumer_key='Register your app at apps.dev.microsoft.com',
consumer_secret='Register your app at apps.dev.microsoft.com',
request_token_params={'scope': 'offline_access User.Read'},
base_url='https://graph.microsoft.com/v1.0/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://login.microsoftonline.com/common/oauth2/v2.0/token',
authorize_url='https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
)
@app.route('/')
def index():
return render_template('hello.html')
@app.route('/login', methods = ['POST', 'GET'])
def login():
if 'microsoft_token' in session:
return redirect(url_for('me'))
# Generate the guid to only accept initiated logins
guid = uuid.uuid4()
session['state'] = guid
return microsoft.authorize(callback=url_for('authorized', _external=True), state=guid)
@app.route('/logout', methods = ['POST', 'GET'])
def logout():
session.pop('microsoft_token', None)
session.pop('state', None)
return redirect(url_for('index'))
@app.route('/login/authorized')
def authorized():
response = microsoft.authorized_response()
if response is None:
return "Access Denied: Reason=%s\nError=%s" % (
response.get('error'),
request.get('error_description')
)
# Check response for state
print("Response: " + str(response))
if str(session['state']) != str(request.args['state']):
raise Exception('State has been messed with, end authentication')
# Okay to store this in a local variable, encrypt if it's going to client
# machine or database. Treat as a password.
session['microsoft_token'] = (response['access_token'], '')
return redirect(url_for('me'))
@app.route('/me')
def me():
me = microsoft.get('me')
return render_template('me.html', me=str(me.data))
# If library is having trouble with refresh, uncomment below and implement refresh handler
# see https://github.com/lepture/flask-oauthlib/issues/160 for instructions on how to do this
# Implements refresh token logic
# @app.route('/refresh', methods=['POST'])
# def refresh():
@microsoft.tokengetter
def get_microsoft_oauth_token():
return session.get('microsoft_token')
if __name__ == '__main__':
app.run()
这是我到目前为止已更新为“ authlib.flask”的代码:
from flask import Flask
from flask import redirect, url_for, session, request, jsonify, render_template
from authlib.flask.client import OAuth
from logging import Logger
import uuid
app = Flask(__name__)
app.debug = True
app.secret_key = 'development'
oauth = OAuth(app)
# Put your consumer key and consumer secret into a config file
# and don't check it into github!!
microsoft = oauth.register(
'microsoft',
client_id='Register your app at apps.dev.microsoft.com',
client_secret='Register your app at apps.dev.microsoft.com',
request_token_params={'scope': 'offline_access User.Read'},
api_base_url='https://graph.microsoft.com/v1.0/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://login.microsoftonline.com/common/oauth2/v2.0/token',
authorize_url='https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
)
@app.route('/')
def index():
return render_template('hello.html')
@app.route('/login', methods = ['POST', 'GET'])
def login():
if 'microsoft_token' in session:
return redirect(url_for('me'))
# Generate the guid to only accept initiated logins
guid0 = uuid.uuid4()
guid = guid0.bytes
session['state'] = guid
return microsoft.authorize_redirect(url_for('authorized', _external=True), state=guid)
@app.route('/logout', methods = ['POST', 'GET'])
def logout():
session.pop('microsoft_token', None)
session.pop('state', None)
return redirect(url_for('index'))
@app.route('/login/authorized')
def authorized():
response = microsoft.authorize_access_token()
if response is None:
return "Access Denied: Reason=%s\nError=%s" % (
response.get('error'),
request.get('error_description')
)
# Check response for state
print("Response: " + str(response))
if str(session['state']) != str(request.args['state']):
raise Exception('State has been messed with, end authentication')
# Okay to store this in a local variable, encrypt if it's going to client
# machine or database. Treat as a password.
session['microsoft_token'] = (response['access_token'], '')
return redirect(url_for('me'))
@app.route('/me')
def me():
me = microsoft.get('me')
return render_template('me.html', me=str(me.data))
# If library is having trouble with refresh, uncomment below and implement refresh handler
# see https://github.com/lepture/flask-oauthlib/issues/160 for instructions on how to do this
# Implements refresh token logic
# @app.route('/refresh', methods=['POST'])
# def refresh():
@microsoft.tokengetter
def get_microsoft_oauth_token():
return session.get('microsoft_token')
if __name__ == '__main__':
app.run()
我受困的部分是如何处理:
@microsoft.tokengetter
def get_microsoft_oauth_token():
return session.get('microsoft_token')
“将OAuth客户端从Flask-OAuthlib迁移到Authlib”中的Authlib文档指出:
如果要使用类似方法访问资源 oauth.twitter.get(...),您需要确保准备好 使用访问令牌。这部分在Flask-OAuthlib之间有很大的不同 和Authlib。
在Flask-OAuthlib中,它由装饰器处理:
@twitter.tokengetter
def get_twitter_oauth_token():
token = fetch_from_somewhere()
return token
tokengetter返回的令牌可以是元组或dict。但在 Authlib,它只能是字典,并且Authlib不使用装饰器来 而是获取令牌,您应该将此函数传递给注册表:
# register the two methods oauth.register('twitter',
client_id='Twitter Consumer Key',
client_secret='Twitter Consumer Secret',
request_token_url='https://api.twitter.com/oauth/request_token',
request_token_params=None,
access_token_url='https://api.twitter.com/oauth/access_token',
access_token_params=None,
refresh_token_url=None,
authorize_url='https://api.twitter.com/oauth/authenticate',
api_base_url='https://api.twitter.com/1.1/',
client_kwargs=None,
# NOTICE HERE
fetch_token=fetch_twitter_token,
save_request_token=save_request_token,
fetch_request_token=fetch_request_token, )
https://blog.authlib.org/2018/migrate-flask-oauthlib-client-to-authlib
我不知道如何处理'@ microsoft.tokengetter'
有人有什么建议吗?
答案 0 :(得分:0)
在http://docs.authlib.org/en/latest/flask/client.html#flask-client上查看文档
以下是您的问题中的一些无效代码:
答案 1 :(得分:0)
lepture
在http://docs.authlib.org/en/latest/flask/client.html#flask-client上查看文档
以下是您的问题中的一些无效代码:
- session ['state']没有用,请删除相关代码
- request_token_params仅用于OAuth1
- 天蓝色示例:https://github.com/authlib/loginpass/blob/master/loginpass/azure.py
有机会的话我会澄清。
我想使用Flask,在您的烧瓶示例中,我没有看到Azure的字段。 在config.py中,我是否需要像其他所有站点一样为天蓝色添加一个部分:
SECRET_KEY = b'secret'
TWITTER_CLIENT_ID = ''
TWITTER_CLIENT_SECRET = ''
更改为?:
SECRET_KEY = b'secret'
AZURE_CLIENT_ID = ''
AZURE_CLIENT_SECRET = ''
然后我想我只需要Loginpass文件夹中的 init ,_ const,_core,_flask和Azure Py文件。 然后,我将需要flask_example文件夹中的app和config py文件,并从loginpass导入azure。
我正确地考虑了吗?