客户端密码在哪里进入后端的Google Auth?

时间:2019-07-05 16:51:53

标签: oauth-2.0 google-authentication

我正在跟踪this guide来对后端的GET POSTPUT请求进行身份验证。在我的前端,用户登录Google。每当他们想要访问后端api时,他们都必须发送标头,其中Authorization是前端Google User对象(googleUser.getAuthResponse().id_token)上的令牌。然后,我的flask应用程序确保每个请求都具有有效的令牌:

@BP.before_app_request
def default_login_required():
    if not request.endpoint or request.endpoint.rsplit(".", 1)[-1] == "static":
        return

    view = current_app.view_functions[request.endpoint]

    if getattr(view, "login_exempt", False):
        return

    valid, idinfo = token_verified(request.headers.get("Authorization"))

    if valid:
        return

    msg = json.dumps(idinfo)

    return Response(msg, mimetype="application/json", status=401)


def token_verified(token) -> Tuple[bool, Union[dict, str]]:
    try:
        idinfo = id_token.verify_oauth2_token(
            token, requests.Request(), OAUTH2_CLIENT_ID
        )
        if idinfo["iss"] not in [
        "accounts.google.com",
        "https://accounts.google.com",
    ]:
        raise ValueError("Wrong issuer.")

    # If auth request is from a G Suite domain:
    if idinfo["hd"] != "mycompany.com":
        raise ValueError("Wrong hosted domain.")

    logging.info(f"User {idinfo['email']} validated")

    return True, idinfo

except ValueError as e:
    msg = f"User is not validated, {str(e)}"
    logging.info(msg)
    return False, msg

但是,我希望可以在某个地方使用客户端密码来验证此请求。不需要吗?我是否正确完成了授权?

0 个答案:

没有答案