星状令牌端点缺少客户端ID

时间:2019-10-09 16:32:17

标签: django-rest-framework nebular

我正在使用 Nebular Django API。

我具有以下身份验证策略设置

  NbOAuth2AuthStrategy.setup({
    name: 'oauth',
    baseEndpoint: `${environment.apiURL}auth/`,
    clientId: `${environment.clientId}`,
    clientSecret: `${environment.clientSecret}`,
    clientAuthMethod: NbOAuth2ClientAuthMethod.BASIC,
    redirect: {
      success: '/',
      failure: null,
    },
    token: {
      endpoint: 'token/',
      grantType: NbOAuth2GrantType.PASSWORD,
      class: NbAuthOAuth2Token,
    },
  }),

端点必须接受client_idclient_secret才能登录。

邮递员的有效载荷是

enter image description here

但是Nebular请求包含以下数据

body: "grant_type=password&username=test%40example.com&password=test1234"
headers: HttpHeaders {normalizedNames: Map(2), lazyUpdate: null, headers: Map(2), lazyInit: null}
method: "POST"
params: HttpParams {updates: null, cloneFrom: null, encoder: HttpUrlEncodingCodec, map: Map(0)}
reportProgress: false
responseType: "json"

正文缺少client_idclient_secret。如何添加client_idclient_secret

2 个答案:

答案 0 :(得分:0)

client_idclient_secret不在请求的正文中。您已设置clientAuthMethod: NbOAuth2ClientAuthMethod.BASIC,它将把这些值添加到Authorization标头中。

如果您查看请求的标头,则标头的格式应如下所示……

Authorization Basic <base64-encoded-string (client_id:client_secret)>

答案 1 :(得分:0)

您可以将要在请求正文中提供的客户端身份验证设置为:

...NbAuthModule.forRoot({
    strategies: [
      NbOAuth2AuthStrategy.setup({
        clientId: environment.auth.clientId,
        clientSecret: environment.auth.clientSecret,
        clientAuthMethod: NbOAuth2ClientAuthMethod.REQUEST_BODY,
        name: 'email',
        baseEndpoint: environment.serverBaseUrL,
        token: {
          endpoint: '/api/oauth/token',
          grantType: NbOAuth2GrantType.PASSWORD,
          ...
        },
      }),
    ],