Django OAuth2 无效 grant_type
Django OAuth2 invalid grant_type
我正在使用 Django OAuth 工具包并成功创建了 sign_up 调用 - 在 return 中给我这样的响应:
{
"username": "boban16",
"client_id": "sxFB8WOd5qupdyp5c4pjJHXAQQFPVCW7FKA3SUmy",
"client_secret": "3nUreBDpx9cCSEeVyOhpXZ76Om0keOxFwK2rRQJNK5wvYuA1tUF37sH0Of473wCgeJ3tCmflN9kPnP9VkgepWxrARC6iimqI6y34pyVU7otlcXHjS2SSOmsP2c0XNxrA"
}
所以,我现在正在尝试调用以使用 Postman 应用程序生成令牌 - 请求如下所示:
这是回复:
{
"error_description": "Invalid credentials given.",
"error": "invalid_grant"
}
这是我来自 urls.py
的代码
urlpatterns = patterns('',
url(r'^sign_up/$', SignUp.as_view(), name="sign_up"),
url(r'^login/$', Login.as_view(), name="login"),
url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
)
这是 settings.py
的一部分
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
# 'rest_framework.authentication.BasicAuthentication',
'oauth2_provider.ext.rest_framework.OAuth2Authentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny',
),
}
我不确定问题出在哪里,我该如何解决。有没有人建议如何让它发挥作用?非常感谢!
--------更新--------
我终于得到了一些回应:
curl -v http://127.0.0.1:8000/o/token/ -X POST -u "<client_id>:<client_secret>" -d "grant_type=client_credentials"
这是回复:
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
* Server auth using Basic with user 'JNBUdgUJ44ndu49yeokHxU0ZUNfIbpdESC8PVTQU'
> POST /o/token/ HTTP/1.1
> Authorization: Basic Sk5CVWRnVUo0NG5kdTQ5eWVva0h4VTBaVU5mSWJwZEVTQzhQVlRRVTpaQVNwZ0xLY3didXA2ajJ2YlJqakc1WlFZenpWWFZWQU5HcHJ0WWZVNnIya2VpUkEzZW9vNlh5M0tSMENkOGpWN3FLT2xFTENoTHZTUk5vTzBkUE5YNGdoRXdvRnB4UDNKbHdxY0FqRkpIV0RmSkJzYnpmNjJ5dE5DaEFVM29RcA==
> User-Agent: curl/7.37.1
> Host: 127.0.0.1:8000
> Accept: */*
> Content-Length: 29
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 29 out of 29 bytes
* HTTP 1.0, assume close after body
< HTTP/1.0 401 UNAUTHORIZED
< Date: Sat, 13 Jun 2015 16:14:19 GMT
< Server: WSGIServer/0.2 CPython/3.4.3
< Content-Type: application/json
< Cache-Control: no-store
< Pragma: no-cache
< X-Frame-Options: SAMEORIGIN
<
* Closing connection 0
{"error": "unauthorized_client"}
正如您在回复中看到的那样 - 我获得了授权令牌,但它最后说 - 未经授权的客户端。那可以吗?谢谢!
我找到问题了
自动创建应用程序的 post_save 信号出现问题。
def create_auth_client(sender, instance=None, created=False, **kwargs):
"""
Intended to be used as a receiver function for a `post_save` signal
on a custom User model
Creates client_id and client_secret for authenticated users
"""
if created:
Application.objects.create(user=instance,
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_CLIENT_CREDENTIALS)
# TODO
post_save.connect(create_auth_client, sender=User)
现在这是正确的解决方案。然后您可以使用这些调用 sign_up / 获取 oauth2 令牌:
curl -X POST -F "username=test1" -F "password=test1" http://127.0.0.1:8000/sign_up/
curl -X POST -d "grant_type=client_credentials" -u "<client_id>:<client_secret>" http://127.0.0.1:8000/o/token/
我正在使用 Django OAuth 工具包并成功创建了 sign_up 调用 - 在 return 中给我这样的响应:
{
"username": "boban16",
"client_id": "sxFB8WOd5qupdyp5c4pjJHXAQQFPVCW7FKA3SUmy",
"client_secret": "3nUreBDpx9cCSEeVyOhpXZ76Om0keOxFwK2rRQJNK5wvYuA1tUF37sH0Of473wCgeJ3tCmflN9kPnP9VkgepWxrARC6iimqI6y34pyVU7otlcXHjS2SSOmsP2c0XNxrA"
}
所以,我现在正在尝试调用以使用 Postman 应用程序生成令牌 - 请求如下所示:
这是回复:
{
"error_description": "Invalid credentials given.",
"error": "invalid_grant"
}
这是我来自 urls.py
的代码urlpatterns = patterns('',
url(r'^sign_up/$', SignUp.as_view(), name="sign_up"),
url(r'^login/$', Login.as_view(), name="login"),
url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
)
这是 settings.py
的一部分REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
# 'rest_framework.authentication.BasicAuthentication',
'oauth2_provider.ext.rest_framework.OAuth2Authentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny',
),
}
我不确定问题出在哪里,我该如何解决。有没有人建议如何让它发挥作用?非常感谢!
--------更新--------
我终于得到了一些回应:
curl -v http://127.0.0.1:8000/o/token/ -X POST -u "<client_id>:<client_secret>" -d "grant_type=client_credentials"
这是回复:
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
* Server auth using Basic with user 'JNBUdgUJ44ndu49yeokHxU0ZUNfIbpdESC8PVTQU'
> POST /o/token/ HTTP/1.1
> Authorization: Basic Sk5CVWRnVUo0NG5kdTQ5eWVva0h4VTBaVU5mSWJwZEVTQzhQVlRRVTpaQVNwZ0xLY3didXA2ajJ2YlJqakc1WlFZenpWWFZWQU5HcHJ0WWZVNnIya2VpUkEzZW9vNlh5M0tSMENkOGpWN3FLT2xFTENoTHZTUk5vTzBkUE5YNGdoRXdvRnB4UDNKbHdxY0FqRkpIV0RmSkJzYnpmNjJ5dE5DaEFVM29RcA==
> User-Agent: curl/7.37.1
> Host: 127.0.0.1:8000
> Accept: */*
> Content-Length: 29
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 29 out of 29 bytes
* HTTP 1.0, assume close after body
< HTTP/1.0 401 UNAUTHORIZED
< Date: Sat, 13 Jun 2015 16:14:19 GMT
< Server: WSGIServer/0.2 CPython/3.4.3
< Content-Type: application/json
< Cache-Control: no-store
< Pragma: no-cache
< X-Frame-Options: SAMEORIGIN
<
* Closing connection 0
{"error": "unauthorized_client"}
正如您在回复中看到的那样 - 我获得了授权令牌,但它最后说 - 未经授权的客户端。那可以吗?谢谢!
我找到问题了
自动创建应用程序的 post_save 信号出现问题。
def create_auth_client(sender, instance=None, created=False, **kwargs):
"""
Intended to be used as a receiver function for a `post_save` signal
on a custom User model
Creates client_id and client_secret for authenticated users
"""
if created:
Application.objects.create(user=instance,
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_CLIENT_CREDENTIALS)
# TODO
post_save.connect(create_auth_client, sender=User)
现在这是正确的解决方案。然后您可以使用这些调用 sign_up / 获取 oauth2 令牌:
curl -X POST -F "username=test1" -F "password=test1" http://127.0.0.1:8000/sign_up/
curl -X POST -d "grant_type=client_credentials" -u "<client_id>:<client_secret>" http://127.0.0.1:8000/o/token/