Skip to content

获取到client_id和client_secret 后 无法访问获取token 和访问真正的api接口。 #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
zhaowenjun333 opened this issue Oct 23, 2019 · 4 comments
Closed

获取到client_id和client_secret 后 无法访问获取token 和访问真正的api接口。 #60

zhaowenjun333 opened this issue Oct 23, 2019 · 4 comments

Comments

@zhaowenjun333
Copy link

example 启动后创建了一个 Client 并拿到里面的 id 和 secret ,无法访问token .我的代码如下:

def localgettokenByrequests():
    r = requests.post(auth=HTTPBasicAuth('2SLED10pAVovtLhyXkTxaYDk', 'gUPxTr8L0mtqSAWzSefFjGtwgTBeDdJqTCxwVuNlMamoVLC6'),
                      url='http://127.0.0.1:5000/oauth/token?grant_type=client_credentials')
    print( r )
    tokenjson = r.json()
    print(tokenjson)
    print(tokenjson.get('access_token'))
    authorrization = "Bearer {}".format(tokenjson.get('access_token'))

if __name__ =="__main__":
    r = localgettokenByrequests()

我目前想用oauth2 加密我的api接口,我会发放id和secret给另外一个java 服务使用,java通过调用token 接口,得到token,然后再调用真的数据api。请问我是哪里用错了么。
@lepture
Copy link
Member

lepture commented Oct 23, 2019

grant_type=client_credentials should be in POST payload, not URI.

@lepture lepture closed this as completed Oct 23, 2019
@zhaowenjun333
Copy link
Author

zhaowenjun333 commented Oct 24, 2019
edited
Loading

I want to secure api with Oauth2,usage like below.

environment:

win10,py3.6,
Flask=1.1.1
Flask-SQLAlchemy=2.4.1
oauthlib=2.1.0

create a client:

client

get client_id and client_secret:

{"client_name": "parchmentSendser", "client_uri": "", "contacts": [], "grant_types": ["client_credentials"], "jwks": null, "jwks_uri": null, "logo_uri": null, "policy_uri": null, "redirect_uris": [], "response_types": ["code"], "scope": "profile", "token_endpoint_auth_method": "client_secret_basic", "tos_uri": null}

step by step to get data

  • get token

 r = requests.post(auth=HTTPBasicAuth('qGbJKewh2oWY5C4sa4yGYIiS','DG86lovQfVm58350H7IOS4BHYCSIrXWB7wYFVCDrXLkoPaWC') ,url='http://127.0.0.1:5000/oauth/token',
    data = {"grant_type":"client_credentials","scope":"profile"})
#r=<Response [500]>

  • expected result

{'token_type': 'bearer', 'access_token': 'EI1G6lGOdfTxoUUpWSrkD0K1zW1Mdskx', 'expires_in': 7200}

  • uage token

params = {   }
print(authorrization)
r2 = requests.get(url= 'http://127.0.0.1:5000/api/me',headers={ 'Authorization':authorrization,"Content-Type":"application/json"},params=params)

now,I can't move forward, help me how to config ,thx。

@lepture
Copy link
Member

lepture commented Oct 24, 2019

Not sure if you are asking in the right repo. You are using oauthlib==2.1.0, which is clearly not used in this repo.

We accept community helps on StackOverflow and bug reports on GitHub issues. We do not offer help for your own project. However, if you are working on your company’s project, it is suggested that you asking your company to purchase a commercial support. Check https://authlib.org/support

@zhaowenjun333
Copy link
Author

yeah,i am just practice,I have realized it isn`t suitable for my needs. appreciate your help。thank you again。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lepture @zhaowenjun333