Django Rest Framework API如何从请求中提取access_token?
[英]Django Rest Framework API How to extract access_token from request?
问题描述
My API is currently protected by the OAuth2TokenAuthentication from django-oauth-toolkit, so that it can validate API requests that contains access token in following ways: 
我的API当前受到django-oauth-toolkit中的OAuth2TokenAuthentication的保护,因此它可以通过以下方式验证包含访问令牌的API请求:
- as query param
?access_token=xxxx作为查询参数?access_token=xxxx - in header
Authorization: Bearer xxxx在标题Authorization: Bearer xxxx
while I can hardcode in my API view to try to get the access token from those 2 places, is there a canonical way to obtain the token? 虽然我可以在API视图中进行硬编码以尝试从这两个位置获取访问令牌,但是有没有一种规范的方法来获取令牌?
1 个解决方案
解决方案1
0 2016-02-16 01:37:10
I dug through the code inside OAuth2TokenAuthentication, and borrowed it into my API View: 我翻阅了OAuth2TokenAuthentication内部的代码,并将其借入了我的API视图:
class IntrospectView(APIView):
"""
An API view that introspect a given token
"""
serializer_class = TokenIntrospectSerializer
authentication_classes = []
permission_classes = []
def get(self, request, *args, **kwargs):
oauthlib_core = get_oauthlib_core()
valid, r = oauthlib_core.verify_request(request, scopes=[])
if not valid:
raise APIException('Invalid token')
return Response(TokenIntrospectSerializer(r.access_token).data)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.