[英]Authlib 0.6+ does not work with Auth0 impersonation and Flask
Auth0 impersonation directly calls the on success authentication callback URL skipping the initial step of authentication. Auth0模拟直接跳过认证的第一步,直接调用成功认证回调URL。 This causes an issue because flask/client/OAuth.authorize_access_token(), which is called as part of the callback processing, requires the presence of the session variable
_auth0_callback_
but this variable is not set because the only place it is set, flask/client/OAuth.authorize_redirect(), is not called in this situation. 这引起了一个问题,因为在回调处理中被调用的flask / client / OAuth.authorize_access_token()需要存在会话变量
_auth0_callback_
但是未设置此变量,因为设置了唯一的位置flask / client在这种情况下,不会调用/OAuth.authorize_redirect()。
We've added a hack to set the _auth0_callback_
session variable if it doesn't exist just before the call to flask/client/OAuth.authorize_access_token() but this doesn't seem right and I'm just wondering if we're doing something wrong. 我们已经添加了一个技巧来设置
_auth0_callback_
会话变量(如果在调用flask / client / OAuth.authorize_access_token()之前不存在该变量),但这似乎不正确,我只是想知道我们是否正在这样做有问题。
We've also experienced a similar issue with the _auth0_state_
session variable but this might have been fixed in v0.7 that I'm testing now. _auth0_state_
会话变量也遇到了类似的问题,但是我现在正在测试的v0.7中可能已经解决了此问题。 We currently are using Authlib v0.6 in production. 我们目前正在生产中使用Authlib v0.6。
Have raised this issue with Auth0 but have not had any response. 用Auth0引发了此问题 ,但没有任何响应。
Any help appreciated, thx 任何帮助表示赞赏,谢谢
UPDATE... 更新中...
Looking deeper into Authlib it looks like that for the flask/client/OAuth.authorize_access_token()
call the callback URL is not required in OAuth2Session.fetch_access_token()
to fetch the token if the token is included in the authorisation response and it kind of makes sense that the access token is included in the authorisation response in the case of the impersonation - see OAuth2Session.fetch_access_token()#152 . 从Authlib的更深层看,对于
flask/client/OAuth.authorize_access_token()
调用,如果令牌包含在授权响应中,并且OAuth2Session.fetch_access_token()
不需要回调URL即可获取令牌。在模拟的情况下,感觉访问令牌包含在授权响应中-请参阅OAuth2Session.fetch_access_token()#152 。 So maybe that authorisation response access token from Auth0 impersonation doesn't exist or is not being properly passed through... 因此,也许来自Auth0模拟的授权响应访问令牌不存在或未正确传递...
According to my acknowledge, Auth0 accepts a redirect_uri parameter. 根据我的确认,Auth0接受redirect_uri参数。 Check this example: https://github.com/lepture/auth0-python-web-app/blob/patch-1/01-Login/server.py
检查以下示例: https : //github.com/lepture/auth0-python-web-app/blob/patch-1/01-Login/server.py
The Flask integration is a wrapper on OAuth2Session which provides authorize_redirect
and authorize_access_token
methods to handle everything automatically for you. Flask集成是OAuth2Session的包装,它提供了
authorize_redirect
和authorize_access_token
方法来自动为您处理所有事情。 If you find the high level integration can't meet your need, you can always use the methods of OAuthClient. 如果您发现高级集成无法满足您的需求,则可以始终使用OAuthClient的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.