无法设置 django-oauth-toolkit 身份验证
[英]Could not setup django-oauth-toolkit authentication
问题描述
I'm going to restrict my working rest_framework.views.APIView inherited class, to be visible only by authenticated users.
我将限制我的工作rest_framework.views.APIView继承 class,仅对经过身份验证的用户可见。
I made these modifications:我做了这些修改:
- Added
authentication_classesandpermission_classesto my class:在我的 class 中添加了authentication_classes和permission_classes:
class TestView(APIView):
authentication_classes = (OAuth2Authentication,)
permission_classes = (IsAuthenticated,)
return Response("Hey there...")
- Got an access_token from django-oauth-toolkit:从 django-oauth-toolkit 获得 access_token:
curl -XPOST "http://172.18.0.1:8000/oauth2/token/" \
-d 'grant_type=client_credentials&client_id=MY-CLIENT-ID&client_secret=MY-CLIENT-SECRET'
{"access_token": "Haje1ZTrc7VH4rRkTbJCIkX5u83Tm6", "expires_in": 36000, "token_type": "Bearer", "scope": "read write groups"}
- Tried requesting the view without setting the
access_token:尝试在不设置access_token的情况下请求视图:
curl -XGET "http://172.18.0.1:8000/api/v1/test/"
{"detail":"Authentication credentials were not provided."}
- Tried a new request with the
access_token:使用access_token尝试了一个新请求:
curl -XGET "http://172.18.0.1:8000/api/v1/test/" \
-H "Authorization: Bearer Haje1ZTrc7VH4rRkTbJCIkX5u83Tm6"
{"detail":"You do not have permission to perform this action."}
Should I do anything more to enable access_token authentication?我应该做更多的事情来启用 access_token 身份验证吗?
Note: I have installed these libraries in the environment:注意:我已经在环境中安装了这些库:
Django==2.2.17
djangorestframework==3.12.2
django-oauth-toolkit==1.3.3
Note2: Forgot to say that rest_framework and oauth2_provider have been added to INSTALLED_APPS.注意2:忘了说rest_framework和oauth2_provider已经添加到INSTALLED_APPS了。
IMPORTANT EDIT:重要编辑:
This problem exists only if using "client credential grant" for authentication.仅当使用“客户端凭据授予”进行身份验证时才存在此问题。 check my own answer below.在下面检查我自己的答案。
2 个解决方案
解决方案1
1 已采纳 2021-01-14 12:10:44
In the end I found that OAuth2Authentication does not authenticate a user by its client_credential (accepts username/password pair with grant_type=password).最后,我发现OAuth2Authentication没有通过其 client_credential 对用户进行身份验证(接受用户名/密码对,grant_type=password)。 so I wrote this custom authenticator.所以我写了这个自定义身份验证器。 hope it helps other guys with the same problem.希望它可以帮助其他有同样问题的人。
from oauth2_provider.contrib.rest_framework import OAuth2Authentication
from oauth2_provider.models import Application
class OAuth2ClientCredentialAuthentication(OAuth2Authentication):
"""
OAuth2Authentication doesn't allows credentials to belong to an application (client).
This override authenticates server-to-server requests, using client_credential authentication.
"""
def authenticate(self, request):
authentication = super().authenticate(request)
if not authentication is None:
user, access_token = authentication
if self._grant_type_is_client_credentials(access_token):
authentication = access_token.application.user, access_token
return authentication
def _grant_type_is_client_credentials(self, access_token):
return access_token.application.authorization_grant_type == Application.GRANT_CLIENT_CREDENTIALS
解决方案2
0 2021-01-09 20:01:29
Try djoser for authentication in Django rest framework在 Django rest 框架中尝试使用 djoser 进行身份验证
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.