[英]Django oauth2 request.user returns AnonymousUser
我是一个Django新手,我正在尝试为后端创建一个API供iOS客户端使用。 目前我正在使用curl测试我的API访问。
我使用以下方法成功生成了访问令牌:
curl -X POST -d "grant_type=password&username=example_user&password=example_password" http://clientID:clientSecret@localhost:8000/o/token/
产生了以下反应 -
{
"access_token": "oAyNlYuGVk1Sr8oO1EsGnLwOTL7hAY",
"scope": "write read",
"expires_in": 36000,
"token_type": "Bearer",
"refresh_token": "pxd5rXzz1zZIKEtmqPgE608a4H9E5m"
}
然后我使用访问令牌尝试访问以下类视图:
from django.http import JsonResponse
from oauth2_provider.views.generic import ProtectedResourceView
from django.views.decorators.csrf import csrf_exempt
from django.utils.decorators import method_decorator
class post_test(ProtectedResourceView):
def get(self, request, *args, **kwargs):
print(request.user)
return JsonResponse({'Message': "You used a GET request"})
def post(self, request, *args, **kwargs):
print(request.user)
return JsonResponse({'Message': 'You used a POST request'})
@method_decorator(csrf_exempt)
def dispatch(self, *args, **kwargs):
return super(post_test, self).dispatch(*args, **kwargs)
使用以下curl请求:
curl -H "Authorization: Bearer oAyNlYuGVk1Sr8oO1EsGnLwOTL7hAY" -X GET http://localhost:8000/api/post-test/
哪个适当地响应客户:
{"Message": "You used a GET request"}
但是在控制台中,我期望request.user变量,我得到AnonymousUser 。
不应该将标记分配给example_user吗? 不应该是request.user返回的那个?
使用request.resource_owner而不是request.user 。
Django OAuth Toolkit区分了与承载令牌关联的用户和与可能附加到请求的任何其他Django身份验证关联的用户。 具体而言, ProtectedResourceView包括从行为ProtectedResourceMixin ,其中包括以下分配方法:
def dispatch(self, request, *args, **kwargs):
# let preflight OPTIONS requests pass
if request.method.upper() == "OPTIONS":
return super().dispatch(request, *args, **kwargs)
# check if the request is valid and the protected resource may be accessed
valid, r = self.verify_request(request)
if valid:
request.resource_owner = r.user
return super().dispatch(request, *args, **kwargs)
else:
return HttpResponseForbidden()
第一个 django rest api 调用返回 request.user 作为 AnonymousUser 但进一步调用返回正确的用户
[英]First django rest api call returns request.user as AnonymousUser but further calls return proper user
Django request.user在第三方重定向后成为AnonymousUser
[英]Django request.user become AnonymousUser after third party redirect
无法使用django rest框架进行身份验证(request.user = AnonymousUser)
[英]Not able to authenticate using the django rest framework (request.user = AnonymousUser)
AbstractUser 上的 request.user 给出 AnonymousUser TypeError
[英]request.user on AbstractUser gives AnonymousUser TypeError
登录门户后,在我的 Django 门户中,我的 request.user 始终提供值 AnonymousUser
[英]In my Django portal after login to the portal my request.user is always giving the value AnonymousUser
Allauth request.user 在 APIView 中是 AnonymousUser,但在 View 中 is_authenticated
[英]Allauth request.user is AnonymousUser in APIView, but is_authenticated in View
在 Django 和 DRF 中,为什么 api 路由 request.user 会返回一个 AnonymousUser 实例,而 django.contrib.auth.get_user(request) 会返回用户?
[英]In Django and DRF, why would an api route request.user return an AnonymousUser instance, while django.contrib.auth.get_user(request) return the user?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.