我很迷惑。我正在使用用于python-social-auth(spcefically social-auth-app-django v1.2.0)的Django配置来使Google+后端身份验证正常工作。
我收到此错误:
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://www.googleapis.com/plus/v1/people/me?access_token=XYZ123&alt=json
社会认可似乎正在通过参议院access_token,但我不知道为什么,因为docs说要传递到后端id_token。我已经验证了我得到的是一个有效的id_token使用此链接:https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
另外,我使用以下链接验证它不是有效的access_token:https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=XYZ123
我的意思是,我正在做的是python-social-apps docs和google的docs告诉我要做的事情,那就是将id_token传递给后端。这是我的js代码:
<script src="https://apis.google.com/js/api:client.js"></script>
<script>
var googleUser = {};
var startApp = function() {
gapi.load('auth2', function() {
// Retrieve the singleton for the GoogleAuth library and set up the client.
auth2 = gapi.auth2.init({
client_id: '{{ google_plus_id }}',
cookiepolicy: 'single_host_origin',
// Request scopes in addition to 'profile' and 'email'
scope: '{{ google_plus_scope }}',
});
attachSignin(document.getElementById('google-plus-button'));
});
};
function attachSignin(element) {
console.log(element.id);
auth2.attachClickHandler(element, {},
function(googleUser) {
var authResponse = googleUser.getAuthResponse();
var $form;
var $input;
$form = $("<form>");
$form.attr("action", "/complete/google-plus/");
$form.attr("method", "post");
$input = $("<input>");
$input.attr("name", "id_token");
$input.attr("value", authResponse.id_token);
console.log("ID Token: " + authResponse.id_token);
$form.append($input);
$(document.body).append($form);
$form.submit();
},
function(error) {
alert(JSON.stringify(error, undefined, 2));
});
}
</script>
<script>
startApp();
</script>
这是我的设置:
AUTHENTICATION_BACKENDS = (
...
'social_core.backends.google.GooglePlusAuth',
..
)
SOCIAL_AUTH_GOOGLE_PLUS_KEY = 'blahblah.apps.googleusercontent.com'
SOCIAL_AUTH_GOOGLE_PLUS_SECRET = 'shhhsecret'
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = []
SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [
"email",
"profile"
]
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.user.create_user',
# 'apps.django_social_app.pipeline.save_profile',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
'social.pipeline.debug.debug', # uncomment to print debug
)
这里有完整的痕迹:
Traceback (most recent call last):
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/contrib/staticfiles/handlers.py", line 63, in __call__
return self.application(environ, start_response)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/core/handlers/wsgi.py", line 189, in __call__
response = self.get_response(request)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/core/handlers/base.py", line 218, in get_response
response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/core/handlers/base.py", line 261, in handle_uncaught_exception
return debug.technical_500_response(request, *exc_info)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django_extensions/management/technical_response.py", line 6, in null_technical_500_response
six.reraise(exc_type, exc_value, tb)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/six.py", line 686, in reraise
raise value
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/core/handlers/base.py", line 132, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/views/decorators/cache.py", line 57, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
return view_func(*args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_django/utils.py", line 50, in wrapper
return func(request, backend, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_django/views.py", line 32, in complete
redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/actions.py", line 41, in do_complete
user = backend.complete(user=user, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/base.py", line 39, in complete
return self.auth_complete(*args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/utils.py", line 252, in wrapper
return func(*args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/google.py", line 144, in auth_complete
return self.do_auth(token, response=response, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/utils.py", line 252, in wrapper
return func(*args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/oauth.py", line 403, in do_auth
data = self.user_data(access_token, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/google.py", line 59, in user_data
'alt': 'json'
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/base.py", line 227, in get_json
return self.request(url, *args, **kwargs).json()
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/base.py", line 223, in request
response.raise_for_status()
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/requests/models.py", line 929, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://www.googleapis.com/plus/v1/people/me?alt=json&access_token=XYZ123
我究竟做错了什么?救命。 :)
更新:这似乎是social-core回购中的一个未解决的问题
https://github.com/python-social-auth/social-core/issues/61
这并没有真正解决我的问题,因为与上面的链接中的解决方案不同,我需要用户数据,因为我需要在我的数据库中记录它。
更新2:这可能是罪魁祸首,因为它通过id_token传递到access_token参数:
https://github.com/python-social-auth/social-core/commit/3b496bacef62d12dc1439431b64ed24e252f7a9a
您的更新#2是正确的。解决方案是以自己的名义发送access_token。代替
$input.attr("name", "id_token");
$input.attr("value", authResponse.id_token);
使用:
$input.attr("name", "access_token");
$input.attr("value", authResponse.access_token);
您可以在original source中查看在检查id_token(您链接的bug所在的位置)之前,它会检查access_token。
所以这已经很晚了,但我明白了。迟到总比不到好,对吧?
所以基本上我最终使用的是Google People API而不是Google+,这就是我遇到的问题。
我不得不去console.developers.google.com - >“我的项目名称” - >“启用API” - >“People API”
创建人员api后,找到“凭据”部分,然后将“授权重定向URI”设置为:
http://localhost:8000/complete/google-oauth2/
为刺激:https://example.com/complete/google-oauth2/
settings.朋友
AUTHENTICATION_BACKENDS = (
# ...
'social_core.backends.google.GoogleOAuth2',
# ...
'django.contrib.auth.backends.ModelBackend',
)
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = 'thekey' # from People API
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = 'mysecretkey' # from People API
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
#'social_core.pipeline.debug.debug', # uncomment to print debug
)