OAuth2，使用POST和Yet ...方法不允许？ [英] OAuth2, Using POST and Yet... Method Not Allowed?

问题描述

基本上我正在尝试创建一个网站，要求与Discord API接口以检索用户信息。

Basically I'm trying to create a website that requires interfacing with the Discord API to retrieve user information to work.

要做到这一点，我正在使用一个库名为Simple OAuth（ https://github.com/lelylan/simple-oauth2 ）并且不能获取我的授权码以使用它返回令牌。我已经查看了lib的一些源代码。它正在使用POST，这似乎是获取方法不允许错误时的主要问题。我遵循授权代码流程示例，这是我的代码：

To do this, I am using a library called Simple OAuth (https://github.com/lelylan/simple-oauth2) and cannot get my authorization code to return a token using it. I've looked through some of the source code for the lib. and it is using POST, which appears to be the main issue when getting "Method Not Allowed" errors. I am following the Authorization Code flow example, and here is my code:

index.js

var express = require('express'),
    request = require('request');
var router = express.Router();
var config = require('../config.json');
var oauth2 = require('simple-oauth2').create(config.credentials);
var authorizationUri = oauth2.authorizationCode.authorizeURL({
    redirect_uri: config.redirect_uri,
    scope: config.scope,
    state: config.state
});
router.get('/login', function(req, res) {
    console.log(authorizationUri);
    res.redirect(authorizationUri);
});
router.get('/callback', function(req, res) {
    var code = req.query.code;
    var tokenConfig = {
        code: code
    };
    oauth2.authorizationCode.getToken(tokenConfig, function(err, result) {
        if (err) {
            console.error('Access Token Error', err.message);
            return res.json('Authentication failed');
        } 
        console.log('The resulting token:', result);
        var token = oauth2.acessToken.create(result);
        return res.status(200).json(token);
    });
});
module.exports = router;

根据示例，此代码块应该有效。 （如果你想知道，这是我的配置文件：）

According to the example, this code block should work. (And in case you were wondering, here's my config file:)

config.json

{
    "credentials": {
        "client": {
            "id": "...",
            "secret": "..."
        },
        "auth": {
            "tokenHost": "https://discordapp.com/api",
            "authorizePath": "/oauth2/authorize",
            "tokenPath": "/oauth2/token",
            "revokePath": "/oauth2/token/revoke"
        }
    },
    "redirect_uri": ".../callback",
    "scope": "identify",
    "state": "..."
}

该程序使状态和代码恢复完美，但是当我尝试将其重新发送以获取令牌时我一直收到错误405，方法不允许。

The program is getting the state and code back perfectly fine, but when I try to POST it back to get the token I keep receiving error 405, method not allowed.

推荐答案

你得到405因为你正在解决错误的URL令牌端点。您使用的库将tokenurl设置为：

You are getting a 405 because you are resolving to the wrong URL for the token endpoint. The library you use sets the tokenurl as:

const tokenUrl = url.resolve(config.auth.tokenHost, config.auth.tokenPath);

所以：

url.resolve('https://discordapp.com/api', '/oauth2/token')

将解析为：

https://discordapp.com/oauth2/token

这将给你405响应。我想你只需要在你的tokenHost值的末尾添加一个/。

which will give you a 405 response. I think you just need to add a "/" to the end of your tokenHost value.

即。将您的配置更改为：

i.e. change your config to:

    "auth": {
        "tokenHost": "https://discordapp.com/api/",
        "authorizePath": "/oauth2/authorize",
        "tokenPath": "/oauth2/token",
        "revokePath": "/oauth2/token/revoke"
    } 

或：

    "auth": {
        "tokenHost": "https://discordapp.com",
        "authorizePath": "/oauth2/authorize",
        "tokenPath": "/api/oauth2/token",
        "revokePath": "/api/oauth2/token/revoke"
    } 

这应正确解析令牌网址。

and that should correctly resolve the token url.

这篇关于OAuth2，使用POST和Yet ...方法不允许？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！