Flask-OIDC redirect_uri值是否在某处被覆盖? [英] Flask-OIDC redirect_uri value being overwritten somewhere?

问题描述

我已经安装了Flask-OIDC，并试图通过我公司的服务对用户进行身份验证.我正在使用一个client_secrets.json文件，该文件正在为client_id，client_secret和其他值正确读取，解析和发送.我将redirect_uri变量存储在如下所示的行中:

I've installed Flask-OIDC and am attempting to authenticate users with my company's service. I'm using a client_secrets.json file, which is being read, parsed and sent correctly for the client_id, client_secret, and other values. I am storing the redirect_uri variable in a line that looks like this:

"redirect_uris": ["https://example.com/_oid_response"],

当请求发送到身份验证服务时，它看起来像这样:

When the request is sent to the authentication service, it's going out looking like this:

redirect_uri=http%3A%2F%2Fexample.com%2Foidc_callback

有什么想法吗?我在应用程序的任何文件中，在任何json中，在用于向身份验证提供程序注册的任何信息中都没有"oidc_callback"字符串.它设置不正确，还是被Flask或Flask-OIDC库覆盖某处?

Any ideas what's going on here? There's no "oidc_callback" string in any of my app's files, in any of the json, in any of the info I used to register with the authentication provider. Is it not set correctly, or being overwritten by Flask or the Flask-OIDC library somewhere?

推荐答案

修复

使用 OVERWRITE_REDIRECT_URI ='https://www.your-server.com/your_oidc_callback_uri'(在同一位置，您保留 SECRET_KEY 或 OIDC_SCOPES >)，例如:

The Fix

Use OVERWRITE_REDIRECT_URI = 'https://www.your-server.com/your_oidc_callback_uri' inside configuration object (the same, where you keep SECRET_KEY or OIDC_SCOPES), e.g.:

app.config['OVERWRITE_REDIRECT_URI'] = 'https://www.your-server.com/your_oidc_callback_uri'

为什么起作用

Flask-OIDC 的默认行为是在应用程序服务器上使用/_ oidc_callback 端点(由 OIDC_CALLBACK_ROUTE 指定)，而不进行更改URL的架构或授权部分.

Why it works

The default behavior of Flask-OIDC is that it uses /_oidc_callback endpoint on the application server (specified with OIDC_CALLBACK_ROUTE), without changing the schema or authority part of URL.

例如，当某人通过反向代理通过 https (例如，使用 nginx )公开其应用程序时，可能会出现问题.flask应用程序本身不知道，它是通过https公开的，因此它仅使用简单的http URL.

The problems may arise for example when someone exposes his application via reverse proxy over https (for instance using nginx). The flask application itself does not know, that it is exposed via https, thus it uses just plain http URL.

此行为的来源位于 Flask-OIDC 的 __ init__py 文件中，该文件位于 _flow_for_request(self)函数中.

The source of this behavior is located in Flask-OIDC's __init__py file, inside _flow_for_request(self) function.

def _flow_for_request(self):
    """
    Build a flow with the correct absolute callback URL for this request.
    :return:
    """
    flow = copy(self.flow)
    redirect_uri = current_app.config['OVERWRITE_REDIRECT_URI']
    if not redirect_uri:
        flow.redirect_uri = url_for('_oidc_callback', _external=True)
    else:
        flow.redirect_uri = redirect_uri
    return flow

这篇关于Flask-OIDC redirect_uri值是否在某处被覆盖?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！