Django allauth获得凭证以代表用户发出进一步的请求 [英] Django allauth get credentials to make further requests on behalf of the user

问题描述

我正在一个需要对BitBucket进行用户身份验证的Django项目中，我已经设置了allauth，以便用户可以通过Bitbucket进行身份验证，现在我只是不了解如何向Bitbucket API发出进一步的请求

I'm working on a Django project that requires user authentication for BitBucket, I have setup allauth such that users can authenticate with Bitbucket, I just don't understand how to make further requests to the Bitbucket API now that the user is authenticated.

我了解allauth仅用于身份验证，没有关于如何访问和进一步使用身份验证的文档，在这种情况下，访问凭据（oauth_token），以便我可以代表资源所有者提出进一步的请求。

I understand that allauth is purely for authentication purposes, there is just no documentation on how to access and make further use of the authentication, in this case accessing the credentials (oauth_token) such that I can make further requests on behalf of the resource-owner.

推荐答案

我找到了要进行身份验证的详细信息

I found the authentication details to make a further requests.

from allauth.socialaccount.models import SocialAccount, SocialApp

bitbucket_app = SocialApp.objects.get(provider='bitbucket')
user_account = SocialAccount.objects.get(user=request.user)
# User should only have one SocialToken object per SocialApp
# https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/models.py#L137
user_token = useraccount.socialtoken_set.first()

# Credentials to make further requests
client_key = bitbucket_app.client_id
client_secret = bitbucket_app.secret
resource_owner_key = user_token.token
resource_owner_secret = user_token.token_secret

在请求和请求中使用凭据_oauthlib

Using credentials with requests and requests_oauthlib

import requests
from requests_oathlib import OAuth1
auth = OAuth1(client_key, client_secret, resource_owner_key, resource_owner_secret)
r = requests.get(protected_url, auth=auth)

使用bitbucket-api的示例

https://bitbucket-api.readthedocs.org/en/latest/index.html

from bitbucket.bitbucket import Bitbucket
bb = Bitbucket(user_account.uid)  # Initialise with bitbucket username
bb.authorize(client_key, client_secret, 'http://localhost', resource_owner_key, resource_owner_secret)
# Get user repositories as an example
bb.repository.all()

这篇关于Django allauth获得凭证以代表用户发出进一步的请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！