无效的请求状态:oauth2 flask [英] Invalid request state: oauth2 flask
问题描述
我正在使用以下代码通过oauth 2.0进行身份验证
I am using the following code for authentication using oauth 2.0
oauth2.init_app(
app,
scopes=['email', 'profile'],
authorize_callback=_request_user_info)
路线如下
@app.route('/')
@oauth2.required
def hello():
"""Return a friendly HTTP greeting."""
return 'Hello ' + session['profile']['displayName']
auth回调方法
def _request_user_info(credentials):
"""
Makes an HTTP request to the Google+ API to retrieve the user's basic
profile information, including full name and photo, and stores it in the
Flask session.
"""
http = httplib2.Http()
credentials.authorize(http)
resp, content = http.request(
'https://www.googleapis.com/plus/v1/people/me')
if resp.status != 200:
current_app.logger.error(
"Error while obtaining user profile: %s" % resp)
return None
session['profile'] = json.loads(content)
我可以看到同意屏幕,然后此后重定向过多.日志显示以下内容.
I can see the consent screen and then after that there are too many redirects. The logs shows the following.
NFO:werkzeug:127.0.0.1 - - [10/Apr/2016 15:25:21] "GET / HTTP/1.1" 302 -
INFO:werkzeug:127.0.0.1 - - [10/Apr/2016 15:25:21] "GET /oauth2authorize?scopes=profile&scopes=email&return_url=http%3A%2F%2F127.0.0.1%3A8080%2F HTTP/1.1" 302 -
INFO:oauth2client.client:Successfully retrieved access token
INFO:werkzeug:127.0.0.1 - - [10/Apr/2016 15:25:27] "GET /oauth2callback?state=%7B%22csrf_token%22:+%22aa7d28d2496c0e0714eac20b902c1e4db21677d333a837d743525a9696d6c976%22,+%22return_url%22:+%22http://127.0.0.1:8080/%22%7D&code=4/Kz1xkENjHrTzLphfEG8CGND7tkeGXxjIffZxMwSr_hU HTTP/1.1" 302 -
INFO:werkzeug:127.0.0.1 - - [10/Apr/2016 15:25:27] "GET / HTTP/1.1" 302 -
INFO:werkzeug:127.0.0.1 - - [10/Apr/2016 15:25:27] "GET /oauth2authorize?scopes=profile&scopes=email&return_url=http%3A%2F%2F127.0.0.1%3A8080%2F HTTP/1.1" 302 -
INFO:oauth2client.client:Received token response with no refresh_token. Consider reauthenticating with approval_prompt='force'.
INFO:oauth2client.client:Successfully retrieved access token
INFO:werkzeug:127.0.0.1 - - [10/Apr/2016 15:25:28] "GET /oauth2callback?state=%7B%22csrf_token%22:+%22862efe9c1803e12c5c1323b5f68d8bbf185ba89d5d46268924ac527d3dca886c%22,+%22return_url%22:+%22http://127.0.0.1:8080/%22%7D&code=4/nU8o3y3zslgd9KVXJ_NDtzJUZfABeF6ka4IbYSiGKcs HTTP/1.1" 302 -
INFO:werkzeug:127.0.0.1 - - [10/Apr/2016 15:25:28] "GET / HTTP/1.1" 302 -
最终,我看到一个带有文字的页面.无效的请求状态
Eventually I see a page with the words. Invalid request state
推荐答案
当cookie会话变大并且无法将新的CSRF令牌保存到该会话时,可能会发生这种情况.您可以在回复中检查Cookie的大小吗?
This can happen when the cookie session grows to large and the new CSRF token can't be saved to the session. Can you check the cookie sizes in your responses?
我们使用oauth2client 2.0.2修复了部分问题,但是如果您仍然在该版本上遇到问题,我想获取更多信息.
We fixed part of this problem with oauth2client 2.0.2, but if you're still experiencing it with that version I'd like to get some more info.
我们强烈建议您使用数据库支持的会话(例如memcache/redis)代替Cookie.
We do highly recommend using a database-backed session such as memcache/redis instead of cookies.
这篇关于无效的请求状态:oauth2 flask的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
