Python Authlib flask-如何正确进行密码授予流程? [英] Python authlib flask - how to do password grant flow correctly?
问题描述
我有密码授予流程"使用authlib flask集成登录时运行良好:
@ app.route('/login',methods =('GET','POST'))def login():如果request.method =='GET':返回render_template('login.html')别的:尝试:令牌= oauth.myOauth2.fetch_access_token(username = request.form.get('username'),password = request.form.get('password'))OAuthError除外,例如e:如果是e.description:闪光灯(e.description)返回render_template('login.html')增加 但是,在上一个问题中建议我不要像这样使用 fetch_access_token ,因为烧瓶集成没有对此文件进行记录,而建议使用 authorize_access_token .此操作失败,并显示错误 werkzeug.exceptions.BadRequestKeyError:400错误的请求:浏览器(或代理)发送了该服务器无法理解的请求.KeyError:代码"
欢迎任何建议.
作记录,在记录中确认的 @lepture 在上面的注释中,使用 fetch_access_token 可以.
在此输入答案,以将问题标记为已回答.
I have "password grant flow" login with the authlib flask integration working nicely:
@app.route('/login', methods=('GET', 'POST'))
def login():
if request.method == 'GET':
return render_template('login.html')
else:
try:
token = oauth.myOauth2.fetch_access_token(username=request.form.get('username'),
password=request.form.get('password'))
except OAuthError as e:
if e.description:
flash(e.description)
return render_template('login.html')
raise
However, in a previous question I was advised not to use fetch_access_token like this as it's not documented for the flask integration, and to use authorize_access_token instead. This fails with an error werkzeug.exceptions.BadRequestKeyError: 400 Bad Request: The browser (or proxy) sent a request that this server could not understand. KeyError: 'code'
So what is the correct way to do "password grant flow" with the flask integration?
Any advice is welcome.
For the record, @lepture confirmed in the comments above that this use of fetch_access_token is ok.
Entering this answer here to be able to mark the question as answered.
这篇关于Python Authlib flask-如何正确进行密码授予流程?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
