django oauth2 身份验证与 client_id 和 client_Secret hardcded [英] django oauth2 authentication with client_id and client_Secret hardcded

问题描述

我在 django 中实现了 Oauth2，我的刷新令牌在 o/token/url 下，我想定义另一个这样的网址:

I implement Oauth2 in django and my refresh token is under o/token/ url, I want to define another url like this:

path('api/v1/login',Login.as_view()),在我的登录视图中，我想要这样的东西:

path('api/v1/login',Login.as_view()), and inside my login view I want to have something like this:

class login(APIView):
  def post(self,request):
    client_id = "123"
    client_Secret = "123"
    username = request.query_params.get('username')
    ....
   *problem is here*

我想在登录类中定义这些参数，然后将其传递给 o/token/url 并作为结果获取令牌.事实上，当用户输入 www.example.com/api/v1/login 地址时，它只输入用户名和密码，之前在我的代码中我告诉 OAuth 我的客户端信息是什么，然后令牌将生成.

I want to define those parameters inside login class and then pass it to o/token/ url and get the token as a result. In fact, when the user enters www.example.com/api/v1/login address, it enters just username and password and previously inside my code I said to OAuth what my client info is and then the token will generate.

推荐答案

我觉得你要做的就是为你的用户定义一个登录路由，确实如果我们在前端传递client_id和client_secret就会有一个很多安全问题，因此我们将其隐藏在我们的代码中.您应该做的是为您的登录定义一个新路由，然后在视图中定义一个需要用户/用户传递的 post 方法，并将此数据与您在代码中输入的一些数据一起发送到请求命令(请在此处查看:在此处输入链接描述)请注意，为了在输出中包含 JSON 响应，您需要返回 Response (r.json())因此:网址.py

I think what you want to do is to define a login route for your users, It's true that if we pass client_id and client_secret in front end there will be a lot of security problem, thus we hide it inside our code. What you should do is that to define a new route for your login, then in view define a post method that needs user/pass from the user and send this data with some data you enter in your code to a request command (check here:enter link description here) notice that in order to have a JSON response in the output you need to return Response (r.json()) thus: url.py

path('api/v1/login',Login.as_view()),

view.py

class Login(APIView):
def post(self, request, *args, **kwargs):
    username = request.POST['username']
    password = request.POST['password']
    r = requests.post('http://localhost:8000/api/o/token/', #your token address
                      data = {'grant_type':'password', # your defined grant type
                              'client_id':'123', # your clinet id
                              'client_secret':'123', #your client secret
                              'username': username, # your username that you get from user
                              'password':password #your password that you get from user

})return Response(r.json()) #json格式的响应

}) return Response(r.json()) #response in json format

这篇关于django oauth2 身份验证与 client_id 和 client_Secret hardcded的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！