如何使用social-auth-app-django刷新令牌? [英] How can I refresh the token with social-auth-app-django?
问题描述
我使用 Python Social Auth - Django 登录我的用户。
我的后端是Microsoft,所以我可以使用 Microsoft图表,但我不认为它是相关的。
My backend is Microsoft, so I can use Microsoft Graph but I don't think that it is relevant.
Python Social Auth处理身份验证,但现在我想调用API,为此,我需要一个有效的访问令牌。
遵循用例我可以得到这个:
Python Social Auth deals with authentication but now I want to call the API and for that, I need a valid access token. Following the use cases I can get to this:
social = request.user.social_auth.get(provider='azuread-oauth2')
response = self.get_json('https://graph.microsoft.com/v1.0/me',
headers={'Authorization': social.extra_data['token_type'] + ' '
+ social.extra_data['access_token']})
但访问令牌只有有效3600秒,所以我需要刷新,我想我可以手动做,但必须有一个更好的解决方案。
如何获取一个access_token刷新?
But the access token is only valid for 3600 seconds and so I need to refresh, I guess I can do it manually but there must be a better solution. How can I get an access_token refreshed?
推荐答案
使用 load_strategy()
在 social.apps.django_app.utils
:
Using load_strategy()
at social.apps.django_app.utils
:
social = request.user.social_auth.get(provider='azuread-oauth2')
strategy = load_strategy()
social.refresh_token(strategy)
现在更新的 access_token
可以从 social.extra_data ['access_token']
。
最好的方法可能是检查是否需要更新(为AzureAD Oauth2定制):
The best approach is probably to check if it needs to be updated (customized for AzureAD Oauth2):
def get_azuread_oauth2_token(user):
social = user.social_auth.get(provider='azuread-oauth2')
if social.extra_data['expires_on'] <= int(time.time()):
strategy = load_strategy()
social.refresh_token(strategy)
return social.extra_data['access_token']
这是基于 get_auth_token
从 AzureADOAuth2
。我不认为这种方法在管道之外是可访问的,如果有任何办法可以回答这个问题。
This is based on the method get_auth_token
from AzureADOAuth2
. I don't think this method is accessible outside the pipeline, please answer this question if there is any way to do it.
遵循 Issue 在访问令牌刷新的时间请求一个额外的数据参数,现在可以检查需要在每个后端更新access_token
。
Following an Issue to request an extra data parameter with the time of the access token refresh, it is now possible to check if the access_token
needs to be updated in every backend.
在将来的版本中(> 0.2.1
对于 social-auth-core
),额外数据中将会有一个新字段:
In future versions (>0.2.1
for the social-auth-core
) there will be a new field in extra data:
'auth_time': int(time.time())
等等这样做:
def get_token(user, provider):
social = user.social_auth.get(provider=provider)
if (social.extra_data['auth_time'] + social.extra_data['expires']) <= int(time.time()):
strategy = load_strategy()
social.refresh_token(strategy)
return social.extra_data['access_token']
注意:根据 OAuth 2 RFC 所有的回应应该是(推荐的参数)提供一个 expires_in
,但对于大多数后端(包括 azuread-oauth2
)该值被保存为 expires
。小心理解你的后端行为!
现在有一个问题,我会在相关信息存在的情况下更新答案。
Note: According to OAuth 2 RFC all responses should (it's a RECOMMENDED param) provide an expires_in
but for most backends (including the azuread-oauth2
) this value is being saved as expires
. Be careful to understand how your backend behaves!
An Issue on this exists and I will be update the answer with the relevant info when it exists.
另外,在 UserMixin
中调用 access_token_expired
(代码),可以用来断定令牌是否有效( note :此方法不适用于竞争条件, this anwser by @ SCasey)。
Additionally, there is a method in UserMixin
called access_token_expired
(code) that can be used to assert if the token is valid or not (note: this method doesn't work for race conditions, as pointed out in this anwser by @SCasey).
这篇关于如何使用social-auth-app-django刷新令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!