如何使用social-auth-app-django刷新令牌？ [英] How can I refresh the token with social-auth-app-django?

问题描述

我使用 Python Social Auth - Django 登录我的用户。

我的后端是Microsoft，所以我可以使用 Microsoft图表，但我不认为它是相关的。

My backend is Microsoft, so I can use Microsoft Graph but I don't think that it is relevant.

Python Social Auth处理身份验证，但现在我想调用API，为此，我需要一个有效的访问令牌。
遵循用例我可以得到这个：

Python Social Auth deals with authentication but now I want to call the API and for that, I need a valid access token. Following the use cases I can get to this:

social = request.user.social_auth.get(provider='azuread-oauth2')
response = self.get_json('https://graph.microsoft.com/v1.0/me',
                         headers={'Authorization': social.extra_data['token_type'] + ' ' 
                                                   + social.extra_data['access_token']})

但访问令牌只有有效3600秒，所以我需要刷新，我想我可以手动做，但必须有一个更好的解决方案。
如何获取一个access_token刷新？

But the access token is only valid for 3600 seconds and so I need to refresh, I guess I can do it manually but there must be a better solution. How can I get an access_token refreshed?

推荐答案

使用 load_strategy（） 在 social.apps.django_app.utils ：

Using load_strategy() at social.apps.django_app.utils:

social = request.user.social_auth.get(provider='azuread-oauth2')
strategy = load_strategy()
social.refresh_token(strategy)

现在更新的 access_token 可以从 social.extra_data ['access_token'] 。

最好的方法可能是检查是否需要更新（为AzureAD Oauth2定制）：

The best approach is probably to check if it needs to be updated (customized for AzureAD Oauth2):

def get_azuread_oauth2_token(user):
    social = user.social_auth.get(provider='azuread-oauth2')
    if social.extra_data['expires_on'] <= int(time.time()):
        strategy = load_strategy()
        social.refresh_token(strategy)
    return social.extra_data['access_token']

这是基于 get_auth_token 从 AzureADOAuth2 。我不认为这种方法在管道之外是可访问的，如果有任何办法可以回答这个问题。

This is based on the method get_auth_tokenfrom AzureADOAuth2. I don't think this method is accessible outside the pipeline, please answer this question if there is any way to do it.

遵循 Issue 在访问令牌刷新的时间请求一个额外的数据参数，现在可以检查需要在每个后端更新access_token 。

Following an Issue to request an extra data parameter with the time of the access token refresh, it is now possible to check if the access_token needs to be updated in every backend.

在将来的版本中（> 0.2.1 对于 social-auth-core ），额外数据中将会有一个新字段：

In future versions (>0.2.1 for the social-auth-core) there will be a new field in extra data:

'auth_time': int(time.time())

等等这样做：

def get_token(user, provider):
    social = user.social_auth.get(provider=provider)
    if (social.extra_data['auth_time'] + social.extra_data['expires']) <= int(time.time()):
        strategy = load_strategy()
        social.refresh_token(strategy)
    return social.extra_data['access_token']

注意：根据 OAuth 2 RFC 所有的回应应该是（推荐的参数）提供一个 expires_in ，但对于大多数后端（包括 azuread-oauth2 ）该值被保存为 expires 。小心理解你的后端行为！
现在有一个问题，我会在相关信息存在的情况下更新答案。

Note: According to OAuth 2 RFC all responses should (it's a RECOMMENDED param) provide an expires_in but for most backends (including the azuread-oauth2) this value is being saved as expires. Be careful to understand how your backend behaves! An Issue on this exists and I will be update the answer with the relevant info when it exists.

另外，在 UserMixin 中调用 access_token_expired （代码），可以用来断定令牌是否有效（ note ：此方法不适用于竞争条件， this anwser by @ SCasey）。

Additionally, there is a method in UserMixin called access_token_expired (code) that can be used to assert if the token is valid or not (note: this method doesn't work for race conditions, as pointed out in this anwser by @SCasey).

这篇关于如何使用social-auth-app-django刷新令牌？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！