OAuth2Decorator oauth_aware强制认证 [英] OAuth2Decorator oauth_aware forces authentication

问题描述

我对 oauth_aware 和 oauth_required 区别的理解是 aware 不强制授权，而需要，但这并不是我在练习中看到的。我有两个Web应用程序RequestHandlers，其中一个 get（）方法用 decorator.oauth_aware 修饰，另一个与 decorator.oauth_required 。但是，当我在本地运行或在App Engine上运行时，两者都立即重定向到登录流程。

目标是为 SplashHandler 给用户一个授权的链接，如果他们还没有，那么转发给 / tasks / 。

  decorator = OAuth2Decorator（
 client_id = settings.CLIENT_ID，
 client_secret = settings.CLIENT_SECRET，$ b $ scope = settings.SCOPE， 
 user_agent ='mytasks'）
 
 class SplashHandler（webapp.RequestHandler）：
 @ decorator.oauth_aware 
 def get（self）：
 if not decorator.has_credentials（）：
 self.response.out.write（template.render（'templates / convert.html'，
 {'authorize_url'：decorator.authorize_url（）}））
 else：
 self.redirect（'/ tasks /'）
 
 class TasksHandler（webapp.RequestHandler）：
 @ decorator.oauth_required 
 def get（self） ：
 tasks = get_tasks（）
 tasks.sort（key = lambda x ：x ['due']）
 self.response.out.write（template.render（'templates / index.html'，
 {'tasks'：tasks}））
 
 application = webapp.WSGIApplication（
 [（'/'，SplashHandler），（'/ tasks /'，TasksHandler）]，debug = True）
  pre> 
 
解决方案
 oauth_aware方法的目的是在回答我们是否有访问令牌用户？'。它可以回答这个问题的唯一方法是知道当前用户是谁，并使用应用引擎用户api，该应用引擎用户api本身需要权限提示才能通过您看到的重定向来获取您的电子邮件/用户标识。有了oauth_required，你实际上得到了2个重定向，这个同样的应用程序引擎，然后是oauth，要求获得G +或Docs许可。 
 
 
 
我碰巧认为这不是特别有用，我认为您的用例更常见，但很明显，图书馆作者不同意。
 
 
 
这样说，oauth_aware函数中的代码不是很复杂，您可以根据它创建自己的装饰器，它不会执行第一次重定向。不同的是，在你的情况下，同一个问题的答案将是'是'或'我不知道'，从来没有一个明确的'不'。
 
My understanding of the difference between oauth_aware and oauth_required is that aware doesn't force authorization, while required does, but that's not what I'm seeing in practice. I have the two webapp RequestHandlers below, one of whose get() method is decorated with decorator.oauth_aware and the other with decorator.oauth_required. However, when I run locally or on App Engine, both immediately redirect to the login flow.

The goal is for SplashHandler to give the user a link to authorize if they aren't already, and if they are, then forward to /tasks/.
decorator = OAuth2Decorator(
    client_id=settings.CLIENT_ID,
    client_secret=settings.CLIENT_SECRET,
    scope=settings.SCOPE,
    user_agent='mytasks')

class SplashHandler(webapp.RequestHandler):
  @decorator.oauth_aware
  def get(self):
    if not decorator.has_credentials():
      self.response.out.write(template.render('templates/convert.html',
        {'authorize_url': decorator.authorize_url()}))
    else:
      self.redirect('/tasks/')

class TasksHandler(webapp.RequestHandler):
  @decorator.oauth_required
  def get(self):
    tasks = get_tasks()
    tasks.sort(key=lambda x: x['due'])
    self.response.out.write(template.render('templates/index.html',
                                              {'tasks': tasks}))

application = webapp.WSGIApplication(
    [('/', SplashHandler), ('/tasks/', TasksHandler)], debug=True)

解决方案
The oauth_aware method aims to be definitive in being able to answer the question 'Do we have an access token for the current user?'. The only way it can answer this is by knowing who the current user is, and to do that it's using the app engine users api, which itself requires a permissions prompt to get your email/user-id via the redirects you're seeing. With oauth_required you actually get 2 redirects, this same app engine one, then then the oauth one asking for permission to G+ or Docs or whatever. 

I happen to think this isn't particularly useful, I think your use-case is much more common but obviously the library-author disagrees.

Saying that, the code inside the oauth_aware function isn't very complicated, you can make your own decorator based on it that doesn't do the first redirect. The difference will be that in your case the answer to the same question will either be 'Yes' or 'I don't know', never a definitive 'No'.

                        
这篇关于OAuth2Decorator oauth_aware强制认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！