OAuth2的客户端库
oauth2-client的Python项目详细描述
登录过程
目前它可以处理两个令牌进程:
- 授权码
- 用户凭据
- 客户端凭据
用户凭证
获得两个访问和刷新令牌要容易得多:
scopes=['scope_1','scope_2']service_information=ServiceInformation('https://authorization-server/oauth/authorize','https://token-server/oauth/token','client_id','client_secret',scopes)manager=CredentialManager(service_information,proxies=dict(http='http://localhost:3128',https='http://localhost:3128'))manager.init_with_user_credentials('login','password')_logger.debug('Access got = %s',manager._access_token)# Here access and refresh token may be used
客户端凭据
您还可以使用客户端凭据进程获取令牌
manager=CredentialManager(service_information,proxies=dict(http='http://localhost:3128',https='http://localhost:3128'))manager.init_with_client_credentials()# here application admin operation may be called
刷新令牌
如果您保留以前的refresh_token,则可以使用它启动凭据管理器:
manager=CredentialManager(service_information,proxies=dict(http='http://localhost:3128',https='http://localhost:3128'))manager.init_with_token('my saved refreshed token')
令牌过期
CredentialManager类通过调用CredentialManager._is_token_expired静态方法来处理令牌过期。 此实现对于所有OAuth服务器实现都不准确。最好扩展CredentialManager类 并重写_is_token_expired方法。
从令牌响应中读取其他字段
CredentialManager可以子类化以处理其他令牌响应字段,如openid协议中的id_token。
classOpenIdCredentialManager(CredentialManager):def__init__(self,service_information,proxies=None):super(OpenIdCredentialManager,self).__init__(service_information,proxies)self.id_token=Nonedef_process_token_response(self,token_response,refresh_token_mandatory):id_token=token_response.get('id_token')OpenIdCredentialManager._check_id(id_token)super(OpenIdCredentialManager,self)._process_token_response(token_response,refresh_token_mandatory)self.id_token=id_token@staticmethoddef_check_id(id_token):# check that open id token is validpass