oauth2-client 1.1.0

授权码

由于授权代码过程需要用户接受应用程序对其数据的访问，所以库 在本地启动http服务器。您可以将redirect_uri参数的主机部分放在hosts文件中 指向你的回圈地址。服务器使用code作为查询参数来等待GET请求。

获取两个访问令牌的过程如下：

scopes=['scope_1','scope_2']service_information=ServiceInformation('https://authorization-server/oauth/authorize','https://token-server/oauth/token','client_id','client_secret',scopes)manager=CredentialManager(service_information,proxies=dict(http='http://localhost:3128',https='http://localhost:3128'))redirect_uri='http://somewhere.io:8080/oauth/code'# Builds the authorization url and starts the local server according to the redirect_uri parameterurl=manager.init_authorize_code_process(redirect_uri,'state_test')_logger.info('Open this url in your browser\n%s',url)code=manager.wait_and_terminate_authorize_code_process()# From this point the http server is opened on 8080 port and wait to receive a single GET request# All you need to do is open the url and the process will go on# (as long you put the host part of your redirect uri in your host file)# when the server gets the request with the code (or error) in its query parameters_logger.debug('Code got = %s',code)manager.init_with_authorize_code(redirect_uri,code)_logger.debug('Access got = %s',manager._access_token)# Here access and refresh token may be used with self.refresh_token

用户凭证

获得两个访问和刷新令牌要容易得多：

scopes=['scope_1','scope_2']service_information=ServiceInformation('https://authorization-server/oauth/authorize','https://token-server/oauth/token','client_id','client_secret',scopes)manager=CredentialManager(service_information,proxies=dict(http='http://localhost:3128',https='http://localhost:3128'))manager.init_with_user_credentials('login','password')_logger.debug('Access got = %s',manager._access_token)# Here access and refresh token may be used

客户端凭据

您还可以使用客户端凭据进程获取令牌

manager=CredentialManager(service_information,proxies=dict(http='http://localhost:3128',https='http://localhost:3128'))manager.init_with_client_credentials()# here application admin operation may be called

刷新令牌

如果您保留以前的refresh_token，则可以使用它启动凭据管理器：

manager=CredentialManager(service_information,proxies=dict(http='http://localhost:3128',https='http://localhost:3128'))manager.init_with_token('my saved refreshed token')

令牌过期

CredentialManager类通过调用CredentialManager._is_token_expired静态方法来处理令牌过期。 此实现对于所有OAuth服务器实现都不准确。最好扩展CredentialManager类 并重写_is_token_expired方法。

从令牌响应中读取其他字段

CredentialManager可以子类化以处理其他令牌响应字段，如openid协议中的id_token。

classOpenIdCredentialManager(CredentialManager):def__init__(self,service_information,proxies=None):super(OpenIdCredentialManager,self).__init__(service_information,proxies)self.id_token=Nonedef_process_token_response(self,token_response,refresh_token_mandatory):id_token=token_response.get('id_token')OpenIdCredentialManager._check_id(id_token)super(OpenIdCredentialManager,self)._process_token_response(token_response,refresh_token_mandatory)self.id_token=id_token@staticmethoddef_check_id(id_token):# check that open id token is validpass