Authlib 客户端错误:请求和响应中的状态不相等

2023-02-03 21:00:43 other 阅读:791
本文介绍了Authlib 客户端错误:请求和响应中的状态不相等的处理方法,对大家解决问题具有一定的参考价值

问题描述

我正在尝试实现 authlib 客户端和服务器.我以 OAuth2.0 示例为例,并按照教程在 Flask 站点上进行了我自己的客户端授权.这是我的代码:

I'm trying to implement authlib client and server. I took example OAuth2.0 example and making my own client authorization on Flask site following tutorial. This is my code:

from flask import Flask, redirect, url_for, session, request

from authlib.flask.client import OAuth
from authlib.client.errors import OAuthException

APP_ID = 'KBtRDO3r2HETjw4TcLznthoj'
APP_SECRET = '3g4C6nbJcTIYX3jyCIEmf6KE8h8pzxUhjy6ArlY3AEgj1snv'

app = Flask('testa_client')
app.debug = True
app.secret_key = 'development'

oauth = OAuth()
oauth.init_app(app)

remote = oauth.register(
    'testa',
    client_id=APP_ID,
    client_secret=APP_SECRET,
    # request_token_params={'scope': 'base'},
    base_url='http://127.0.0.1:5000',
    access_token_url='http://127.0.0.1:5000/auth/token',
    authorize_url='http://127.0.0.1:5000/auth/connect'
)


@app.route('/')
def index():
    return redirect(url_for('login'))


@app.route('/login')
def login():
    callback = url_for(
        'websa_authorized',
        next=request.args.get('next') or request.referrer or None,
        _external=True
    )
    return remote.authorize_redirect(callback=callback)


@app.route('/login/authorized')
def websa_authorized():
    resp = remote.authorize_access_token()
    if resp is None:
        return 'Access denied: reason=%s error=%s' % (
            request.args['error_reason'],
            request.args['error_description']
        )
    if isinstance(resp, OAuthException):
        return 'Access denied: %s' % resp.message

    session['oauth_token'] = (resp['access_token'], '')
    me = remote.get('/user/me')
    return 'Logged in as id=%s name=%s redirect=%s' % 
        (me.data['id'], me.data['name'], request.args.get('next'))


app.run(port=9001)

我所说的服务器代码几乎与https://github.com/authlib/example-oauth2-server 存储库.

Server code as I said almost the same as in https://github.com/authlib/example-oauth2-server repository.

当我尝试进行授权时,我正在访问授权服务器(在端口 5000 上)并确认我允许访问.但是,当我在页面 http://127.0.0.1:9001/login/authorized?code=...&state=...(在 9001 上)重定向回客户端站点时,我收到错误:

When I'm trying to make an authorization I'm getting to the authorization server (on port 5000) and confirm that I allow access. But when I got redirect back to the client site on page http://127.0.0.1:9001/login/authorized?code=...&state=... (on 9001) I'm getting the error:

127.0.0.1 - - [20/Jun/2018 09:33:12] "GET /login/authorized?code=1jw8niqDdzSLpnYHGvT1NIulTwRdVoy22UNm3G4xEaTOWE9Y&state=JUuJtmnseITz8WZYaDeHcAsiIL6KfS HTTP/1.1" 500 -
Traceback (most recent call last):
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/app.py", line 2309, in __call__
    return self.wsgi_app(environ, start_response)
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/app.py", line 2295, in wsgi_app
    response = self.handle_exception(e)
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/app.py", line 1741, in handle_exception
    reraise(exc_type, exc_value, tb)
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
    raise value
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
    response = self.full_dispatch_request()
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
    rv = self.handle_user_exception(e)
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
    reraise(exc_type, exc_value, tb)
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
    raise value
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
    rv = self.dispatch_request()
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
File "/Users/xen/Dev/auth/client_example/client_testa.py", line 52, in testa_authorized
    resp = remote.authorize_access_token()
File "/Users/xen/envs/auth-s4eELiZl/lib/python3.6/site-packages/authlib/flask/client/oauth.py", line 257, in authorize_access_token
    raise MismatchingStateError()
authlib.client.errors.MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response.

有什么问题?两部分都使用 Authlib 0.8.

What can be wrong? Both parts use Authlib 0.8.

推荐答案

我花了很多时间来查找代码中的错误.问题不在于代码,而在于我使用它的方式.我通过本地 IP 地址 127.0.0.1 和不同的端口访问了这两个应用程序.浏览器为此类相关 URI 混合会话和 cookie.我为该服务提供了另一个本地域名(在我的情况下为 http://test:9001),这解决了我的问题.

I've spent a lot of time to find an error in my code. The problem was not in the code, but in the way I use it. I accessed both applications by local IP address 127.0.0.1 and different ports. Browser mix sessions and cookies for such related URIs. I give another local domain name (http://test:9001 in my case) for the service and that fixed my problem.

当您使用 OAuth 时,不要使用本地地址和相同的域.

这篇关于Authlib 客户端错误:请求和响应中的状态不相等的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,WP2

admin_action_{$_REQUEST[‘action’]}

do_action( "admin_action_{$_REQUEST[‘action’]}" )动作钩子::在发送“Action”请求变量时激发。Action Hook: Fires when an ‘action’ request variable is sent.目录锚点:#说明#源码说明(Description)钩子名称的动态部分$_REQUEST['action']引用从GET或POST请求派生的操作。源码(Source)更新版本源码位置使用被使用2.6.0 wp-admin/admin.php:...

日期:2020-09-02 17:44:16 浏览:1163

admin_footer-{$GLOBALS[‘hook_suffix’]}

do_action( "admin_footer-{$GLOBALS[‘hook_suffix’]}", string $hook_suffix )操作挂钩:在默认页脚脚本之后打印脚本或数据。Action Hook: Print scripts or data after the default footer scripts.目录锚点:#说明#参数#源码说明(Description)钩子名的动态部分,$GLOBALS['hook_suffix']引用当前页的全局钩子后缀。参数(Parameters)参数类...

日期:2020-09-02 17:44:20 浏览:1065

customize_save_{$this->id_data[‘base’]}

do_action( "customize_save_{$this->id_data[‘base’]}", WP_Customize_Setting $this )动作钩子::在调用WP_Customize_Setting::save()方法时激发。Action Hook: Fires when the WP_Customize_Setting::save() method is called.目录锚点:#说明#参数#源码说明(Description)钩子名称的动态部分,$this->id_data...

日期:2020-08-15 15:47:24 浏览:802

customize_value_{$this->id_data[‘base’]}

apply_filters( "customize_value_{$this->id_data[‘base’]}", mixed $default )过滤器::过滤未作为主题模式或选项处理的自定义设置值。Filter Hook: Filter a Customize setting value not handled as a theme_mod or option.目录锚点:#说明#参数#源码说明(Description)钩子名称的动态部分,$this->id_date['base'],指的是设置...

日期:2020-08-15 15:47:24 浏览:892

get_comment_author_url

过滤钩子:过滤评论作者的URL。Filter Hook: Filters the comment author’s URL.目录锚点:#源码源码(Source)更新版本源码位置使用被使用 wp-includes/comment-template.php:32610...

日期:2020-08-10 23:06:14 浏览:927

network_admin_edit_{$_GET[‘action’]}

do_action( "network_admin_edit_{$_GET[‘action’]}" )操作挂钩:启动请求的处理程序操作。Action Hook: Fires the requested handler action.目录锚点:#说明#源码说明(Description)钩子名称的动态部分$u GET['action']引用请求的操作的名称。源码(Source)更新版本源码位置使用被使用3.1.0 wp-admin/network/edit.php:3600...

日期:2020-08-02 09:56:09 浏览:874

network_sites_updated_message_{$_GET[‘updated’]}

apply_filters( "network_sites_updated_message_{$_GET[‘updated’]}", string $msg )筛选器挂钩:在网络管理中筛选特定的非默认站点更新消息。Filter Hook: Filters a specific, non-default site-updated message in the Network admin.目录锚点:#说明#参数#源码说明(Description)钩子名称的动态部分$_GET['updated']引用了非默认的...

日期:2020-08-02 09:56:03 浏览:858

pre_wp_is_site_initialized

过滤器::过滤在访问数据库之前是否初始化站点的检查。Filter Hook: Filters the check for whether a site is initialized before the database is accessed.目录锚点:#源码源码(Source)更新版本源码位置使用被使用 wp-includes/ms-site.php:93910...

日期:2020-07-29 10:15:38 浏览:828

WordPress 的SEO 教学:如何在网站中加入关键字(Meta Keywords)与Meta 描述(Meta Description)?

你想在WordPress 中添加关键字和meta 描述吗?关键字和meta 描述使你能够提高网站的SEO。在本文中,我们将向你展示如何在WordPress 中正确添加关键字和meta 描述。为什么要在WordPress 中添加关键字和Meta 描述?关键字和说明让搜寻引擎更了解您的帖子和页面的内容。关键词是人们寻找您发布的内容时,可能会搜索的重要词语或片语。而Meta Description则是对你的页面和文章的简要描述。如果你想要了解更多关于中继标签的资讯,可以参考Google的说明。Meta 关键字和描...

日期:2020-10-03 21:18:25 浏览:1709

谷歌的SEO是什么

SEO (Search Engine Optimization)中文是搜寻引擎最佳化,意思近于「关键字自然排序」、「网站排名优化」。简言之,SEO是以搜索引擎(如Google、Bing)为曝光媒体的行销手法。例如搜寻「wordpress教学」,会看到本站的「WordPress教学:12个课程…」排行Google第一:关键字:wordpress教学、wordpress课程…若搜寻「网站架设」,则会看到另一个网页排名第1:关键字:网站架设、架站…以上两个网页,每月从搜寻引擎导入自然流量,达2万4千:每月「有机搜...

日期:2020-10-30 17:23:57 浏览:1303