我将Tornado web服务器用于一个简单的web应用程序,并希望使用OpenID对用户进行身份验证。我是龙卷风的新手,我设法用节点.js'护照包(正在测试节点.js首先),我可以在回调中得到id_token
。在
我使用OAuth2Mixin
fromtornado.auth
使用用户凭证授权访问,然后在重定向时,我得到fromcode
get参数。我不知道怎么继续下去
from tornado.auth import OpenIdMixin, OAuth2Mixin
from .base import BaseHandler
class LoginHandler(BaseHandler, OAuth2Mixin, OpenIdMixin):
def get(self):
self._OAUTH_AUTHORIZE_URL = 'https://authserver.io/uas/oauth2/authorization'
self._OAUTH_ACCESS_TOKEN_URL = 'https://authserver.io/uas/oauth2/token'
self.authorize_redirect(
redirect_uri='http://localhost:3001/success-login',
client_id='abcd',
client_secret='1234',
)
然后在另一个处理程序上。在
^{pr2}$我希望id_token
回来;这是一个JWT。我可以解码并得到所需的数据。在
更新: 以防需要配置。在
{"issuer":"https://authserver.io/uas","authorization_endpoint":"https://authserver.io/uas/oauth2/authorization","token_endpoint":"https://authserver.io/uas/oauth2/token","userinfo_endpoint":"https://authserver.io/uas/oauth2/userinfo","jwks_uri":"https://authserver.io/uas/oauth2/metadata.jwks","tokeninfo_endpoint":"https://authserver.io/uas/oauth2/introspection","introspection_endpoint":"https://authserver.io/uas/oauth2/introspection","revocation_endpoint":"https://authserver.io/uas/oauth2/revocation","response_types_supported":["code"],"grant_types_supported":["authorization_code","password","refresh_token","urn:ietf:params:oauth:grant-type:saml2-bearer","http://globalsign.com/iam/sso/oauth2/grant-type/sms-mt-otp","http://globalsign.com/iam/sso/oauth2/grant-type/smtp-otp"],"subject_types_supported":["public"],"request_object_signing_alg_values_supported":["RS256","HS256"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA1_5","A128KW"],"request_object_encryption_enc_values_supported":["A128GCM","A128CBC-HS256"],"id_token_signing_alg_values_supported":["RS256","HS256"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA1_5","A128KW"],"id_token_encryption_enc_values_supported":["A128GCM","A128CBC-HS256"],"userinfo_signing_alg_values_supported":["RS256","HS256"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA1_5","A128KW"],"userinfo_encryption_enc_values_supported":["A128GCM","A128CBC-HS256"],"token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt"],"token_endpoint_auth_signing_alg_values_supported":["RS256","HS256"],"introspection_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt"],"introspection_endpoint_auth_signing_alg_values_supported":["RS256","HS256"],"revocation_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt"],"revocation_endpoint_auth_signing_alg_values_supported":["RS256","HS256"],"scopes_supported":["openid","userinfo"]}
您需要从} 来获取访问令牌。在
SuccessLoginHandler
调用^{但是,我宁愿在单个处理程序中编写所有内容,以使代码更简短且不重复。您可以这样重写
LoginHandler
:最后我使用Tornado的
httpclient
将请求发送到OpenID服务器。在相关问题 更多 >
编程相关推荐