OAuth2 授权类型 - 授权码 (python)

【问题标题】:OAuth2 Grant Type - authorization code (python)OAuth2 授权类型 - 授权码 (python)
【发布时间】:2021-04-24 09:00:53
【问题描述】:

我正在尝试弄清楚如何让 Oauth 2 在我的 python 代码中工作。

import requests, json
import webbrowser

authorize_url = "https://tcfhirsandbox.com.au/oauth2/authorize"
token_url = "https://tcfhirsandbox.com.au/oauth2/token"
state = 'asdasdasdasdasdas'
scope = 'noscope'
callback_uri = "x-argonaut-app://HealthProviderLogin/"
test_api_url = "https://tcfhirsandbox.com.au/fhir/dstu2/Patient?identifier=RN000000200"
client_id = '6A605kYem9GmG38Vo6TTzh8IFnjWHZWtRn46K1hoxQ'
client_secret = 'POrisHrcdMvUKmaR6Cea0b8jtx-z4ewVWrnaIXASO-H3tB3g5MgPV7Vqty7OP8aEbSGENWRMkeVKZDdG7Pw'

authorization_redirect_url = authorize_url + '?response_type=code&state=' + state + '&client_id=' + client_id + '&scope='+scope+'&redirect_uri=' + callback_uri
webbrowser.open(authorization_redirect_url)

authorization_code = input("Code:")
data = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': callback_uri}
access_token_response = requests.post(token_url, data=data, verify=True, allow_redirects=True, auth=(client_id, client_secret))
tokens = json.loads(access_token_response.text)
access_token = tokens['access_token']

api_call_headers = {'Authorization': 'Bearer ' + access_token}
api_call_response = requests.get(test_api_url, headers=api_call_headers, verify=True)

print(api_call_response.status_code)
print (api_call_response.text)

这里的问题是我必须从授权 URL 手动输入代码。我想自动化它! 谢谢,

22/01/2021|09:54 上午

试过了

import requests, json
rom bs4 import BeautifulSoup
import mechanize

authorize_url = "https://tcfhirsandbox.com.au/oauth2/authorize"
token_url = "https://tcfhirsandbox.com.au/oauth2/token"
state = 'asdasdasdasdasdas'
scope = 'noscope'
callback_uri = "x-argonaut-app://HealthProviderLogin/"
test_api_url = "https://tcfhirsandbox.com.au/fhir/dstu2/Patient?identifier=RN000000200"
client_id = '6A605kYem9GmG38Vo6TTzh8IFnjWHZWtRn46K1hoxQ'
client_secret = 'POrisHrcdMvUKmaR6Cea0b8jtx-z4ewVWrnaIXASO-H3tB3g5MgPV7Vqty7OP8aEbSGENWRMkeVKZDdG7Pw'

 
OAuth_url = authorize_url + '?response_type=code&state=' + state + '&client_id=' + client_id + '&scope='+scope+'&redirect_uri=' + callback_uri
 
br = mechanize.Browser()
br.open(OAuth_url)
br.select_form(nr=0)
br.form['Username'] = 'my_username'
br.form['Password'] = 'my_password'
r = br.submit()
#print(r.read())
resp = r.read()
br.select_form(nr=0)
ac = br.form.click(name = 'Accept')
 
soup = BeautifulSoup(resp)
print(soup)
print(ac)
auth_code = str(ac)
code_list = auth_code.split("=")
cd_lst = code_list[1].split("&")
authorization_code = str(cd_lst[0])
print(authorization_code)
 
data = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': callback_uri}
access_token_response = requests.post(token_url, data=data, verify=True, allow_redirects=True, auth=(client_id, client_secret))
 
print(access_token_response.status_code)
tokens = json.loads(access_token_response.text)
access_token = tokens['access_token']
 
print(access_token)

我想我已经很接近了,但仍然无法正常工作。 它给出了错误的请求(错误代码:400)作为响应。

如果有人能提供帮助,那就太好了。谢谢

【问题讨论】:

标签: beautifulsoup oauth-2.0 python-3.7 hl7-fhir mechanize-python


【解决方案1】:

TL;DR 您收到 400 BAD_REQUEST,因为 OAuth_url 构造不正确。试试:

https://tcfhirsandbox.com.au/oauth2/authorize?
response_type=code&
state=asdasdasdasdasdas&client_id=6A605kYem9GmG38Vo6TTzh8IFnjWHZWtRn46K1hoxQ&
redirect_uri=x-argonaut-app://HealthProviderLogin/
scope=launch%2Fpatient+openid+fhirUser+patient%2F%2A.read&
aud=https://tcfhirsandbox.com.au/

您提供的参考服务器的基本 URL (https://tcfhirsandbox.com.au) 无法解析。

所以我将演示如何使用另一个参考服务器。

你构建的OAuth_url

https://tcfhirsandbox.com.au/oauth2/authorize?
response_type=code&
state=asdasdasdasdasdas&client_id=6A605kYem9GmG38Vo6TTzh8IFnjWHZWtRn46K1hoxQ&
redirect_uri=x-argonaut-app://HealthProviderLogin/
scope=noscope&

使用参考服务器 [^1] 的工作 OAuth_url

https://inferno.healthit.gov/reference-server/oauth/authorization?
response_type=code&
state=ad6458f9-240a-42b7-b314-05d0c3b2c7c9&
client_id=SAMPLE_CONFIDENTIAL_CLIENT_ID&
redirect_uri=https%3A%2F%2Finferno.healthit.gov%2Finferno%2Foauth2%2Fstatic%2F
redirect&
scope=launch%2Fpatient+openid+fhirUser+patient%2F%2A.read&
aud=https%3A%2F%2Finferno.healthit.gov%2Freference-server%2Fr4

您将看到您构建的请求和引用的请求之间存在两个差异,其中之一可能导致 400 BAD_REQUEST:

  • 范围(noscope 不是 FHIR 范围 [^2] 上的有效 SMART,这将导致大多数服务器出错)
  • aud(您未包含aud 查询参数,该参数将用作您将获得的 access_token jwt 中的声明)

[^1] 使用 Inferno 测试构造:https://inferno.healthit.gov/inferno/5g6OuEGN4hM/test_sets/test_procedure/

[^2] 直接链接到 FHIR 范围上支持的 SMART:http://hl7.org/fhir/smart-app-launch/scopes-and-launch-context/index.html#quick-start

【讨论】:

    猜你喜欢
    • 2018-11-04
    • 2018-05-26
    • 1970-01-01
    • 1970-01-01
    • 2018-10-02
    • 1970-01-01
    • 2015-12-30
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode