3
我在DrEdit示例应用程序中介绍的认证过程中遇到了重定向概念问题。 这里REDIRECT_URL由来自请求URL剥离所有参数设置:澄清Python中的OAuth流Google Drive示例应用程序(DrEdit)
def CreateOAuthFlow(self):
"""Create OAuth2.0 flow controller
This controller can be used to perform all parts of the OAuth 2.0 dance
including exchanging an Authorization code.
Args:
request: HTTP request to create OAuth2.0 flow for
Returns:
OAuth2.0 Flow instance suitable for performing OAuth2.0.
"""
flow = flow_from_clientsecrets('client_secrets.json', scope='')
# Dynamically set the redirect_uri based on the request URL. This is extremely
# convenient for debugging to an alternative host without manually setting the
# redirect URI.
flow.redirect_uri = self.request.url.split('?', 1)[0].rsplit('/', 1)[0]
return flow
当应用程序从谷歌驱动器UI(GET请求应用程序的根URL以get参数code和state)称为应用程序会检查其是否有权向Google云端硬盘发出请求。在接入已被撤销的情况下,它会尝试重新使用下面的代码授权本身,我相信:
creds = self.GetCodeCredentials()
if not creds:
return self.RedirectAuth()
其中RedirectAuth()被定义为:
def RedirectAuth(self):
"""Redirect a handler to an authorization page.
Used when a handler fails to fetch credentials suitable for making Drive API
requests. The request is redirected to an OAuth 2.0 authorization approval
page and on approval, are returned to application.
Args:
handler: webapp.RequestHandler to redirect.
"""
flow = self.CreateOAuthFlow()
# Manually add the required scopes. Since this redirect does not originate
# from the Google Drive UI, which authomatically sets the scopes that are
# listed in the API Console.
flow.scope = ALL_SCOPES
# Create the redirect URI by performing step 1 of the OAuth 2.0 web server
# flow.
uri = flow.step1_get_authorize_url(flow.redirect_uri)
# Perform the redirect.
self.redirect(uri)
我的问题是,当我撤销我的Google信息中心对应用程序的访问权限,并尝试通过Google Drive UI将其打开,它将我重定向到授权页面,然后在授权后重定向回应用程序,但设法保留了状态(从Drive UI)。我认为这与代码描述的内容不一致,我想知道是否有任何这种行为的解释。 DrEdit应用程序的托管版本可以在这里找到:http://idning-gdrive-test.appspot.com/