1. 首页
  2. 问答
  3. Tornado Google+ Oauth错误代码400

Tornado Google+ Oauth错误代码400

2016-02-12 96 views
1

我在使用龙卷风框架的Google+ OAuth中遇到问题。我使用AngularJS作为前端,而python龙卷风作为后端与nginx服务器。我从AngularJS向Google+ API发送HTTP请求,我的龙卷风API将重定向到Google登录。成功登录后,重定向到我的应用程序。在重定向时,我认为它会自动刷新,即有两个来自Google的重定向呼叫。Tornado Google+ Oauth错误代码400

看到有两个HTTP从龙卷风OAuth2用户重定向呼叫

enter image description here

这是我的代码:

class GoogleOAuth2LoginHandler(tornado.web.RequestHandler, tornado.auth.GoogleOAuth2Mixin): 
    @tornado.gen.coroutine 
     def get(self): 
      if self.get_argument('code', False): 
       user = yield self.get_authenticated_user(
        redirect_uri='http://your.site.com/auth/google', 
        code=self.get_argument('code') 
       ) 
       # Save the user with e.g. set_secure_cookie 
      else: 
       yield self.authorize_redirect(
        redirect_uri='http://your.site.com/auth/google', 
        client_id=self.settings['google_oauth']['key'], 
        scope=['profile', 'email'], 
        response_type='code', 
        extra_params={'approval_prompt': 'auto'}

错误:

Google auth error: HTTPResponse(_body=None,buffer=<_io.BytesIO object at 0xb37809bc>,code=400,effective_url=' https://accounts.google.com/o/oauth2/token ',error=HTTPError('HTTP 400: Bad Request',),headers={'X-Consumed-Content-Encoding': 'gzip', 'Alternate-Protocol': '443:quic,p=1', 'X-Xss-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Transfer-Encoding': 'chunked', 'Set-Cookie': 'NID=76=iaY_jJFPzvLg3_h3eqUFMt4fecbELKk9_bGJju-mwsHBNlxeDqSrtmpyazsrJ3mDgtDnTnzsw5_fjIfV8GcUAegoNgxGi5ynpcfg0vEWULSeVXKio_ANxEoK9C-F5oRs;Domain=.google.com;Path=/;Expires=Sat, 13-Aug-2016 10:17:46 GMT;HttpOnly', 'Expires': 'Fri, 12 Feb 2016 10:17:46 GMT', 'Server': 'GSE', 'Connection': 'close', 'Cache-Control': 'private, max-age=0', 'Date': 'Fri, 12 Feb 2016 10:17:46 GMT', 'P3p': 'CP="This is not a P3P policy! See https://support.google.com/accounts/answer/151657?hl=en for more info."', 'Alt-Svc': 'quic=":443"; ma=604800; v="30,29,28,27,26,25"', 'Content-Type': 'application/json; charset=utf-8', 'X-Frame-Options': 'SAMEORIGIN'},reason='Bad Request',request=,request_time=0.4158029556274414,time_info={})

来源

2016-02-12 pratik khandge

+0

请帮我解决.. –

回答

0

我们的配置完全相同(Tornado + nginx + angularjs)。我只是重写了OAuth身份验证部分而没有龙卷风,并且问题得到解决。你可以使用龙卷风的AsyncHttpClient,但我使用aiohttp,因为我在asyncio中托管了龙卷风。 以下是新代码和注释部分是旧代码。

from backend.helpers.async_oauth2.client import Client 

     oauth_client = Client(app_settings.security.google.client_id, app_settings.security.google.client_secret, 
           app_settings.security.google.redirect_uri, "https://accounts.google.com/o/oauth2/auth" 
           , "https://accounts.google.com/o/oauth2/token") 

     access = await oauth_client.get_token(code, grant_type="authorization_code") 

     # access = await self.get_authenticated_user(
     #  redirect_uri=app_settings.security.google.redirect_uri, 
     #  code=code) 

     # user = await self.oauth2_request(
     #  "https://www.googleapis.com/oauth2/v1/userinfo", 
     #  access_token=str(access["access_token"])) 

     user = await oauth_client.http_get(
      "https://www.googleapis.com/oauth2/v1/userinfo?{}".format(
       url_parse.urlencode({'access_token':str(access["access_token"])})))

来源

2016-06-06 07:32:20 Kamyar

 相关问题

  • 暂无相关问题^_^