2016-02-12 93 views
1

我在使用龍捲風框架的Google+ OAuth中遇到問題。我使用AngularJS作爲前端,而python龍捲風作爲後端與nginx服務器。我從AngularJS向Google+ API發送HTTP請求,我的龍捲風API將重定向到Google登錄。成功登錄後,重定向到我的應用程序。在重定向時,我認爲它會自動刷新,即有兩個來自Google的重定向呼叫。Tornado Google+ Oauth錯誤代碼400

看到有兩個HTTP從龍捲風OAuth2用戶重定向呼叫

enter image description here

這是我的代碼:

class GoogleOAuth2LoginHandler(tornado.web.RequestHandler, tornado.auth.GoogleOAuth2Mixin): 
    @tornado.gen.coroutine 
     def get(self): 
      if self.get_argument('code', False): 
       user = yield self.get_authenticated_user(
        redirect_uri='http://your.site.com/auth/google', 
        code=self.get_argument('code') 
       ) 
       # Save the user with e.g. set_secure_cookie 
      else: 
       yield self.authorize_redirect(
        redirect_uri='http://your.site.com/auth/google', 
        client_id=self.settings['google_oauth']['key'], 
        scope=['profile', 'email'], 
        response_type='code', 
        extra_params={'approval_prompt': 'auto'} 

錯誤:

Google auth error: HTTPResponse(_body=None,buffer=<_io.BytesIO object at 0xb37809bc>,code=400,effective_url=' https://accounts.google.com/o/oauth2/token ',error=HTTPError('HTTP 400: Bad Request',),headers={'X-Consumed-Content-Encoding': 'gzip', 'Alternate-Protocol': '443:quic,p=1', 'X-Xss-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Transfer-Encoding': 'chunked', 'Set-Cookie': 'NID=76=iaY_jJFPzvLg3_h3eqUFMt4fecbELKk9_bGJju-mwsHBNlxeDqSrtmpyazsrJ3mDgtDnTnzsw5_fjIfV8GcUAegoNgxGi5ynpcfg0vEWULSeVXKio_ANxEoK9C-F5oRs;Domain=.google.com;Path=/;Expires=Sat, 13-Aug-2016 10:17:46 GMT;HttpOnly', 'Expires': 'Fri, 12 Feb 2016 10:17:46 GMT', 'Server': 'GSE', 'Connection': 'close', 'Cache-Control': 'private, max-age=0', 'Date': 'Fri, 12 Feb 2016 10:17:46 GMT', 'P3p': 'CP="This is not a P3P policy! See https://support.google.com/accounts/answer/151657?hl=en for more info."', 'Alt-Svc': 'quic=":443"; ma=604800; v="30,29,28,27,26,25"', 'Content-Type': 'application/json; charset=utf-8', 'X-Frame-Options': 'SAMEORIGIN'},reason='Bad Request',request=,request_time=0.4158029556274414,time_info={})

+0

請幫我解決.. –

回答

0

我們的配置完全相同(Tornado + nginx + angularjs)。我只是重寫了OAuth身份驗證部分而沒有龍捲風,並且問題得到解決。你可以使用龍捲風的AsyncHttpClient,但我使用aiohttp,因爲我在asyncio中託管了龍捲風。 以下是新代碼和註釋部分是舊代碼。

from backend.helpers.async_oauth2.client import Client 

     oauth_client = Client(app_settings.security.google.client_id, app_settings.security.google.client_secret, 
           app_settings.security.google.redirect_uri, "https://accounts.google.com/o/oauth2/auth" 
           , "https://accounts.google.com/o/oauth2/token") 

     access = await oauth_client.get_token(code, grant_type="authorization_code") 

     # access = await self.get_authenticated_user(
     #  redirect_uri=app_settings.security.google.redirect_uri, 
     #  code=code) 

     # user = await self.oauth2_request(
     #  "https://www.googleapis.com/oauth2/v1/userinfo", 
     #  access_token=str(access["access_token"])) 

     user = await oauth_client.http_get(
      "https://www.googleapis.com/oauth2/v1/userinfo?{}".format(
       url_parse.urlencode({'access_token':str(access["access_token"])})))