我試圖實現谷歌混合協議(oauth over openid)。 而谷歌並沒有要求oauth權限(嘗試使用Gmail)的問題,只有openid。 我註冊在谷歌API控制檯:谷歌混合(openid + oauth)協議不適用於127.0.0.1
Client ID for web applications
Client ID: 248141267047.apps.googleusercontent.com
Email address:[email protected]
Client secret:
Redirect URIs: http://127.0.0.1:8000/oauth2callback
JavaScript origins: http://127.0.0.1:8000
這裏是生成的OpenID URL我的Python代碼:
class OpenIDOAuthRequest(Extension):
ns_alias = 'oauth'
def __init__(self, consumer, scope, ns_uri=None):
Extension.__init__(self)
self.consumer = consumer
self.scope = scope
self.ns_uri = ns_uri or oauth_ns_uri
def getExtensionArgs(self):
return {
'consumer': self.consumer,
'scope': ' '.join(self.scope),
}
def google():
#define google openid url
openid_session = {}
openid_store = filestore.FileOpenIDStore('.')
consumer = Consumer(openid_session, openid_store)
openid = u"https://www.google.com/accounts/o8/id"
URLS = {
'ax_last': "http://axschema.org/namePerson/last",
'ax_first': "http://axschema.org/namePerson/first",
'ax_email': "http://axschema.org/contact/email",
"country":"http://axschema.org/contact/country/home",
"timezone":"http://axschema.org/pref/timezone",
"language":"http://axschema.org/pref/language",
"person":"http://axschema.org/namePerson",
}
#defining what fields we're going to get
ax_request = ax.FetchRequest()
for k,v in URLS.iteritems():
ax_request.add(ax.AttrInfo(v, required = True))
oa = OpenIDOAuthRequest("248141267047.apps.googleusercontent.com",["https://mail.google.com/",])
try:
authrequest = consumer.begin(openid)
except DiscoveryFailure, e:
print e
print "some errror happened"
else:
authrequest.addExtension(ax_request)
authrequest.addExtension(oa)
redirecturl = authrequest.redirectURL("http://127.0.0.1:8000",
return_to = "http://127.0.0.1:8000/oauth2callback",
immediate=False)
print redirecturl
它會生成以下網址:
https://accounts.google.com/o/openid2/auth?openid.assoc_handle=AMlYA9Vr6Biwp-rCAr4TLbf8CtItR-zr3bs0LT7oYQ3Pakg93ivCS_6C&openid.ax.mode=fetch_request&openid.ax.required=ext0,ext1,ext2,ext3,ext4,ext5,ext6&openid.ax.type.ext0=http://axschema.org/contact/email&openid.ax.type.ext1=http://axschema.org/namePerson&openid.ax.type.ext2=http://axschema.org/namePerson/first&openid.ax.type.ext3=http://axschema.org/pref/timezone&openid.ax.type.ext4=http://axschema.org/pref/language&openid.ax.type.ext5=http://axschema.org/contact/country/home&openid.ax.type.ext6=http://axschema.org/namePerson/last&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.ns.ax=http://openid.net/srv/ax/1.0&openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0&openid.oauth.consumer=248141267047.apps.googleusercontent.com&openid.oauth.scope=https://mail.google.com/&openid.realm=http://127.0.0.1:8000&openid.return_to=http://127.0.0.1:8000/oauth2callback?janrain_nonce%3D2012-05-01T22%253A50%253A33ZUW7vcj
而且它擁有所有必要的擴展。但是,如果我去這個網址,它不會問我對Gmail的權限。此外,我正在比較來自sanebox.com的類似網址。它按預期工作,要求獲得gmail的許可。但我沒有看到爲什麼他們的網址工作,而我的沒有任何本質區別。此外,我將我的網址中的127.0.0.1替換爲sanebox網址,並將其他部分保留爲相同。而且......現在它要求獲得gmail的許可。切換回127.0.0.1 - 停止詢問。這裏是理智的網址:
https://accounts.google.com/o/openid2/auth?openid.assoc_handle=AMlYA9UV4Ud714HHaFJ0fpItabA8v-zw0QuReEPcn61ilJzyFrFia5PO&openid.ax.mode=fetch_request&openid.ax.required=ext0,ext1,ext2,ext3,ext4,ext5,ext6&openid.ax.type.ext0=http://axschema.org/pref/timezone&openid.ax.type.ext1=http://axschema.org/contact/country/home&openid.ax.type.ext2=http://axschema.org/pref/language&openid.ax.type.ext3=http://axschema.org/namePerson/last&openid.ax.type.ext4=http://axschema.org/namePerson/first&openid.ax.type.ext5=http://axschema.org/namePerson&openid.ax.type.ext6=http://axschema.org/contact/email&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.ns.ax=http://openid.net/srv/ax/1.0&openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0&openid.ns.sreg=http://openid.net/extensions/sreg/1.1&openid.oauth.consumer=www.sanebox.com&openid.oauth.scope=https://mail.google.com/+http://www.google.com/m8/feeds&openid.realm=https://www.sanebox.com/&openid.return_to=https://www.sanebox.com/users?_method%3Dpost%26open_id_complete%3D1
所以我失蹤了?爲什麼它不適用於127.0.0.1,如果我在api控制檯中重新生成此url。它和openid一起工作正常。並沒有openid與oauth本身很好地工作。但是現在,當我嘗試在openid上使用oauth時,它並沒有要求我向gmail發送許可。
這個問題只與運行它與127.0.0.1。我最終將所需的域添加到主機文件。 Python的混合協議的默認應用程序不存在。只有lib爲openid,我已經在使用 – Aldarund
@Aldarund IT爲我工作,即使在本地主機上,也就是我127.0.0.1 – Vineet1982
我發佈了兩個鏈接,您可以嘗試將它們都打開。與本地主機鏈接不會問你的Gmail訪問,而與普通域的鏈接將做到這一點。鏈接之間的唯一區別是域。 – Aldarund