关于django:基于djangooauthtoolkit的统一认证流程单点登录

45次阅读

共计 2602 个字符，预计需要花费 7 分钟才能阅读完成。

这篇文章次要用于 django 的单点登录认证，django 是作为认证服务器而不是转第三方登录;
当然，结尾的代码也能够用于第三方认证并且 django 作为申请认证

在users/models.py 写入:

from django.contrib.auth.models import AbstractUser

class User(AbstractUser):
    pass

settings 中

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'users',
]

AUTH_USER_MODEL='users.User'

pip install django-oauth-toolkit

settings 中

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'users',
    'oauth2_provider',
]

这里如果遇到 django-oauth-toolkit 装置有问题，能够升高版本装置，个别 1.2 版本没什么问题
这里提供一下 pip 装置的版本作为参考

Django    3.2.2
django-oauth-toolkit    1.2.0

python manage.py makemigrations
python manage.py migrate

urls.py 中

from django.contrib import admin
from django.urls import include, path

urlpatterns = [path('admin/', admin.site.urls),
    path('auth/', include('oauth2_provider.urls', namespace='oauth2_provider')),
]

settings 中

LOGIN_URL='/admin/login/'

创立超级管理员

python manage.py createsuperuser

Username: wiliam
Email address: me@wiliam.dev
Password:
Password (again):
Superuser created successfully.

执行 django

python manage.py runserver

关上网址注册须要单点登录的利用

http://127.0.0.1:8000/auth/applications/register/

获取 client_id 和secret

export ID=4MWIs4sw6DEo0sC6PbbKqJOU4PyY1zIwMGRDvGEf
export SECRET=hRo89PCekK3lV7u5MuWcW0a28LHMWxosLIYittiBSxOz7YrM08zuYSbNK7hnULy9DIS53rzT9XTFWkD1D93r2MhX24cnt9edSphAXsmarHPJyXZ5nWh6xl0JTkSnJb0W

用以下网址进行申请

http://127.0.0.1:8000/auth/authorize/?response_type=code&client_id=4MWIs4sw6DEo0sC6PbbKqJOU4PyY1zIwMGRDvGEf&redirect_uri=http://127.0.0.1:8000

登录胜利后就会跳转到下面网址的 redirect_uri

上面是获取 access_token

from django.views import View
import requests

class OauthLogin(View):
    def get(self, request):
        code = request.GET.get('code')
        print('code:', code)
        url = 'http://127.0.0.1:8000/auth/token/'
        data = {
            'client_id': '4MWIs4sw6DEo0sC6PbbKqJOU4PyY1zIwMGRDvGEf',
            'client_secret': 'hRo89PCekK3lV7u5MuWcW0a28LHMWxosLIYittiBSxOz7YrM08zuYSbNK7hnULy9DIS53rzT9XTFWkD1D93r2MhX24cnt9edSphAXsmarHPJyXZ5nWh6xl0JTkSnJb0W',
            'code': code,
            'redirect_uri': 'http://127.0.0.1:8000/user/auth_login',
            'grant_type': 'authorization_code',
        }
        headers = {'Content-Type': 'application/x-www-form-urlencoded',}
        res = requests.post(url, data=data, headers=headers)
        print('res:', res.json())

基于认证来拜访接口的形式
header 中 Authorization 携带上一步中的 json 参数token_type, access_token

access_token = res.json().get('access_token')
token_type = res.json().get('token_type')
token_header = {'Authorization': '{} {}'.format(token_type, access_token)
}
res = requests.get('http://127.0.0.1:8000/user/demo/', headers=token_header)
print('res:', res.text)

正文完