本文将分享使用okta工作流API连接器的DjangoOAuth工具包刷新令牌的详细内容,并且还将对okta的url进行详尽解释,此外,我们还将为大家带来关于Angular2-jwt–AuthHttp
本文将分享使用 okta 工作流 API 连接器的 Django OAuth 工具包刷新令牌的详细内容,并且还将对okta的url进行详尽解释,此外,我们还将为大家带来关于Angular2-jwt – AuthHttp,刷新令牌,将它们放在一起、ApiBoot v2.2.6 发布,新增配置客户端 OAuth2 刷新令牌过期时间、asp.net-mvc – OAuth 2 Google API刷新令牌为空、Django 和 Restful API Oauth2 登录的相关知识,希望对你有所帮助。
本文目录一览:- 使用 okta 工作流 API 连接器的 Django OAuth 工具包刷新令牌(okta的url)
- Angular2-jwt – AuthHttp,刷新令牌,将它们放在一起
- ApiBoot v2.2.6 发布,新增配置客户端 OAuth2 刷新令牌过期时间
- asp.net-mvc – OAuth 2 Google API刷新令牌为空
- Django 和 Restful API Oauth2 登录
使用 okta 工作流 API 连接器的 Django OAuth 工具包刷新令牌(okta的url)
如何解决使用 okta 工作流 API 连接器的 Django OAuth 工具包刷新令牌?
我已成功创建了一个 oauth 提供程序,并且可以验证我是否能够使用 django-oauth-toolkit 获取令牌和刷新令牌。在使用 [okta workflow api connector][1] OAUTH 选项时,它能够在通过初始设置后获取令牌。但是,一旦初始令牌过期,它就不会按预期获得刷新的令牌。连接器设置的范围是我通过 ScopES 设置添加到我的 django 项目的 settings.py 的附加范围,类似于文档在 [此链接][2] 中的显示方式。
因为我是 django-oauth-toolkit 的新手。我的第一个问题是通过此方法添加的新范围是否需要额外配置才能允许 oauth2 连接获取刷新令牌?
我使用的是 django-oauth-toolkit 1.5.0 [1]:https://help.okta.com/wf/en-us/Content/Topics/Workflows/function-reference/HTTP/http_authorization.htm [2]:https://django-oauth-toolkit.readthedocs.io/en/latest/rest-framework/getting_started.html
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)
Angular2-jwt – AuthHttp,刷新令牌,将它们放在一起
这看起来好像我在这里圈,也许是因为使用了这么多订阅并且必须将它们链接在一起.
我希望能够刷新令牌,如果它已使用刷新令牌过期.这就是我所拥有的,如果可能的话,我真的很感激一个简单的工作示例.
总之,我如何确保AudienceService首先检查令牌是否有效,如果没有,它会尝试使用刷新令牌刷新它,然后使用适当的令牌调用端点?
app.module.ts:
import { browserModule } from '@angular/platform-browser';
import { NgModule } from '@angular/core';
import { FormsModule,ReactiveFormsModule } from '@angular/forms';
import { HttpModule } from '@angular/http';
import { RouterModule } from '@angular/router';
import { Http,RequestOptions } from '@angular/http';
import { ConfirmDialogModule,ListBoxModule,PickListModule } from 'primeng/primeng';
import { AppComponent } from './app.component';
import { HeaderComponent } from './components/header/header.component';
import { HomeComponent } from './components/home/home.component';
import { ListAudiencesComponent } from './components/audiences/list-audiences/list-audiences.component';
import { AudienceService } from './services/audience.service';
import { LoggingService } from './services/logging.service';
import { RoleService } from './services/role.service';
import { AuthService } from './services/auth.service';
import { UserService } from './services/user.service';
import { AuthGuard } from './services/auth-guard.service'
import { AuthHttp,AuthConfig,provideAuth } from 'angular2-jwt';
import { ListRolesComponent } from './components/roles/list-roles/list-roles.component';
import { EditRoleAudiencesComponent } from './components/roles/edit-role-audiences/edit-role-audiences.component';
import { ModifyRoleComponent } from './components/roles/modify-role/modify-role.component';
import { LoginComponent } from './components/login/login.component';
import { UnauthorizedComponent } from './components/unauthorized/unauthorized.component';
export function authHttpServiceFactory(http: Http,options: RequestOptions) {
return new AuthHttp(new AuthConfig({
tokenName: 'token',tokenGetter: (() => sessionStorage.getItem('id_token')),globalHeaders: [{'Content-Type':'application/json'}],}),http,options);
}
@NgModule({
declarations: [
AppComponent,HeaderComponent,HomeComponent,ListAudiencesComponent,ListRolesComponent,EditRoleAudiencesComponent,ModifyRoleComponent,LoginComponent,UnauthorizedComponent
],imports: [
browserModule,ConfirmDialogModule,FormsModule,HttpModule,PickListModule,ReactiveFormsModule,RouterModule.forRoot([
{ path: '',redirectTo: 'home',pathMatch: 'full' },{ path: 'home',component: HomeComponent },{ path: 'unauthorized',component: UnauthorizedComponent },{ path: 'audiences',component: ListAudiencesComponent,canActivate: [AuthGuard] },{ path: 'roles',component: ListRolesComponent,{ path: 'roles/modify/:name',component: ModifyRoleComponent,{ path: '**',redirectTo: 'home' }
]),],providers: [
{
provide: AuthHttp,useFactory: authHttpServiceFactory,deps: [Http,RequestOptions]
},AudienceService,AuthGuard,AuthService,LoggingService,RoleService,UserService
],bootstrap: [AppComponent]
})
export class AppModule { }
auth.service.ts:
import { Injectable } from '@angular/core';
import { Http,Headers,RequestOptions,URLSearchParams } from '@angular/http';
import { environment } from '../../environments/environment';
import { tokenNotExpired } from 'angular2-jwt';
@Injectable()
export class AuthService {
tokenEndpoint = environment.token_endpoint;
constructor(private http: Http ) { }
login(username: string,password: string) {
let headers = new Headers({ 'Content-Type': 'application/x-www-form-urlencoded' });
let options = new RequestOptions({ headers: headers });
let body = new URLSearchParams();
body.set('username',username);
body.set('password',password);
body.set('client_id','099153c2625149bc8ecb3e85e03f0022');
body.set('grant_type','password');
console.log("Got here");
return this.http.post(this.tokenEndpoint,body,options)
.map(res => res.json())
.subscribe(
data => {
localStorage.setItem('id_token',data.access_token);
localStorage.setItem('refresh_token',data.refresh_token);
},error => console.log(error)
);
}
loggedIn() {
if (tokenNotExpired()) {
return true;
} else {
this.refreshToken()
.subscribe(
data => {
if (data.error) {
this.logout();
} else {
localStorage.setItem('id_token',data.access_token);
localStorage.setItem('refresh_token',data.refresh_token);
console.log("Token was refreshed.");
}
},error => this.logout(),() => {
return tokenNotExpired();
}
);
}
}
refreshToken() {
let refToken = localStorage.getItem('refresh_token');
if (refToken) {
let headers = new Headers({ 'Content-Type': 'application/x-www-form-urlencoded' });
let options = new RequestOptions({ headers: headers });
let body = new URLSearchParams();
body.set('client_id','099153c2625149bc8ecb3e85e03f0022');
body.set('grant_type','refresh_token');
body.set('refresh_token',refToken);
return this.http.post(this.tokenEndpoint,options)
.map(res => res.json());
} else {
this.logout();
}
}
tokenRequiresRefresh(): boolean {
if (!this.loggedIn()) {
console.log("Token refresh is required");
}
return !this.loggedIn();
}
logout() {
localStorage.removeItem('id_token');
localStorage.removeItem('refresh_token');
}
}
audience.service.ts:
import 'rxjs/Rx';
import { Observable } from 'rxjs/Observable';
import { environment } from '../../environments/environment';
import { AuthHttp } from 'angular2-jwt';
import { AuthService } from './auth.service';
import { AddDeleteAudienceModel } from './AddAudienceModel';
@Injectable()
export class AudienceService {
baseApiUrl = environment.api_endpoint;
constructor(private http: Http,private authHttp: AuthHttp,private authService: AuthService) { }
getAllAudiences()
{
if (this.authService.tokenRequiresRefresh()) {
this.authService.refreshToken();
}
if (this.authService.loggedIn()) {
return this.authHttp.get(this.baseApiUrl + 'audience/all').map(res => res.json());
}
}
}
解决方法
auth.service.ts
import { Injectable } from '@angular/core';
import { Router } from '@angular/router';
import { Http,URLSearchParams } from '@angular/http';
import { environment } from '../../environments/environment';
import { tokenNotExpired,JwtHelper } from 'angular2-jwt';
import { Subject,Observable } from 'rxjs';
@Injectable()
export class AuthService {
tokenEndpoint = environment.token_endpoint;
requireLoginSubject: Subject<boolean>;
tokenIsBeingRefreshed: Subject<boolean>;
lastUrl: string;
jwtHelper: JwtHelper = new JwtHelper();
constructor(private http: Http,private router: Router) {
this.requireLoginSubject = new Subject<boolean>();
this.tokenIsBeingRefreshed = new Subject<boolean>();
this.tokenIsBeingRefreshed.next(false);
this.lastUrl = "/home";
}
isUserAuthenticated() {
if(this.loggedIn()) {
this.requireLoginSubject.next(false);
return true;
} else {
return false;
}
}
login(username: string,'password');
return this.http.post(this.tokenEndpoint,options).map(res => res.json());
}
loggedIn() {
return tokenNotExpired();
}
addTokens(accesstoken: string,refreshToken: string) {
localStorage.setItem('id_token',accesstoken);
localStorage.setItem('refresh_token',refreshToken);
}
getRefreshTokenExpirationDate() {
var token = localStorage.getItem('id_token');
if (token) {
let tokenExpDate = this.jwtHelper.getTokenExpirationDate(token);
let sessionExpDate = new Date(tokenExpDate.getTime() + 4*60000);
if (new Date() > sessionExpDate) {
this.logout();
}
return sessionExpDate;
}
return null;
}
hasRefreshToken() {
let refToken = localStorage.getItem('refresh_token');
if (refToken == null) {
this.logout();
}
return refToken != null;
}
refreshTokenSuccessHandler(data) {
if (data.error) {
console.log("Removing tokens.");
this.logout();
this.requireLoginSubject.next(true);
this.tokenIsBeingRefreshed.next(false);
this.router.navigateByUrl('/unauthorized');
return false;
} else {
this.addTokens(data.access_token,data.refresh_token);
this.requireLoginSubject.next(false);
this.tokenIsBeingRefreshed.next(false);
console.log("Refreshed user token");
}
}
refreshTokenErrorHandler(error) {
this.requireLoginSubject.next(true);
this.logout();
this.tokenIsBeingRefreshed.next(false);
this.router.navigate(['/sessiontimeout']);
console.log(error);
}
refreshToken() {
let refToken = localStorage.getItem('refresh_token');
//let refTokenId = this.jwtHelper.decodetoken(refToken).refreshTokenId;
let headers = new Headers({ 'Content-Type': 'application/x-www-form-urlencoded' });
let options = new RequestOptions({ headers: headers });
let body = new URLSearchParams();
body.set('client_id','refresh_token');
body.set('refresh_token',refToken);
return this.http.post(this.tokenEndpoint,options)
.map(res => res.json());
}
tokenRequiresRefresh(): boolean {
if (!this.loggedIn()) {
console.log("Token refresh is required");
}
return !this.loggedIn();
}
logout() {
localStorage.removeItem('id_token');
localStorage.removeItem('refresh_token');
this.requireLoginSubject.next(true);
}
}
AUTH-http.service.ts
import { Injectable } from '@angular/core';
import { Router } from '@angular/router';
import 'rxjs/Rx';
import { Observable } from 'rxjs/Observable';
import { environment } from '../../environments/environment';
import { AuthHttp } from 'angular2-jwt';
import { AuthService } from './auth.service';
@Injectable()
export class AuthHttpService {
constructor(private authHttp: AuthHttp,private authService: AuthService,private router: Router) { }
get(endpoint: string) {
if (this.authService.tokenRequiresRefresh()) {
this.authService.tokenIsBeingRefreshed.next(true);
return this.authService.refreshToken().switchMap(
(data) => {
this.authService.refreshTokenSuccessHandler(data);
if (this.authService.loggedIn()) {
this.authService.tokenIsBeingRefreshed.next(false);
return this.getInternal(endpoint);
} else {
this.authService.tokenIsBeingRefreshed.next(false);
this.router.navigate(['/sessiontimeout']);
return Observable.throw(data);
}
}
).catch((e) => {
this.authService.refreshTokenErrorHandler(e);
return Observable.throw(e);
});
}
else {
return this.getInternal(endpoint);
}
}
post(endpoint: string,body: string) : Observable<any> {
if (this.authService.tokenRequiresRefresh()) {
this.authService.tokenIsBeingRefreshed.next(true);
return this.authService.refreshToken().switchMap(
(data) => {
this.authService.refreshTokenSuccessHandler(data);
if (this.authService.loggedIn()) {
this.authService.tokenIsBeingRefreshed.next(false);
return this.postInternal(endpoint,body);
} else {
this.authService.tokenIsBeingRefreshed.next(false);
this.router.navigate(['/sessiontimeout']);
return Observable.throw(data);
}
}
).catch((e) => {
this.authService.refreshTokenErrorHandler(e);
return Observable.throw(e);
});
}
else {
return this.postInternal(endpoint,body);
}
}
private getInternal(endpoint: string) {
return this.authHttp.get(endpoint);
}
private postInternal(endpoint: string,body: string) {
return this.authHttp.post(endpoint,body);
}
}
audience.service.ts
import { Injectable } from '@angular/core';
import 'rxjs/Rx';
import { Observable } from 'rxjs/Observable';
import { environment } from '../../environments/environment';
import { AuthHttpService } from './auth-http.service';
import { AddDeleteAudienceModel } from './AddAudienceModel';
@Injectable()
export class AudienceService {
baseApiUrl = environment.api_endpoint;
constructor(private authHttpService: AuthHttpService) { }
getAllAudiences()
{
return this.authHttpService.get(this.baseApiUrl + 'audience/all').map(res => res.json());
}
addAudience(model: AddDeleteAudienceModel) {
return this.authHttpService.post(this.baseApiUrl + 'audience',JSON.stringify(model)).map(res => res.json());
}
deleteAudience(model: AddDeleteAudienceModel) {
return this.authHttpService.post(this.baseApiUrl + 'audience/delete',JSON.stringify(model)).map(res => res.json());
}
}
ApiBoot v2.2.6 发布,新增配置客户端 OAuth2 刷新令牌过期时间
ApiBoot 是什么?
ApiBoot 是接口服务的落地解决方案,提供了一系列开箱即用的组件,通过封装来简化主流第三方框架的集成,从而提高开发者开发效率、学习成本、降低入门门槛,真正的实现开箱即用!!!
对 SpringBoot简单了解的开发者就可以编写安全稳定的接口服务,可为移动端、网页端等多个端点提供丰富的安全接口。
ApiBoot依赖于SpringBoot,可以使用ApiBoot构建独立的Java应用程序。
愿景:
- 为Java开发者提供低门槛第三方框架集成解决方案,让复杂的框架集成使用的门槛更低。
- 开箱即用,内部封装了主流框架,只需添加依赖、简单配置即可使用。
- 各个组件可独立使用,不再冗余你的应用程序。
- 可简单快速的构建安全的restful资源接口服务。
- 可用于构建SpringCloud微服务服务实例。
如果你想要系统的学习
ApiBoot可以访问我的博客文章 ApiBoot开源框架各个组件的系列使用文章汇总,或者官方文档 http://apiboot.minbox.io
更新日志 ✨
- 新增ApiBoot OAuth2的刷新令牌过期配置参数
- 升级Spring/SpringBoot依赖版本为v5.2.7/v.2.3.1
- 新增minbox-logging排除指定HttpStatus的参数配置
- 修改SpringMvc配置首选json-mapper的方式
- 升级flatten-maven-plugin插件版本
- 删除默认集成SpringCloud的指定版本(防止与业务系统版本冲突)
生态
ApiBoot主要的职责是封装并且落地项目中常用到的第三方依赖,会接入越来越多优秀的开源项目,提供统一的SpringBoot集成解决方案,完全遵循SpringBoot自定义Starter的规范实现。
下面是目前所集成的组件:
- 阿里云对象存储OSS组件
- 阿里云国际短信服务组件
- 多数据源动态切换组件
- 分布式日志开源框架组件
- 阿里云邮件服务组件
- APP消息推送组件(支持极光推送)
- ORM MyBatis Enhance开源框架组件(特性:方法命名规则查询、动态查询、内置方法,只增强不覆盖MyBatis本质特性)
- MyBatis Pageable自动化分页组件
- 分布式任务调度框架Quartz组件
- 分布式限流框架RateLimiter组件(支持Google令牌桶、Redis Lua脚本)
- 资源业务分离组件
- Spring Security + OAuth2 + JWT框架整合极简的解决方案组件(不写一行代码即可实现默认整合)
- 分布式高效有序ID生成组件
- Swagger文档组件
详见官方文档:https://apiboot.minbox.io
官方文档 & 源码
- 官方文档:http://apiboot.minbox.io
- 示例源码:https://gitee.com/minbox-projects/api-boot-chapter
- 码云:https://gitee.com/minbox-projects/api-boot
- GitHub:https://github.com/hengboy/api-boot
请给我支持
ApiBoot框架目前是由恒宇少年 - 于起宇编写并开源,欢迎大家提出集成建议,也可以根据ApiBoot集成第三方依赖的方式自行编写后提交PR,请给我一定的支持,让我坚持去下,为开源做贡献。
- 请给
ApiBoot源码仓库点个Star,Watching后可以收到每次发版的通知。 - Gitee
- GitHub
asp.net-mvc – OAuth 2 Google API刷新令牌为空
我正在开发一个Asp.NET MVC5 App
following this Google sample code.
我希望应用程序经过身份验证并由用户创建一个accessstoken(配置阶段),之后我需要能够使用刷新令牌调用Google Apis(在我的情况下为Directory API)(无需用户干预,如“离线”).
控制器:
public async Task<ActionResult> IndexAsync(CancellationToken cancellationToken)
{
var result = await new AuthorizationCodeMvcApp(this,new AppFlowMetadata()).
AuthorizeAsync(cancellationToken);
if (result.Credential != null)
{
var service = new Google.Apis.Admin.Directory.directory_v1.DirectoryService(new BaseClientService.Initializer
{
HttpClientinitializer = result.Credential,ApplicationName = "My Application"
});
return View();
}
else
{
return new RedirectResult(result.RedirectUri);
}
}
FlowMetadata实现. (我使用FiledataStore稍加修改(GoogleFileDataStore))
public class AppFlowMetadata : FlowMetadata
{
//Move to settings
static readonly string clientId = "xxxccnvofsdfsfoj.apps.googleusercontent.com";
static readonly string clientsecret = "xxxxxxxxxxLvtC6Qbqpp4x_";
static readonly string datastore = "AdminSDK.Api.Auth.Store";
private static readonly IAuthorizationCodeFlow flow =
new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = clientId,ClientSecret = clientsecret
},Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser,DirectoryService.Scope.AdminDirectoryUserAliasReadonly },DataStore = new GoogleFileDataStore(datastore)
});
public override string GetUserId(Controller controller)
{
return ConfigHelper.UserID.ToString();
}
public override IAuthorizationCodeFlow Flow
{
get { return flow; }
}
}
当我调用IndexAsync控制器时,由于用户没有先前的accessstoken,它会在用户登录Google帐户后创建一个新的.
这是一个示例访问,
{“access_token”:“ya29.5gBOszGO-oYJJt4YZfF6FeaZth1f69 _…..”,“token_type”:“Bearer”,“expires_in”:3600,“Issued”:“2014-12-24T16:02:32.014 05:30” }
问题1:为什么没有存储Refreshtoken?如何检索refreshtoken?
问题2:如果我获得了refreshtoken,我应该如何修改代码以创建新的访问令牌并调用API(当accesstoken过期时)?
[我提到了this question,但缺少刷新令牌没有正确答案.
解决方法
找到了Google Api离线访问的解决方案,以获取刷新令牌并使用刷新令牌创建新的accessstoken,
问题1:为什么没有存储Refreshtoken?如何检索refreshtoken?
我必须在请求中将access_type设置为脱机(默认情况下是在线). as mentioned here
我必须为GoogleAuthorizationCodeFlow类编写自己的实现.感谢this post.
public class ForceOfflineGoogleAuthorizationCodeFlow : GoogleAuthorizationCodeFlow
{
public ForceOfflineGoogleAuthorizationCodeFlow(GoogleAuthorizationCodeFlow.Initializer initializer) : base(initializer) { }
public override AuthorizationCodeRequestUrl CreateAuthorizationCodeRequest(string redirectUri)
{
return new GoogleAuthorizationCodeRequestUrl(new Uri(AuthorizationServerUrl))
{
ClientId = ClientSecrets.ClientId,Scope = string.Join(" ",Scopes),RedirectUri = redirectUri,Accesstype = "offline",ApprovalPrompt = "force"
};
}
};
问题2:..我应该修改代码来创建新的访问令牌并调用API吗?
//try to get results
var result = await new AuthorizationCodeMvcApp(this,new AppFlowMetadata()).
AuthorizeAsync(cancellationToken);
//// This bit checks if the token is out of date,//// and refreshes the access token using the refresh token.
if (result.Credential.Token.IsExpired(SystemClock.Default))
{
Google.Apis.Auth.OAuth2.Responses.TokenResponse token = new Google.Apis.Auth.OAuth2.Responses.TokenResponse();
//If the token is expired recreate the token
token = await result.Credential.Flow.RefreshTokenAsync(ConfigHelper.UserID.ToString(),result.Credential.Token.RefreshToken,CancellationToken.None);
//Get the authorization details back
result = await new AuthorizationCodeMvcApp(this,new AppFlowMetadata()).AuthorizeAsync(cancellationToken);
}
这对我有用!希望这会有助于其他人……
Django 和 Restful API Oauth2 登录
如何解决Django 和 Restful API Oauth2 登录?
我对 Django 非常陌生,我真的可以使用一些帮助来将 Restful API 集成到我的应用程序中。我已经构建了一个简单的 twitter 克隆,并且我有一个登录页面。我想允许用户注册但使用 OAuthV2 协议。 (即在登录页面上注册和登录,但在后端使用 api)我了解如何创建 RESTful SaaS,但仅在后端,我似乎无法弄清楚我将如何将它与我的前端集成.如果有人可以向我解释这个过程或帮助我提供一些资源,我将不胜感激。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)
我们今天的关于使用 okta 工作流 API 连接器的 Django OAuth 工具包刷新令牌和okta的url的分享就到这里,谢谢您的阅读,如果想了解更多关于Angular2-jwt – AuthHttp,刷新令牌,将它们放在一起、ApiBoot v2.2.6 发布,新增配置客户端 OAuth2 刷新令牌过期时间、asp.net-mvc – OAuth 2 Google API刷新令牌为空、Django 和 Restful API Oauth2 登录的相关信息,可以在本站进行搜索。
本文标签:
![[转帖]Ubuntu 安装 Wine方法(ubuntu如何安装wine)](https://www.gvkun.com/zb_users/cache/thumbs/4c83df0e2303284d68480d1b1378581d-180-120-1.jpg)
