Я использую Django social_django и rest_framework_social_oauth2 для аутентификации в моем приложении. Я успешно интегрировал Facebook. Однако я сталкиваюсь с проблемой интеграции GoogleOAuth2. Для начала у меня есть это в моих настройках django
INSTALLED_APPS = [
......
'oauth2_provider',
'social_django',
'rest_framework_social_oauth2',
.....
]
AUTHENTICATION_BACKENDS = (
# Facebook OAuth2
'social_core.backends.facebook.FacebookAppOAuth2',
'social_core.backends.facebook.FacebookOAuth2',
# Google SSO
'social_core.backends.google.GoogleOAuth2',
# django-rest-framework-social-oauth2
'rest_framework_social_oauth2.backends.DjangoOAuth2',
# Django
'django.contrib.auth.backends.ModelBackend',
)
# Google Config
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = env('SOCIAL_AUTH_GOOGLE_OAUTH2_KEY')
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = env('SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET')
SOCIAL_AUTH_GOOGLE_OAUTH2_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]
Мой взгляд в основном делает
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
provider = serializer.data.get('provider', None)
strategy = load_strategy(request)
backend = load_backend(strategy=strategy, name=provider,
redirect_uri=None)
if isinstance(backend, BaseOAuth2):
access_token = serializer.data.get('access_token')
user = backend.do_auth(access_token)
, а сериализатор -
class SocialSerializer(serializers.Serializer):
"""
Serializer which accepts an OAuth2 access token and provider.
"""
provider = serializers.CharField(max_length=255, required=True)
access_token = serializers.CharField(max_length=4096, required=True, trim_whitespace=True)
Способ получения токеначерез Android, как показано ниже
gso = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestScopes(Scope(Scopes.PROFILE))
.requestServerAuthCode(serverClientId)
.requestEmail()
.build()
mGoogleSignInClient = GoogleApiClient.Builder(this)
.addApi(Auth.GOOGLE_SIGN_IN_API, gso!!)
.build()
val signInIntent = Auth.GoogleSignInApi.getSignInIntent(mGoogleSignInClient)
startActivityForResult(signInIntent, RC_SIGN_IN)
/// Then at the callback point
val account : GoogleSignInAccount? = completedTask.getResult(ApiException::class.java)
val authCode = account?.serverAuthCode
val call = apiService!!.socialLogin(SocialAuthLoginDto(provider = "google-oauth2", access_token = authCode))
processSignInCall(call)
Клиент может успешно получить и опубликовать токен как
{"access_token":"4/sAHrs-g-u-oxdLq1XPFZ8PRNfeYiDIAQAgyIVdbLdthqp1S9FoHAlb41k4BUIDUIp5s4fzUsbSG_vqc_I71cQ","provider":"google-oauth2"}
Однако Social Auth не может аутентифицировать пользователя с помощью следующей трассировки стека
Traceback (most recent call last):
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/social_core/utils.py", line 251, in wrapper
return func(*args, **kwargs)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/social_core/backends/oauth.py", line 410, in do_auth
data = self.user_data(access_token, *args, **kwargs)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/social_core/backends/google.py", line 51, in user_data
'Authorization': 'Bearer %s' % access_token,
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/social_core/backends/base.py", line 238, in get_json
return self.request(url, *args, **kwargs).json()
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/social_core/backends/base.py", line 234, in request
response.raise_for_status()
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://www.googleapis.com/oauth2/v3/userinfo
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/django/views/generic/base.py", line 71, in view
return self.dispatch(request, *args, **kwargs)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/rest_framework/views.py", line 505, in dispatch
response = self.handle_exception(exc)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/rest_framework/views.py", line 465, in handle_exception
self.raise_uncaught_exception(exc)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/rest_framework/views.py", line 476, in raise_uncaught_exception
raise exc
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/rest_framework/views.py", line 502, in dispatch
response = handler(request, *args, **kwargs)
File "/Users/jerryshikanga/PycharmProjects/rondafel/rondafel/apps/profiles/views.py", line 126, in post
user = backend.do_auth(access_token)
File "/Users/jerryshikanga/PycharmProjects/venv/rondafel/lib/python3.7/site-packages/social_core/utils.py", line 256, in wrapper
raise AuthForbidden(args[0])
social_core.exceptions.AuthForbidden: Your credentials aren't allowed
Я пытался добавить дополнительные API в учетную запись Google, в частности Google Plus, Google Drive, но он все еще сохраняется.