为什么在尝试使用Google OAuth 2.0撤消访问权限时出现空对象?

问题描述 投票:0回答:1

我正在学习如何使用OAuth 2.0,我成功实现了登录功能。但是,当我尝试通过使用Google API撤消访问权限来实现应用程序的注销时,有时会返回一个空对象。为什么会这样呢? 

@app.route('/gdisconnect')
def gdisconnect():
    # Only disconnect a connected user.
    access_token = login_session.get('access_token')
    if access_token is None:
        flash('Current user not connected.')
        return redirect(url_for('showCategories'))

    result = requests.post('https://accounts.google.com/o/oauth2/revoke',
                           params={'token': access_token},
                           headers={'content-type': 'application/x-www-form-urlencoded'}).json()
    print(result)
    if ('status' in result and result['status'] == '200') or ('error_description' in result and result['error_description'] == 'Token expired or revoked'):
        disconnect()
        flash("You have successfully been logged out.")
        return redirect(url_for('showCategories'))
    else:
        response = make_response(json.dumps('Failed to revoke token for given user.'), 400)
        response.headers['Content-Type'] = 'application/json'
        return response


def disconnect():
    del login_session['google_id']
    del login_session['access_token']
    del login_session['username']
    del login_session['email']
    del login_session['picture']
    del login_session['user_id']

服务器输出:

127.0.0.1 - - [28/Dec/2019 13:56:45] "GET /login HTTP/1.1" 200 -
done!
127.0.0.1 - - [28/Dec/2019 13:56:54] "POST /gconnect?state=4F9TQCJPPSRW0RBTXQWXSM0Q7I12GEDU HTTP/1.1" 200 -
127.0.0.1 - - [28/Dec/2019 13:56:59] "GET / HTTP/1.1" 200 -
{}
127.0.0.1 - - [28/Dec/2019 13:57:02] "GET /gdisconnect HTTP/1.1" 400 -
python authentication flask oauth-2.0 google-oauth2
1个回答
0
投票

响应是状态码为200的空响应。因此,在将对象转换为JSON之前检查status_code可以解决问题

    result = requests.get(
    'https://accounts.google.com/o/oauth2/revoke',
    params={'token': access_token},
    headers={'content-type': 'application/x-www-form-urlencoded'})
tokenExpired = (('error_description' in result.json()) and 
    (result.json()['error_description'] == 'Token expired or revoked'))

if((result.status_code == 200) or tokenExpired):
    disconnect()
    flash("You have successfully been logged out.")
    return redirect(url_for('showCategories'))
else:
    response = make_response(json.dumps(
        'Failed to revoke token for given user.'), 400)
    response.headers['Content-Type'] = 'application/json'
    return response
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.