Ruby OAuth2.0:客户端凭据类型具有不受支持的客户端身份验证方法

问题描述 投票:0回答:2

我正在使用OAuth2 gem,以进行client_credential身份验证。我的代码如下,

require 'oauth2'
client = OAuth2::Client.new("my_client_id", "my_client_secret", :site => "my_site_url", :token_url => "oauth2/token")
client.client_credentials.get_token

当我执行上面的代码块时,它发出下面的错误,

OAuth2::Error (invalid_client: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method))
{
  "error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)",
  "error_hint":"The OAuth 2.0 Client supports client authentication method "client_secret_basic", but method "client_secret_post" was requested. 
  You must configure the OAuth 2.0 client's "token_endpoint_auth_method" value to accept "client_secret_post".","status_code":401}

我检查了使用的'net / http'库,并且我的client_idclient_secrets有效并且可以正常工作。

我看到的唯一问题是上述消息提示中所述的身份验证方法,

The OAuth 2.0 Client supports client authentication method "client_secret_basic", but method "client_secret_post" was requested. You must configure the OAuth 2.0 client's "token_endpoint_auth_method" value to accept "client_secret_post"

我想知道的是?

  1. OAuth2 gem如何决定使用client_secret_post与client_secret_basic?我的意思是我该如何在OAuth2 gem中请求client_secret_basic?
  2. 如果不是以上的话,我应该如何指定token_endpoint_auth_method来接受client_secret_post?
ruby-on-rails ruby oauth oauth-2.0 net-http
2个回答
0
投票

    OAuth2 gem在--token_endpoint_auth_method设置为'client_secret_post'的情况下确实向OAuth服务器发出请求。

  1. 在OAuth服务器上注册客户端时,我们必须将token_endpoint_auth_method设置为'client_secret_post',这样它才能正常工作。

  • 就我而言,我使用的是Hydra,因此我使用以下命令创建了一个客户端:

    hydra clients create --endpoint <OAuth server url> --id CLIENT_ID --secret CLIENT_SECRET \ --token-endpoint-auth-method 'client_secret_post' -g client_credentials

    现在,将这些CLIENT_ID和CLIENT_SECRET与oauth2一起使用是可行的。

    但是还有一点尚不清楚-我可以使用oauth2 gem将
    token_endpoint_auth_method设置为
    client_secret_basic进行请求。
    • 0
    投票
    请在您的客户代码中添加或更改此客户选项设置。

    :auth_scheme => :basic_auth

    默认设置在下面。

    :auth_scheme => :request_body

    我摘录了OAuth2 :: Client代码的一部分。

    请检查。
    require 'faraday'
require 'logger'

module OAuth2
  # The OAuth2::Client class
  class Client # rubocop:disable Metrics/ClassLength
    attr_reader :id, :secret, :site
    attr_accessor :options
    attr_writer :connection

    # @option opts [Symbol] :auth_scheme (:basic_auth) HTTP method to use to authorize request (:basic_auth or :request_body)

    def initialize(client_id, client_secret, options = {}, &block)
      opts = options.dup
      @id = client_id
      @secret = client_secret
      @site = opts.delete(:site)
      ssl = opts.delete(:ssl)
      @options = {:authorize_url    => '/oauth/authorize',
                  :token_url        => '/oauth/token',
                  :token_method     => :post,
                  :auth_scheme      => :request_body,  # <-- Here !!!
                  :connection_opts  => {},
                  :connection_build => block,
                  :max_redirects    => 5,
                  :raise_errors     => true}.merge(opts)
      @options[:connection_opts][:ssl] = ssl if ssl
    end

    示例片段在这里https://gist.github.com/mtoshi/cd74f57631805fb1b2290137f58dac9f

    最新问题
    © www.soinside.com 2019 - 2024. All rights reserved.