我正在使用OAuth2 gem,以进行client_credential身份验证。我的代码如下,
require 'oauth2'
client = OAuth2::Client.new("my_client_id", "my_client_secret", :site => "my_site_url", :token_url => "oauth2/token")
client.client_credentials.get_token
当我执行上面的代码块时,它发出下面的错误,
OAuth2::Error (invalid_client: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method))
{
"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)",
"error_hint":"The OAuth 2.0 Client supports client authentication method "client_secret_basic", but method "client_secret_post" was requested.
You must configure the OAuth 2.0 client's "token_endpoint_auth_method" value to accept "client_secret_post".","status_code":401}
我检查了使用的'net / http'库,并且我的client_id
和client_secrets
有效并且可以正常工作。
我看到的唯一问题是上述消息提示中所述的身份验证方法,
The OAuth 2.0 Client supports client authentication method "client_secret_basic", but method "client_secret_post" was requested. You must configure the OAuth 2.0 client's "token_endpoint_auth_method" value to accept "client_secret_post"
我想知道的是?
OAuth2
gem如何决定使用client_secret_post与client_secret_basic?我的意思是我该如何在OAuth2 gem中请求client_secret_basic?在OAuth服务器上注册客户端时,我们必须将token_endpoint_auth_method设置为'client_secret_post',这样它才能正常工作。
hydra clients create --endpoint <OAuth server url> --id CLIENT_ID --secret CLIENT_SECRET \
--token-endpoint-auth-method 'client_secret_post' -g client_credentials
现在,将这些CLIENT_ID和CLIENT_SECRET与oauth2一起使用是可行的。
但是还有一点尚不清楚-我可以使用oauth2 gem将token_endpoint_auth_method设置为
client_secret_basic进行请求。
:auth_scheme => :basic_auth
默认设置在下面。
:auth_scheme => :request_body
我摘录了OAuth2 :: Client代码的一部分。
请检查。
require 'faraday' require 'logger' module OAuth2 # The OAuth2::Client class class Client # rubocop:disable Metrics/ClassLength attr_reader :id, :secret, :site attr_accessor :options attr_writer :connection # @option opts [Symbol] :auth_scheme (:basic_auth) HTTP method to use to authorize request (:basic_auth or :request_body) def initialize(client_id, client_secret, options = {}, &block) opts = options.dup @id = client_id @secret = client_secret @site = opts.delete(:site) ssl = opts.delete(:ssl) @options = {:authorize_url => '/oauth/authorize', :token_url => '/oauth/token', :token_method => :post, :auth_scheme => :request_body, # <-- Here !!! :connection_opts => {}, :connection_build => block, :max_redirects => 5, :raise_errors => true}.merge(opts) @options[:connection_opts][:ssl] = ssl if ssl end
示例片段在这里https://gist.github.com/mtoshi/cd74f57631805fb1b2290137f58dac9f