我使用React作为我的前端,从那里开始授权过程。通常我使用axios进行请求,但由于cors,在这种情况下不使用:
render() {
// Create a button because Spotify server does no accept Cross Origens AJAX requests
return (
<div className="button_container">
<h1 className="title is-3"><font color="#C86428">{"Welcome"}</font></h1>
<div className="Line" /><br/>
<button className="sp_button" onClick={() => window.location = 'http://localhost/index'}>
<strong>LINK YOUR SPOTIFY ACCOUNT</strong>
</button>
</div>
)
}
然后我们移至Flask,在其中定义了/index:
@spotify_auth_bp.route("/index", methods=['GET', 'POST'])
def spotify_index():
#Auth Step 1: Ask authorization to User
CODE = "code"
CLIENT_ID = os.environ.get('SPOTIPY_CLIENT_ID')
SCOPE = os.environ.get('SPOTIPY_SCOPE')
REDIRECT_URI = os.environ.get('SPOTIPY_REDIRECT_URI')
SPOTIFY_AUTH_URL = "https://accounts.spotify.com/authorize"
return redirect("{}?response_type={}&client_id={}&scope={}&redirect_uri={}".format(
SPOTIFY_AUTH_URL, CODE, CLIENT_ID, SCOPE, REDIRECT_URI), code=302)
然后,我从Spotify重定向回到/callback,在我的响应中设置jwt Cookie,如下所示:
@spotify_auth_bp.route("/callback", methods=['GET', 'POST'])
def spotify_callback():
token = user.encode_access_token(access_token)
# split encoded token in 3: header, payload and signature
a11n_h, a11n_d, a11n_s = token.decode().split('.')
print ('a11_h, a11_d, a11_s', a11n_h, a11n_d, a11n_s)
# make response and set cookies
response = make_response(redirect('http://localhost/about', code=302))
# set cookies
response.set_cookie('a11n.h', a11n_h)
response.set_cookie('a11n.d', a11n_d) # cookie is accessible from your React app (you can even get userinfo from it)
response.set_cookie('a11n.s', a11n_s, httponly=True) # only signature is Http-Only, not accessible from Javascript
return response
并且Cookie会显示在我的浏览器控制台的“应用程序”下。
现在,我想从另一个端点获取它们,就像这样:
@spotify_auth_bp.route("/get_token/<user_id>", methods=['GET', 'POST'])
def get_token(user_id):
post_data = request.get_json()
response_object = {
'status': 'fail',
'message': 'Invalid payload.'
}
# get access token cookies
a11n_h = request.cookies.get('a11n.h')
print ('a11n.h', a11n_h)
a11n_d = request.cookies.get('a11n.d')
print ('a11n.h', a11n_d)
a11n_s = request.cookies.get('a11n.s')
print ('a11n_s.h', a11n_s)
OBS:我正在使用Postman测试此端点。
但是我将这些Cookie打印为None,None,None
而且,我没有Flask配置:
app.config.update(
SESSION_COOKIE_SECURE=True,
SESSION_COOKIE_SAMESITE='Lax',
)
这可能会阻止cookie通过http发送。
我想念什么?
根据上述,我假设您正在使用基于任何其他框架的前端应用程序,并使用axios,fetch,request等库来访问烧瓶上的API。
因此,您可能错过了需要在请求中设置标志以允许发送Cookie的想法。请参阅以下链接以找到实现方法:
fetch('https://example.com', {
credentials: 'include'
});
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://example.com/', true);
xhr.withCredentials = true;
xhr.send(null);
纠正我,如果不能解决问题。