我正在尝试通过提供程序Bitbucket上的Auth0使用刷新令牌来获取新的访问令牌。根据Bitbucket文档,客户端client_id和secret一起使用的刷新令牌用于获取新的访问令牌。
curl -X POST -u "client_id:secret"
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=refresh_token -d refresh_token={refresh_token}
但是似乎我应该使用Auth0作为对此的代理。它在Auth0文档中说要使用刷新令牌(特定于用户)以及我的Auth0域和Auth0客户端ID。将我的Auth0凭据与针对Bitbucket用户的刷新令牌混合在一起似乎有点奇怪。
这是我的流程:
在端点获取用户信息:}>
https://<auth0_domain>.auth0.com/api/v2/users/<user_id>
使用刷新令牌在此处获取访问令牌:
https://<auth0_domain>.auth0.com/oauth/token
[值得注意的是,刷新令牌是针对用户的,但是客户端信息来自AUTH0客户端-对我而言没有意义。失败并显示此错误。
{u'error_description': u'Unauthorized', u'error': u'access_denied'}
本质上失败了:
)
payload = { "client_id": self.auth0_client_id, "client_secret": self.auth0_client_secret, "refresh_token": kwargs["refresh_token"].decode("utf-8"), "grant_type": "refresh_token" } _endpt = 'https://{}.auth0.com/oauth/token'.format(self.auth0_domain) headers = {'content-type': 'application/json'} req = requests.post(_endpt, data=json.dumps(payload), headers=headers)
下面是我在python中的整个代码。
#!/usr/bin/env python
import json
import os
import requests
import logging
class Auth0Client(object):
def __init__(self,**kwargs):
self.classname = "Auth0Client"
self.logger.logging.basicConfig(level=logging.INFO)
# (1) set AUTH0 client info
self.auth0_client_id = os.environ["AUTH0_CLIENT_ID"]
self.auth0_client_secret = os.environ["AUTH0_CLIENT_SECRET"]
self.auth0_domain = os.environ["AUTH0_DOMAIN"]
self._set_auth0_client_token()
def _set_auth0_client_token(self):
payload = { "client_id": self.auth0_client_id,
"client_secret": self.auth0_client_secret,
"audience": "https://{}.auth0.com/api/v2/".format(self.auth0_domain),
"grant_type": "client_credentials" }
api_endpoint = 'https://{}.auth0.com/oauth/token'.format(self.auth0_domain)
req = requests.post(api_endpoint,
data=json.dumps(payload),
headers={'content-type': 'application/json'})
self.auth0_client_token = req.json()["access_token"].decode("utf-8")
def _get_userinfo_frm_auth0(self,user):
endpoint = "https://{}.auth0.com/api/v2/users/{}".format(self.auth0_domain,user)
headers = {'Authorization': 'Bearer %s' % self.auth0_client_token}
req = requests.get(endpoint,headers=headers)
return req.json()
def _get_user_access_token_with_refresh(self,**kwargs):
payload = { "client_id": self.auth0_client_id,
"client_secret": self.auth0_client_secret,
"refresh_token": kwargs["refresh_token"].decode("utf-8"),
"grant_type": "refresh_token" }
_endpt = 'https://{}.auth0.com/oauth/token'.format(self.auth0_domain)
headers = {'content-type': 'application/json'}
req = requests.post(_endpt,
data=json.dumps(payload),
headers=headers)
return req.json()["access_token"].decode("utf-8")
def get_user_access_token(self,user):
# (2) get initial user info
user_info = self._get_userinfo_frm_auth0(user)
if str(user_info["identities"][0]["provider"]) == "bitbucket":
# (3) try to get access token from refresh token
user_token = self._get_user_access_token_with_refresh(user=user,**user_info["identities"][0])
else:
user_token = user_info["identities"][0]["access_token"].decode("utf-8")
return user_token
我正在尝试通过提供程序Bitbucket上的Auth0使用刷新令牌来获取新的访问令牌。根据Bitbucket文档,客户端client_id和secret一起的刷新令牌用于...
i在auth0社区的帮助下找到了答案。我发布了解决方案,并在需要的情况下在此处进行了流处理: