我正在尝试Authlib。我有一个工作的pyoidc后端和一个使用android appauth的测试应用程序(从谷歌codelabs教程修改)。我在本地计算机上为Authlib安装重新配置了android测试应用程序。现在,当我尝试使用多个范围发出授权请求时,我收到此错误(我将字符串部分剪切到相关部分):
ValueError: Error trying to decode a non urlencoded string. Found invalid characters: {' '} in the string: '...&scope=openid offline_access&...'. Please ensure the request/response body is x-www-form-urlencoded.
我开始从堆栈跟踪和android端的request_uri跟踪问题。但请求uri有令人讨厌的部分作为...&scope=openid%20offline_access&...
。
我打印出来自environ
的flask/app.py
的__call__
参数,我看到这些相关的条目再次缩小到范围:
{
...
'QUERY_STRING': '...&scope=openid%20offline_access&...',
...
'werkzeug.request': <BaseRequest 'http://10.0.2.2:5000/oauth/authorize?...&scope=openid offline_access&...' [GET]>
}
我很困惑。为什么werkzeug.request
出现在environ
中填充此参数之前预先解码字符串,然后在urls/url_decode
上调用authlib的werkzeug.request
? %20
编码是否不足或不正确?但是,如果是这样的话,这是怎么回事这是默认的app_auth_android行为已经对不同的oidc后端和谷歌的单点登录方案有效?
完整堆栈跟踪:
Traceback (most recent call last):
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 2309, in __call__
return self.wsgi_app(environ, start_response)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 2295, in wsgi_app
response = self.handle_exception(e)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1741, in handle_exception
reraise(exc_type, exc_value, tb)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/Users/mliu/Documents/Development/authlib/example-oauth2-server/website/routes.py", line 69, in authorize
grant = authorization.validate_consent_request(end_user=user)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/flask/oauth2/authorization_server.py", line 206, in validate_consent_request
req = _create_oauth2_request(request)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/flask/oauth2/authorization_server.py", line 272, in _create_oauth2_request
q.headers
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/specs/rfc6749/wrappers.py", line 39, in __init__
self.query_params = url_decode(self.query)
File "/Users/mliu/.local/share/virtualenvs/authlib-mtpFpWgH/lib/python3.7/site-packages/authlib/common/urls.py", line 64, in url_decode
raise ValueError(error % (set(query) - urlencoded, query))
ValueError: Error trying to decode a non urlencoded string. Found invalid characters: {' '} in the string: '...&scope=openid offline_access&...'. Please ensure the request/response body is x-www-form-urlencoded.
是的,我证实了这一点。目前,您只能使用+
发出请求:
scope=openid+offline_access
防止这个问题。我已经在Authlib修复了它:https://github.com/lepture/authlib/commit/d8ab09fb97169fc47070f48c2ede43348f1feff0
它也应该由werkzeug修复:https://github.com/pallets/werkzeug/pull/1363