我正在使用OAuthlib来执行Google的OAuth流程。它运作良好,持续4至5个月。突然间我开始收到以下错误:
File "/home/whitesnow-2/Gaurav/Axonator/AxVirtualEnv/local/lib/python2.7/site-packages/oauthlib/oauth2/rfc6749/parameters.py",
line 409, in validate_token_parameters raise w Warning: Scope has changed from
"https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/docs
https://www.googleapis.com/auth/spreadsheets
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile" to
"https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/docs
https://www.googleapis.com/auth/spreadsheets
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile".
以下是生成OAuth授权网址的代码:
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
settings.GOOGLE_OAUTH2_CLIENT_SECRETS_JSON,
scopes=['https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/docs https://www.googleapis.com/auth/spreadsheets https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile'],
redirect_uri=REDIRECT_URI
)
authorization_url, state = flow.authorization_url(
access_type='offline',
include_granted_scopes='true',
prompt='consent'
)
以下是Google OAuth回调的代码:
auth_code = request.GET.get("code")
objectid = request.GET.get("state")
error = request.GET.get("error")
if error == "access_denied":
return "Access Denied"
else:
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
settings.GOOGLE_OAUTH2_CLIENT_SECRETS_JSON,
scopes=['https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/docs https://www.googleapis.com/auth/spreadsheets https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile'],
redirect_uri=REDIRECT_URI
)
flow.fetch_token(code=auth_code)
您可以通过设置OAUTHLIB_RELAX_TOKEN_SCOPE环境变量来禁用此警告;这应该适用于您不控制调用oauth库的代码的情况。
这是在oauthlib库中实现的地方:
https://github.com/oauthlib/oauthlib/blob/master/oauthlib/oauth2/rfc6749/parameters.py#L401
通过在回调函数中将范围设置为None,我能够绕过这个问题。
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
settings.GOOGLE_OAUTH2_CLIENT_SECRETS_JSON,
scopes=None,
redirect_uri=REDIRECT_URI
)
flow.fetch_token(code=auth_code)
我将范围https://www.googleapis.com/auth/plus.me添加到我创建Flow对象的位置:
Flow.from_client_config(
secrets_json_string,
scopes=[
(…),
'https://www.googleapis.com/auth/plus.me',
],
redirect_uri=redirect_url
)
即使我也有同样的问题。我已经通过删除flow.authorization_url中的include_granted_scopes='true',来解决这个问题