django-rest-framework – Django与Allauth一起休息

2019年7月28日 227次阅读

我已经使用Allauth实现了
django rest auth,如果我通过google access_token登录,它的工作正常,但有些客户端设备需要通过google id_token登录.

如果我使用id_token而不是access_token,我会收到错误

{
  "non_field_errors": [
    "Incorrect value"
  ]
}

请帮帮我

最佳答案 更新您的文件,如

../allauth/socialaccount/providers/google/provider.py

class GoogleProvider(OAuth2Provider):
    ....

    def extract_uid(self, data):
        try:
            return str(data['id'])
        except KeyError:
            return str(data['user_id'])

../allauth/socialaccount/providers/google/views.py

class GoogleOAuth2Adapter(OAuth2Adapter):
    provider_id = GoogleProvider.id
    access_token_url = 'https://accounts.google.com/o/oauth2/token'
    authorize_url = 'https://accounts.google.com/o/oauth2/auth'
    profile_url = 'https://www.googleapis.com/oauth2/v1/userinfo'
    token_url = 'https://www.googleapis.com/oauth2/v1/tokeninfo'

    def complete_login(self, request, app, token, **kwargs):
        if 'rest-auth/google' in request.path:
            print('rest-auth api')
            # /api/rest-auth/google
            # but not for website login with google
            resp = requests.get(self.token_url,
                            params={'id_token': token.token,
                                    'alt': 'json'})
        else:
            print('else else rest-auth api')
            resp = requests.get(self.profile_url,
                            params={'access_token': token.token,
                                    'alt': 'json'})
        resp.raise_for_status()
        extra_data = resp.json()
        login = self.get_provider() \
            .sociallogin_from_response(request,
                                   extra_data)
        return login


oauth2_login = OAuth2LoginView.adapter_view(GoogleOAuth2Adapter)
oauth2_callback = OAuth2CallbackView.adapter_view(GoogleOAuth2Adapter)

对于使用id_token,您将只获得这些文件(access_type,audience,email,email_verified,expires_in,issued_at,issued_to,issuer,nonce,scope,user_id,verified_email).因此,如果您的用户表需要电话和名称,您可以将其设置为空名称=”等.为此,您可以使用以下代码.

Set user model required fields to empty for covering id_token case

这取决于您的用户型号,在我的情况下,我们需要手机和名称,所以我将它们设置为空.如果不这样做,您将遇到失败的约束错误.

../allauth/socialaccount/providers/base.py

class Provider(object):
    def sociallogin_from_response(self, request, response):
        ....
        common_fields = self.extract_common_fields(response)
        common_fields['name'] = common_fields.get('name', '')
        common_fields['phone'] = common_fields.get('phone', '')
        common_fields['username'] = uid
        ....

我已将用户名设置为从社交平台api获取的用户ID.后来我强迫用户更新其详细信息(用户名,姓名,电话等).

点赞