时间戳

首页 > 解决方案 > 如何使用 django_oauth_toolkit 从 refresh_token 获取新的 access_token?

python - 如何使用 django_oauth_toolkit 从 refresh_token 获取新的 access_token?

问题描述

我正在使用django-oauth-toolkit版本1.1.2来获取 access_token,如下所示:-

Reauest:-

POST http://localhost:8597/login

{
    "application_id": "cuOt3raxH9ClbCrbbgP68iU6ssfO2N78TplxwlMq",
    "username": "test@gmail.com",
    "password": "test",
    "grant_type": "password"
}

Response:-

{
    "type": "success",
    "shortDescription": "User Logged in",
    "longDescription": "User logged in successfully",
    "success": "User Logged in",
    "success_message": "User logged in successfully",
    "data": {
        "access_token": "RXMXGNl2HqYJMVkCBkrrMU5aYFS8uU",
        "expires_in": 31536000,
        "token_type": "Bearer",
        "scope": "read write",
        "refresh_token": "wsLetw7c2Q56k07XoisWkEa7SYxORb",
        "user": {
            "id": "c7d9f8ee-5e87-4a70-9c07-6a2e8c13a50a",
            "created_at": "2019-11-21T16:55:45.817324+05:30",
            "email": "test@gmail.com",
            "first_name": "Test",
            "last_name": "User",
            "is_deleted": false,
            "is_email_verified": true,
            "last_login": "2020-02-19T11:17:24.656615+05:30",
            "landline_country_code": "us",
            "landline_number": "3242343434",
            "mobile_country_code": "us",
            "mobile_number": "34234234324",
            "role": "USER",
            "designation": "software engineer",
            "is_active": true,
        },
}

现在我想使用这个'refresh_token'来获取新的access_token,我提出以下请求:-

Request:-

POST http://localhost:8597/o/token/

{
    "grant_type": "refresh_token",
    "client_id": "sHPPirW86SuOwDOfhxmag1fZ9oRCpHFS24wrZj00",
    "refresh_token":"wsLetw7c2Q56k07XoisWkEa7SYxORb"
}

Response:-

{
    "error": "invalid_grant"
}

这个请求有问题,你能指导我如何解决吗?谢谢。

标签: pythondjango-rest-frameworkdjango-oauthdjango-oauth-toolkit

解决方案

请求看起来没问题。但请注意,当令牌无效时,我们也会收到相同invalid_grant的错误。由于工具包默认使用刷新令牌轮换,这也包括刷新令牌已被使用的情况,导致相同的请求第一次工作,然后invalid_grant在所有后续尝试中失败并出现错误,我怀疑这可能是您的要求的情况。

此外,您可能还想检查请求中使用的特定令牌的刷新令牌对象,看看它是否已经被撤销。

推荐阅读