python - 尝试从 Django 视图将 OAuth2 与 Google 表格一起使用时出现错误 400:redirect_uri_mismatch
问题描述
我正在尝试从 Django 视图连接到 Google Sheets 的 API。我从这个链接中获取的大部分代码: https ://developers.google.com/sheets/api/quickstart/python
无论如何,这里是代码:
sheet.py(从上面的链接复制粘贴,函数重命名)
from __future__ import print_function
import pickle
import os.path
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
# If modifying these scopes, delete the file token.pickle.
SCOPES = ['https://www.googleapis.com/auth/spreadsheets.readonly']
# The ID and range of a sample spreadsheet.
SAMPLE_SPREADSHEET_ID = '1BxiMVs0XRA5nFMdKvBdBZjgmUUqptlbs74OgvE2upms'
SAMPLE_RANGE_NAME = 'Class Data!A2:E'
def test():
"""Shows basic usage of the Sheets API.
Prints values from a sample spreadsheet.
"""
creds = None
# The file token.pickle stores the user's access and refresh tokens, and is
# created automatically when the authorization flow completes for the first
# time.
if os.path.exists('token.pickle'):
with open('token.pickle', 'rb') as token:
creds = pickle.load(token)
# If there are no (valid) credentials available, let the user log in.
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request())
else:
flow = InstalledAppFlow.from_client_secrets_file(
'credentials.json', SCOPES)
creds = flow.run_local_server(port=0)
# Save the credentials for the next run
with open('token.pickle', 'wb') as token:
pickle.dump(creds, token)
service = build('sheets', 'v4', credentials=creds)
# Call the Sheets API
sheet = service.spreadsheets()
result = sheet.values().get(spreadsheetId=SAMPLE_SPREADSHEET_ID,
range=SAMPLE_RANGE_NAME).execute()
values = result.get('values', [])
if not values:
print('No data found.')
else:
print('Name, Major:')
for row in values:
# Print columns A and E, which correspond to indices 0 and 4.
print('%s, %s' % (row[0], row[4]))
网址.py
urlpatterns = [
path('', views.index, name='index')
]
视图.py
from django.http import HttpResponse
from django.shortcuts import render
from .sheets import test
# Views
def index(request):
test()
return HttpResponse('Hello world')
视图函数所做的只是调用sheet.py模块中的test()
方法。无论如何,当我运行我的服务器并访问 URL 时,会为 Google oAuth2 打开另一个选项卡,这意味着检测到凭据文件和所有内容。但是,在此选项卡中,Google 会显示以下错误消息:
Error 400: redirect_uri_mismatch The redirect URI in the request, http://localhost:65262/, does not match the ones authorized for the OAuth client.
在我的 API 控制台中,我将回调 URL 设置为完全127.0.0.1:8000
匹配我的 Django 的视图 URL。我什至不知道http://localhost:65262/
URL 来自哪里。解决这个问题有什么帮助吗?有人可以向我解释为什么会这样吗?提前致谢。
编辑
我试图删除port=0
评论中提到的流方法,然后出现 URL 不匹配http://localhost:8080/
,这又很奇怪,因为我的 Django 应用程序正在8000
端口中运行。
解决方案
除非您不打算部署代码,否则不应使用Flow.run_local_server() 。这是因为run_local_server
在服务器上启动浏览器以完成流程。
如果您正在为自己在本地开发项目,这很好用。
如果您打算使用本地服务器来协商 OAuth 流程。您的机密中配置的重定向 URI 必须匹配,主机的本地服务器默认值为localhost
,端口为8080
。
如果您希望部署代码,则必须通过用户浏览器、您的服务器和 Google 之间的交换来执行流程。
由于您已经有一个 Django 服务器正在运行,您可以使用它来协商流程。
例如,
假设 Django 项目中有一个 tweets 应用程序,其urls.py
模块如下。
from django.urls import path, include
from . import views
urlpatterns = [
path('google_oauth', views.google_oath, name='google_oauth'),
path('hello', views.say_hello, name='hello'),
]
urls = include(urlpatterns)
您可以为需要凭据的视图实施保护,如下所示。
import functools
import json
import urllib
from google.oauth2.credentials import Credentials
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from django.shortcuts import redirect
from django.http import HttpResponse
SCOPES = ['https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile', 'openid']
def provides_credentials(func):
@functools.wraps(func)
def wraps(request):
# If OAuth redirect response, get credentials
flow = InstalledAppFlow.from_client_secrets_file(
'credentials.json', SCOPES,
redirect_uri="http://localhost:8000/tweet/hello")
existing_state = request.GET.get('state', None)
current_path = request.path
if existing_state:
secure_uri = request.build_absolute_uri(
).replace('http', 'https')
location_path = urllib.parse.urlparse(existing_state).path
flow.fetch_token(
authorization_response=secure_uri,
state=existing_state
)
request.session['credentials'] = flow.credentials.to_json()
if location_path == current_path:
return func(request, flow.credentials)
# Head back to location stored in state when
# it is different from the configured redirect uri
return redirect(existing_state)
# Otherwise, retrieve credential from request session.
stored_credentials = request.session.get('credentials', None)
if not stored_credentials:
# It's strongly recommended to encrypt state.
# location is needed in state to remember it.
location = request.build_absolute_uri()
# Commence OAuth dance.
auth_url, _ = flow.authorization_url(state=location)
return redirect(auth_url)
# Hydrate stored credentials.
credentials = Credentials(**json.loads(stored_credentials))
# If credential is expired, refresh it.
if credentials.expired and creds.refresh_token:
creds.refresh(Request())
# Store JSON representation of credentials in session.
request.session['credentials'] = credentials.to_json()
return func(request, credentials=credentials)
return wraps
@provides_credentials
def google_oauth(request, credentials):
return HttpResponse('Google OAUTH <a href="/tweet/hello">Say Hello</a>')
@provides_credentials
def say_hello(request, credentials):
# Use credentials for whatever
return HttpResponse('Hello')
请注意,这只是一个示例。如果您决定走这条路,我建议您考虑将 OAuth 流提取到它自己的 Django 应用程序中。
推荐阅读
- mysql - 寻求格式化 MySQL 数据的声明,以从工作历史记录中显示每年的员工人数
- html - 当挂钩 div 被 ngIf 淘汰时,我必须在 div 上使用唯一的 html id,为什么
- java - 在空对象上调用 findViewById。哪个不为空
- javascript - 在 css 可见性更改上触发 javascript
- sql - 使用带有 Talend 的 tDBinput 选择 globalmap 给出错误:无效的字符常量
- mysql - 字符串字段与多个 int/varchar 字段的 SQL 性能
- django - 如何在 Django 1.11 的迁移中删除内容类型?
- java - Activiti 7.1.0 流程图未保存在数据库中
- pandas - 一旦列从假变为真,计算差异
- pyspark - 调用 o79.getDynamicFrame 时出错。[Amazon](500310) 无效操作:“s_next_of_kin”处或附近的语法错误