基于django-oauth-toolkit的统一认证流程（单点登录）

基于django-oauth-toolkit的统一认证流程（单点登录）

这篇文章主要用于django的单点登录认证，django是作为认证服务器而不是转第三方登录;
当然， 结尾的代码也可以用于第三方认证并且django作为请求认证

在users/models.py 写入:

from django.contrib.auth.models import AbstractUser

class User(AbstractUser):
    pass

settings中

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'users',
]

AUTH_USER_MODEL='users.User'

pip install django-oauth-toolkit

settings中

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'users',
    'oauth2_provider',
]

这里如果遇到django-oauth-toolkit安装有问题，可以降低版本安装， 一般1.2版本没什么问题
这里提供一下pip安装的版本作为参考

Django    3.2.2
django-oauth-toolkit    1.2.0    

python manage.py makemigrations
python manage.py migrate

urls.py中

from django.contrib import admin
from django.urls import include, path

urlpatterns = [
    path('admin/', admin.site.urls),
    path('auth/', include('oauth2_provider.urls', namespace='oauth2_provider')),
]

settings中

LOGIN_URL='/admin/login/'

创建超级管理员

python manage.py createsuperuser

Username: wiliam
Email address: [email protected]
Password:
Password (again):
Superuser created successfully.

执行django

python manage.py runserver

打开网址注册需要单点登录的应用

http://127.0.0.1:8000/auth/applications/register/

获取client_id和secret

export ID=4MWIs4sw6DEo0sC6PbbKqJOU4PyY1zIwMGRDvGEf
export SECRET=hRo89PCekK3lV7u5MuWcW0a28LHMWxosLIYittiBSxOz7YrM08zuYSbNK7hnULy9DIS53rzT9XTFWkD1D93r2MhX24cnt9edSphAXsmarHPJyXZ5nWh6xl0JTkSnJb0W

用以下网址进行请求

http://127.0.0.1:8000/auth/authorize/?response_type=code&client_id=4MWIs4sw6DEo0sC6PbbKqJOU4PyY1zIwMGRDvGEf&redirect_uri=http://127.0.0.1:8000

登录成功后就会跳转到上面网址的 redirect_uri

下面是获取access_token

from django.views import View
import requests

class OauthLogin(View):
    def get(self, request):
        code = request.GET.get('code')
        print('code:', code)
        url = 'http://127.0.0.1:8000/auth/token/'
        data = {
            'client_id': '4MWIs4sw6DEo0sC6PbbKqJOU4PyY1zIwMGRDvGEf',
            'client_secret': 'hRo89PCekK3lV7u5MuWcW0a28LHMWxosLIYittiBSxOz7YrM08zuYSbNK7hnULy9DIS53rzT9XTFWkD1D93r2MhX24cnt9edSphAXsmarHPJyXZ5nWh6xl0JTkSnJb0W',
            'code': code,
            'redirect_uri': 'http://127.0.0.1:8000/user/auth_login',
            'grant_type': 'authorization_code',
        }
        headers = {
            'Content-Type': 'application/x-www-form-urlencoded',
        }
        res = requests.post(url, data=data, headers=headers)
        print('res:', res.json())
        

• 基于认证来访问接口的方式
  header中 Authorization 携带上一步中的json参数token_type, access_token

  access_token = res.json().get('access_token')
  token_type = res.json().get('token_type')
  token_header = {
    'Authorization': '{} {}'.format(token_type, access_token)
  }
  res = requests.get('http://127.0.0.1:8000/user/demo/', headers=token_header)
  print('res:', res.text)