所以我尝试调用一个只在文档中提供令牌网址的API。为此,我想使用python请求包中的OAuthlib。当我查看他们的文档时,他们给出了这个例子:
# Credentials you get from registering a new application
client_id = '<the id you get from github>'
client_secret = '<the secret you get from github>'
# OAuth endpoints given in the GitHub API documentation
authorization_base_url = 'https://github.com/login/oauth/authorize'
token_url = 'https://github.com/login/oauth/access_token'
from requests_oauthlib import OAuth2Session
github = OAuth2Session(client_id)
# Redirect user to GitHub for authorization
authorization_url, state = github.authorization_url(authorization_base_url)
print ('Please go here and authorize,', authorization_url)
# Get the authorization verifier code from the callback url
redirect_response = input('Paste the full redirect URL here:')
# Fetch the access token
github.fetch_token(token_url, client_secret=client_secret,
authorization_response=redirect_response)
# Fetch a protected resource, i.e. user profile
r = github.get('https://api.github.com/user')
print (r.content)
但在 API 文档中,该服务仅提供令牌 URL。它给出了这个 Http BodyPOST示例:
Method: POST
Host: https://login.bol.com/token
Content-Type: application/x-www-form-urlencoded
Accept: application/json
Body: client_id=oRNWbHFXtAECmhnZmEndcjLIaSKbRMVE&client_secret= MaQHPOnmYkPZNgeRziPnQyyOJYytUbcFBVJBvbMKoDdpPqaZbaOiLUTWzPAkpPsZFZbJHrcoltdgpZolyNcgvvBaKcmkqFjucFzXhDONTsPAtHHyccQlLUZpkOuywMiOycDWcCySFsgpDiyGnCWCZJkNTtVdPxbSUTWVIFQiUxaPDYDXRQAVVTbSVZArAZkaLDLOoOvPzxSdhnkkJWzlQDkqsXNKfAIgAldrmyfROSyCGMCfvzdQdUQEaYZTPEoA&grant_type=client_credentials
或者这个 HTTP 标头POST示例:
Method: POST
Host: https://login.bol.com/token?grant_type=client_credentials
Accept: application/json
Authorization: Basic <credentials>
其中<credentials>是<client_id>:<client_secret>的串联。
如何通过此 API 使用请求 OAuthlib?因为 API 文档没有声明任何授权基础 URL。
我认为您可以提供这样的<client_id>:<client_secret>:
from oauthlib.oauth2 import BackendApplicationClient
client = BackendApplicationClient(client_id=client_id)
oauth = OAuth2Session(client=client)
token = oauth.fetch_token(token_url='https://provider.com/oauth2/token', client_id=client_id,
client_secret=client_secret)
看到这里
@LinPy提供的链接很好,但有时您需要配置标题和正文等链接对您没有帮助的东西。
这就是我发现可以自定义身份验证、标头和正文的方式。
from requests_oauthlib import OAuth2Session
from oauthlib.oauth2 import WebApplicationClient, BackendApplicationClient
from requests.auth import HTTPBasicAuth
client_id = CLIENT_ID
client_secret = CLIENT_SECRET
authorization_base_url = AUTHORIZE_URI
token_url = TOKEN_URI
redirect_uri = REDIRECT_URI
auth = HTTPBasicAuth(client_id, client_secret)
scope = SCOPE
header = {
'User-Agent': 'myapplication/0.0.1',
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'application/json',
}
# Create the Authorization URI
# Not included here but store the state in a safe place for later
the_first_session = OAuth2Session(client_id=client_id, redirect_uri=redirect_uri, scope=scope)
authorization_url, state = the_first_session.authorization_url(authorization_base_url)
# Browse to the Authorization URI
# Login and Auth with the OAuth provider
# Now to respond to the callback
the_second_session = OAuth2Session(client_id, state=state)
body = 'grant_type=authorization_code&code=%s&redirect_uri=%s&scope=%s' % (request.GET.get('code'), redirect_uri, scope)
token = the_second_session.fetch_token(token_url, code=request.GET.get('code'), auth=auth, header=header, body=body)