我正在尝试使用提供程序Bitbucket上的Auth0刷新令牌来获取新的访问令牌。根据Bitbucket文档,刷新令牌以及客户端client_id和secret用于获得新的访问令牌。
curl -X POST -u "client_id:secret"
https://bitbucket.org/site/oauth2/access_token
-d grant_type=refresh_token -d refresh_token={refresh_token}
但我似乎应该使用Auth0作为代理。在Auth0文档中,它说要使用刷新令牌(特定于用户(以及我的Auth0域和Auth0客户端id。将我的Auth0凭据与Bitbucket用户的刷新令牌混合似乎有点奇怪。
https://auth0.com/docs/tokens/concepts/idp-access-tokens?_ga=2.56840622.505323938.1583403242-2086121138.1583403242#续订代币
这是我的流程:
(1( 设置AUTH0客户端信息
- 设置auth0客户端id
- 设置auth0客户端机密
- 设置auth0域
- 检索auth0客户端令牌
(2(获取初始用户信息
在端点获取用户信息:
https://<auth0_domain>.auth0.com/api/v2/users/<user_id>
- 这将包含用户的访问令牌
- 这还将包含"用户"的刷新令牌,而不是AUTH0客户端(我想是?(
(3(尝试从刷新令牌中获取访问令牌
使用刷新令牌在此处获取访问令牌:
https://<auth0_domain>.auth0.com/oauth/token
值得注意的是,刷新令牌是为用户提供的,但客户端信息来自AUTH0客户端-这对我来说没有意义。这会导致此错误。
{u'error_description': u'Unauthorized', u'error': u'access_denied'}
它基本上失败了:
payload = { "client_id": self.auth0_client_id,
"client_secret": self.auth0_client_secret,
"refresh_token": kwargs["refresh_token"].decode("utf-8"),
"grant_type": "refresh_token" }
_endpt = 'https://{}.auth0.com/oauth/token'.format(self.auth0_domain)
headers = {'content-type': 'application/json'}
req = requests.post(_endpt,
data=json.dumps(payload),
headers=headers)
下面是python中我的类的全部代码。
#!/usr/bin/env python
import json
import os
import requests
import logging
class Auth0Client(object):
def __init__(self,**kwargs):
self.classname = "Auth0Client"
self.logger.logging.basicConfig(level=logging.INFO)
# (1) set AUTH0 client info
self.auth0_client_id = os.environ["AUTH0_CLIENT_ID"]
self.auth0_client_secret = os.environ["AUTH0_CLIENT_SECRET"]
self.auth0_domain = os.environ["AUTH0_DOMAIN"]
self._set_auth0_client_token()
def _set_auth0_client_token(self):
payload = { "client_id": self.auth0_client_id,
"client_secret": self.auth0_client_secret,
"audience": "https://{}.auth0.com/api/v2/".format(self.auth0_domain),
"grant_type": "client_credentials" }
api_endpoint = 'https://{}.auth0.com/oauth/token'.format(self.auth0_domain)
req = requests.post(api_endpoint,
data=json.dumps(payload),
headers={'content-type': 'application/json'})
self.auth0_client_token = req.json()["access_token"].decode("utf-8")
def _get_userinfo_frm_auth0(self,user):
endpoint = "https://{}.auth0.com/api/v2/users/{}".format(self.auth0_domain,user)
headers = {'Authorization': 'Bearer %s' % self.auth0_client_token}
req = requests.get(endpoint,headers=headers)
return req.json()
def _get_user_access_token_with_refresh(self,**kwargs):
payload = { "client_id": self.auth0_client_id,
"client_secret": self.auth0_client_secret,
"refresh_token": kwargs["refresh_token"].decode("utf-8"),
"grant_type": "refresh_token" }
_endpt = 'https://{}.auth0.com/oauth/token'.format(self.auth0_domain)
headers = {'content-type': 'application/json'}
req = requests.post(_endpt,
data=json.dumps(payload),
headers=headers)
return req.json()["access_token"].decode("utf-8")
def get_user_access_token(self,user):
# (2) get initial user info
user_info = self._get_userinfo_frm_auth0(user)
if str(user_info["identities"][0]["provider"]) == "bitbucket":
# (3) try to get access token from refresh token
user_token = self._get_user_access_token_with_refresh(user=user,**user_info["identities"][0])
else:
user_token = user_info["identities"][0]["access_token"].decode("utf-8")
return user_token
我在auth0社区的帮助下找到了它。如果有什么需要的话,我在这里发布了解决方案和流程:
https://github.com/gear2000/auth0-bitbucket