Flask-OAuthlib是OAuthlib的Flask扩展实现,
项目地址:
https://github.com/lepture/flask-oauthlib
主要特性:
- 支持OAuth 1.0a, 1.0, 1.1, OAuth2客户端
- 友好的API(和Flask-OAuth一样)
- 与Flask直接整合
- 等等……
Flask-OAuthlib提供了多个开放平台的示例代码,比如Google, Facebook, Twiter, Github, Dropbox, 豆瓣, 微博等,只是暂时没有QQ登录的示例代码。
QQ OAuth登录示例
下面是QQ登录的代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
import os
import json
from flask import Flask, redirect, url_for, session, request, jsonify, Markup
from flask_oauthlib.client import OAuth
QQ_APP_ID = os.getenv( 'QQ_APP_ID' , '101187283' )
QQ_APP_KEY = os.getenv( 'QQ_APP_KEY' , '993983549da49e384d03adfead8b2489' )
app = Flask(__name__)
app.debug = True
app.secret_key = 'development'
oauth = OAuth(app)
qq = oauth.remote_app(
'qq' ,
consumer_key = QQ_APP_ID,
consumer_secret = QQ_APP_KEY,
base_url = 'https://graph.qq.com' ,
request_token_url = None ,
request_token_params = { 'scope' : 'get_user_info' },
access_token_url = '/oauth2.0/token' ,
authorize_url = '/oauth2.0/authorize' ,
)
def json_to_dict(x):
'''OAuthResponse class can't not parse the JSON data with content-type
text/html, so we need reload the JSON data manually'''
if x.find( 'callback' ) > - 1 :
pos_lb = x.find( '{' )
pos_rb = x.find( '}' )
x = x[pos_lb:pos_rb + 1 ]
try :
return json.loads(x, encoding = 'utf-8' )
except :
return x
def update_qq_api_request_data(data = {}):
'''Update some required parameters for OAuth2.0 API calls'''
defaults = {
'openid' : session.get( 'qq_openid' ),
'access_token' : session.get( 'qq_token' )[ 0 ],
'oauth_consumer_key' : QQ_APP_ID,
}
defaults.update(data)
return defaults
@app .route( '/' )
def index():
'''just for verify website owner here.'''
return Markup( '''<meta property="qc:admins" '''
'''content="226526754150631611006375" />''' )
@app .route( '/user_info' )
def get_user_info():
if 'qq_token' in session:
data = update_qq_api_request_data()
resp = qq.get( '/user/get_user_info' , data = data)
return jsonify(status = resp.status, data = resp.data)
return redirect(url_for( 'login' ))
@app .route( '/login' )
def login():
return qq.authorize(callback = url_for( 'authorized' , _external = True ))
@app .route( '/logout' )
def logout():
session.pop( 'qq_token' , None )
return redirect(url_for( 'get_user_info' ))
@app .route( '/login/authorized' )
def authorized():
resp = qq.authorized_response()
if resp is None :
return 'Access denied: reason=%s error=%s' % (
request.args[ 'error_reason' ],
request.args[ 'error_description' ]
)
session[ 'qq_token' ] = (resp[ 'access_token' ], '')
# Get openid via access_token, openid and access_token are needed for API calls
resp = qq.get( '/oauth2.0/me' , { 'access_token' : session[ 'qq_token' ][ 0 ]})
resp = json_to_dict(resp.data)
if isinstance (resp, dict ):
session[ 'qq_openid' ] = resp.get( 'openid' )
return redirect(url_for( 'get_user_info' ))
@qq .tokengetter
def get_qq_oauth_token():
return session.get( 'qq_token' )
if __name__ = = '__main__' :
app.run()
|
主要流程:
- 访问QQ互联网站 http://connect.qq.com/ 注册成为开发者,并申请应用,申请应用时需要验证网站所有权;
- 应用申请好之后,把QQ_APP_ID和QQ_APP_KEY替换为你的应用的;
- 访问/login,然后会跳转到QQ的授权验证网页;
- QQ验证通过之后,会跳转回到/login/authorized,并获取access_token;
- 得到access_token之后,通过access_token获取openid,access_token和openid是后期调用其它API的必要参数;
- 跳转到/user_info,获取并显示登录用户的基本信息。
更多信息请参阅Flask-OAuthlib文档和QQ互联文档:
https://flask-oauthlib.readthedocs.org/
http://wiki.connect.qq.com/
关于SAE平台的特别说明
在SAE平台上,授权过程没有任何问题,当获取到access_token之后,调用API时,会在请求时(比如get, put)附加类似如下的请求头:
1
|
headers = {u'Authorization': u'Bearer 83F40E96FB6882686F4DF1E17105D04E'}
|
这个请求头会引发HTTPError: HTTP Error 400: Bad request,造成请求失败。解决的办法是把键名转换成str类型,Hack代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
|
def convert_keys_to_string(dictionary):
"""Recursively converts dictionary keys to strings."""
if not isinstance (dictionary, dict ):
return dictionary
return dict (( str (k), convert_keys_to_string(v))
for k, v in dictionary.items())
def change_qq_header(uri, headers, body):
headers = convert_keys_to_string(headers)
return uri, headers, body
qq.pre_request = change_qq_header
|
当项目部署在SAE平台时,将这段代码放在if __name__ == '__main__'语句之前即可。
小结
OAuth2登录验证还是比较容易的,绝大多数的平台都支持标准的协议,使用通用的库可以简化开发流程。另外,QQ登录的代码已经提交到Flask-OAuthlib代码库了。