I have read part of the documentation of Authlib and the example multiple times, I also have read articles about the concept of Auth 2.0, but I can't figure out how to do it. I want my user to make login (Using username and password) and then my application to return a token. After that the user can use the private resources @require_oauth('profile').
My client :
*************************** 1. row ***************************
client_id: wmahDfsran1jk6CaH1knpi3n
client_secret: mnr4j15pZurBPYHq4KW4LY8HC7pS4TwjzMlJAUGmo7Bpy5gP
issued_at: 1531271519
expires_at: 0
redirect_uri: http://127.0.0.1:5000/oauth/token
token_endpoint_auth_method: client_secret_basic
grant_type: authorization_code password
response_type: code
scope: profile
client_name: client_test
client_uri: http://127.0.0.1:5000/
logo_uri: NULL
contact: NULL
tos_uri: NULL
policy_uri: NULL
jwks_uri: NULL
jwks_text: NULL
i18n_metadata: NULL
software_id: NULL
software_version: NULL
id: 2
user_id: 1
My POST request (Using Postman):
http://127.0.0.1:5000/oauth/authorize?response_type=code&client_id=wmahDfsran1jk6CaH1knpi3n
The error after make the request :
{
"error": "invalid_grant"
}
Authorize :
@routes.route('/oauth/authorize', methods=['GET', 'POST'])
def authorize():
user = current_user()
try:
grant = authorization.validate_consent_request(end_user=user)
except OAuth2Error as error:
return error.error
return authorization.create_authorization_response(grant_user=user)
Token :
@routes.route('/oauth/token', methods=['POST', 'GET'])
def issue_token():
return authorization.create_token_response()
Profile :
@routes.route('/resource/profile', methods=['GET', 'POST'])
@require_oauth('profile')
def profile():
user = current_user()
return jsonify(id=user.id, username=user.username, secret=user.secret, client_id=user.client_id)
The token continues the same of the Auth Example.
If I try to access /resource/profile without a token / autorização :
{"error": "missing_authorization", "error_description": "Missing \"Authorization\" in headers."}
How can I fix it ?
Obs : After I fixed up this, how can I get the Auth Token and send on header to /resource/profile ?
Another references : Authorize access to Azure Active Directory web applications using the OAuth 2.0 code grant flow, OAuth 2.0: An Overview, invalid_grant trying to get oAuth token from google Ask, Circumstances of the “invalid_grant” error when refreshing an access token? , Authorization Code Grant return invalid_grant ...
I want my user to make login (Using username and password) and then my application to return a token
In this case, what you need is a grant_type=password flow, which can be found at https://docs.authlib.org/en/latest/flask/oauth2.html#resource-owner-password-credentials-grant
Understand how it works at: https://www.rfc-editor.org/rfc/rfc6749#section-4.3