如何在 Flask REST API 服务中使用 Keycloak
Anu*_*ary 6 flask flask-restful keycloak
我正在尝试将 Keycloak 实现到我的 Flask Rest 服务,但它总是出现以下错误。
{"error": "invalid_token", "error_description": "需要令牌但无效"}
client_secrets.json
{
"web": {
"issuer": "http://localhost:18080/auth/realms/Dev-Auth",
"auth_uri": "http://localhost:18080/auth/realms/Dev-Auth/protocol/openid-connect/auth",
"client_id": "flask_api",
"client_secret": "0bff8456-9be2-4f82-884e-c7f9bea65bd1",
"redirect_uris": [
"http://localhost:5001/*"
],
"userinfo_uri": "http://localhost:18080/auth/realms/Dev-Auth/protocol/openid-connect/userinfo",
"token_uri": "http://localhost:18080/auth/realms/Dev-Auth/protocol/openid-connect/token",
"token_introspection_uri": "http://localhost:18080/auth/realms/Dev-Auth/protocol/openid-connect/token/introspect",
"bearer_only": "true"
}
}
运行文件
import json
import logging
from flask import Flask, g, jsonify
from flask_oidc import OpenIDConnect
import requests
app = Flask(__name__)
app.config.update({
'SECRET_KEY': 'TESTING-ANURAG',
'TESTING': True,
'DEBUG': True,
'OIDC_CLIENT_SECRETS': 'client_secrets.json',
'OIDC_OPENID_REALM': 'Dev-Auth',
'OIDC_INTROSPECTION_AUTH_METHOD': 'bearer',
'OIDC-SCOPES': ['openid']
})
oidc = OpenIDConnect(app)
@app.route('/api', methods=['GET'])
@oidc.accept_token(require_token=True, scopes_required=['openid'])
def hello_api():
"""OAuth 2.0 protected API endpoint accessible via AccessToken"""
return json.dumps({'hello': 'Welcome %s' % g.oidc_token_info['sub']})
if __name__ == '__main__':
任何人都有一个想法,如果这里有什么问题的话。
我遇到了同样的问题,我(最后 \o/)使它工作。请尝试以下操作:
'OIDC_INTROSPECTION_AUTH_METHOD': 'client_secret_post'
'OIDC_TOKEN_TYPE_HINT': 'access_token'
还要删除所需范围的列表,以避免出现任何可能的错误:
@oidc.accept_token(require_token=True)
| 归档时间: |
|
| 查看次数: |
10324 次 |
| 最近记录: |