OAuth2 授权类型 - 授权码 (python)

Posted 2023-04-12

【中文标题】OAuth2 授权类型 - 授权码 (python)

【英文标题】：OAuth2 Grant Type - authorization code (python)

【发布时间】：2021-04-24 09:00:53

【问题描述】：

我正在尝试弄清楚如何让 Oauth 2 在我的 python 代码中工作。

import requests, json
import webbrowser

authorize_url = "https://tcfhirsandbox.com.au/oauth2/authorize"
token_url = "https://tcfhirsandbox.com.au/oauth2/token"
state = 'asdasdasdasdasdas'
scope = 'noscope'
callback_uri = "x-argonaut-app://HealthProviderLogin/"
test_api_url = "https://tcfhirsandbox.com.au/fhir/dstu2/Patient?identifier=RN000000200"
client_id = '6A605kYem9GmG38Vo6TTzh8IFnjWHZWtRn46K1hoxQ'
client_secret = 'POrisHrcdMvUKmaR6Cea0b8jtx-z4ewVWrnaIXASO-H3tB3g5MgPV7Vqty7OP8aEbSGENWRMkeVKZDdG7Pw'

authorization_redirect_url = authorize_url + '?response_type=code&state=' + state + '&client_id=' + client_id + '&scope='+scope+'&redirect_uri=' + callback_uri
webbrowser.open(authorization_redirect_url)

authorization_code = input("Code:")
data = 'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': callback_uri
access_token_response = requests.post(token_url, data=data, verify=True, allow_redirects=True, auth=(client_id, client_secret))
tokens = json.loads(access_token_response.text)
access_token = tokens['access_token']

api_call_headers = 'Authorization': 'Bearer ' + access_token
api_call_response = requests.get(test_api_url, headers=api_call_headers, verify=True)

print(api_call_response.status_code)
print (api_call_response.text)

这里的问题是我必须从授权 URL 手动输入代码。我想自动化它！ 谢谢，

22/01/2021|09:54 上午

试过了

import requests, json
rom bs4 import BeautifulSoup
import mechanize

authorize_url = "https://tcfhirsandbox.com.au/oauth2/authorize"
token_url = "https://tcfhirsandbox.com.au/oauth2/token"
state = 'asdasdasdasdasdas'
scope = 'noscope'
callback_uri = "x-argonaut-app://HealthProviderLogin/"
test_api_url = "https://tcfhirsandbox.com.au/fhir/dstu2/Patient?identifier=RN000000200"
client_id = '6A605kYem9GmG38Vo6TTzh8IFnjWHZWtRn46K1hoxQ'
client_secret = 'POrisHrcdMvUKmaR6Cea0b8jtx-z4ewVWrnaIXASO-H3tB3g5MgPV7Vqty7OP8aEbSGENWRMkeVKZDdG7Pw'

 
OAuth_url = authorize_url + '?response_type=code&state=' + state + '&client_id=' + client_id + '&scope='+scope+'&redirect_uri=' + callback_uri
 
br = mechanize.Browser()
br.open(OAuth_url)
br.select_form(nr=0)
br.form['Username'] = 'my_username'
br.form['Password'] = 'my_password'
r = br.submit()
#print(r.read())
resp = r.read()
br.select_form(nr=0)
ac = br.form.click(name = 'Accept')
 
soup = BeautifulSoup(resp)
print(soup)
print(ac)
auth_code = str(ac)
code_list = auth_code.split("=")
cd_lst = code_list[1].split("&")
authorization_code = str(cd_lst[0])
print(authorization_code)
 
data = 'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': callback_uri
access_token_response = requests.post(token_url, data=data, verify=True, allow_redirects=True, auth=(client_id, client_secret))
 
print(access_token_response.status_code)
tokens = json.loads(access_token_response.text)
access_token = tokens['access_token']
 
print(access_token)

我想我已经很接近了，但仍然无法正常工作。 它给出了错误的请求（错误代码：400）作为响应。

如果有人能提供帮助，那就太好了。谢谢

【问题讨论】：

除非您将此作为学习练习，否则请考虑使用 SMART on FHIR 客户端 python 库：github.com/smart-on-fhir/client-py

【参考方案1】：

TL;DR 您收到 400 BAD_REQUEST，因为 OAuth_url 构造不正确。试试：

https://tcfhirsandbox.com.au/oauth2/authorize?
response_type=code&
state=asdasdasdasdasdas&client_id=6A605kYem9GmG38Vo6TTzh8IFnjWHZWtRn46K1hoxQ&
redirect_uri=x-argonaut-app://HealthProviderLogin/
scope=launch%2Fpatient+openid+fhirUser+patient%2F%2A.read&
aud=https://tcfhirsandbox.com.au/

---

您提供的参考服务器的基本 URL (https://tcfhirsandbox.com.au) 无法解析。

所以我将演示如何使用另一个参考服务器。

能力声明：https://inferno.healthit.gov/reference-server/r4/metadata?_format=json 智能配置：https://inferno.healthit.gov/reference-server/r4/.well-known/smart-configuration.json

你构建的OAuth_url：

https://tcfhirsandbox.com.au/oauth2/authorize?
response_type=code&
state=asdasdasdasdasdas&client_id=6A605kYem9GmG38Vo6TTzh8IFnjWHZWtRn46K1hoxQ&
redirect_uri=x-argonaut-app://HealthProviderLogin/
scope=noscope&

使用参考服务器 [^1] 的工作 OAuth_url：

https://inferno.healthit.gov/reference-server/oauth/authorization?
response_type=code&
state=ad6458f9-240a-42b7-b314-05d0c3b2c7c9&
client_id=SAMPLE_CONFIDENTIAL_CLIENT_ID&
redirect_uri=https%3A%2F%2Finferno.healthit.gov%2Finferno%2Foauth2%2Fstatic%2F
redirect&
scope=launch%2Fpatient+openid+fhirUser+patient%2F%2A.read&
aud=https%3A%2F%2Finferno.healthit.gov%2Freference-server%2Fr4

您将看到您构建的请求和引用的请求之间存在两个差异，其中之一可能导致 400 BAD_REQUEST：

范围（noscope 不是 FHIR 范围 [^2] 上的有效 SMART，这将导致大多数服务器出错） aud（您未包含aud 查询参数，该参数将用作您将获得的 access_token jwt 中的声明）

[^1] 使用 Inferno 测试构造：https://inferno.healthit.gov/inferno/5g6OuEGN4hM/test_sets/test_procedure/

[^2] 直接链接到 FHIR 范围上支持的 SMART：http://hl7.org/fhir/smart-app-launch/scopes-and-launch-context/index.html#quick-start