3
Je suis confus. J'utilise la configuration de Django pour python-social-auth (spefically social-auth-app-django v1.2.0) pour que l'authentification backend de Google+ fonctionne.Erreur 403 parce que `id_token` étant utilisé comme` access_token` dans Django + python-social-app
Je reçois cette erreur:
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://www.googleapis.com/plus/v1/people/me?access_token=XYZ123&alt=json
auth sociale semble passer le access_token mais je param ne sais pas pourquoi depuis le docs disent passer au back-end du id_token. J'ai vérifié que ce que je reçois est un id_token valide en utilisant ce lien: https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
Aussi, je vérifie qu'il est pas valide access_token en utilisant ce lien: https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=XYZ123
Je veux dire, je suis ce que le python-social-apps docs et google docs me dit de faire, et c'est de passer id_token au backend. Voici mon code js:
<script src="https://apis.google.com/js/api:client.js"></script>
<script>
var googleUser = {};
var startApp = function() {
gapi.load('auth2', function() {
// Retrieve the singleton for the GoogleAuth library and set up the client.
auth2 = gapi.auth2.init({
client_id: '{{ google_plus_id }}',
cookiepolicy: 'single_host_origin',
// Request scopes in addition to 'profile' and 'email'
scope: '{{ google_plus_scope }}',
});
attachSignin(document.getElementById('google-plus-button'));
});
};
function attachSignin(element) {
console.log(element.id);
auth2.attachClickHandler(element, {},
function(googleUser) {
var authResponse = googleUser.getAuthResponse();
var $form;
var $input;
$form = $("<form>");
$form.attr("action", "/complete/google-plus/");
$form.attr("method", "post");
$input = $("<input>");
$input.attr("name", "id_token");
$input.attr("value", authResponse.id_token);
console.log("ID Token: " + authResponse.id_token);
$form.append($input);
$(document.body).append($form);
$form.submit();
},
function(error) {
alert(JSON.stringify(error, undefined, 2));
});
}
</script>
<script>
startApp();
</script>
Voici mes paramètres:
AUTHENTICATION_BACKENDS = (
...
'social_core.backends.google.GooglePlusAuth',
..
)
SOCIAL_AUTH_GOOGLE_PLUS_KEY = 'blahblah.apps.googleusercontent.com'
SOCIAL_AUTH_GOOGLE_PLUS_SECRET = 'shhhsecret'
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = []
SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [
"email",
"profile"
]
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.user.create_user',
# 'apps.django_social_app.pipeline.save_profile',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
'social.pipeline.debug.debug', # uncomment to print debug
)
Voici la trace complète:
Traceback (most recent call last):
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/contrib/staticfiles/handlers.py", line 63, in __call__
return self.application(environ, start_response)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/core/handlers/wsgi.py", line 189, in __call__
response = self.get_response(request)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/core/handlers/base.py", line 218, in get_response
response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/core/handlers/base.py", line 261, in handle_uncaught_exception
return debug.technical_500_response(request, *exc_info)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django_extensions/management/technical_response.py", line 6, in null_technical_500_response
six.reraise(exc_type, exc_value, tb)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/six.py", line 686, in reraise
raise value
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/core/handlers/base.py", line 132, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/views/decorators/cache.py", line 57, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
return view_func(*args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_django/utils.py", line 50, in wrapper
return func(request, backend, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_django/views.py", line 32, in complete
redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/actions.py", line 41, in do_complete
user = backend.complete(user=user, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/base.py", line 39, in complete
return self.auth_complete(*args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/utils.py", line 252, in wrapper
return func(*args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/google.py", line 144, in auth_complete
return self.do_auth(token, response=response, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/utils.py", line 252, in wrapper
return func(*args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/oauth.py", line 403, in do_auth
data = self.user_data(access_token, *args, **kwargs)
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/google.py", line 59, in user_data
'alt': 'json'
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/base.py", line 227, in get_json
return self.request(url, *args, **kwargs).json()
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/social_core/backends/base.py", line 223, in request
response.raise_for_status()
File "/Users/paul/.pyenv/versions/dj-viewflow/lib/python3.4/site-packages/requests/models.py", line 929, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://www.googleapis.com/plus/v1/people/me?alt=json&access_token=XYZ123
Qu'est-ce que je fais mal? Aidez-moi. :)
Mise à jour: Cela semble être une question ouverte dans le repo social-core
https://github.com/python-social-auth/social-core/issues/61
Cela ne résout pas vraiment mon problème, car contrairement à la solution dans ce lien ci-dessus, je dois l'utilisateur données parce que je dois enregistrer cela dans ma base de données.
Mise à jour 2: Cela pourrait être le coupable car il passe passe le id_token dans le paramètre access_token:
https://github.com/python-social-auth/social-core/commit/3b496bacef62d12dc1439431b64ed24e252f7a9a
Supprimer cette 2 lignes et vérifier une fois SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [] SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [ "email", "profil" ] – Exprator
et avez-vous permis google plus api dans la console? – Exprator
J'ai supprimé ces lignes et j'ai vérifié que l'API Google+ est activée, mais la même erreur persiste. Merci d'avoir essayé. – Paul