Oauth2.0认证 + 微博三方登陆
Oauth2.0授权认证
oauth2.0是什么?
-
-
授权码授权模式(Authorization code Grant)
-
密码模式(Resource Owner Password Credentials Grant)
-
客户端凭证模式(Client Credentials Grant)
1.创建应用(syl/apps)
pyhton ../manage.py startapp oauth
2.在syl/setting.py里面配置
INSTALLED_APPS = [ 'oauth', ] WEIBO_APP_KEY = '3909184723' WEIBO_APP_SECRET = 'd4ca62c699779f0f91bd00c7e7c1197f' WEIBO_CALL_BACK = 'http://127.0.0.1:8888/oauth/callback/' # 回调路由
3.apps下oauth/views.py
from urllib.parse import urlencode import requests from django.contrib.auth.hashers import make_password from rest_framework.response import Response from rest_framework.views import APIView from oauth.models import WbUser from user.models import User from user.views import jwt_response_payload_handler from rest_framework_jwt.serializers import * class WBUrl(APIView): def post(self, request): url = 'https://api.weibo.com/oauth2/authorize?' # 微博授权的url地址 data = { 'client_id': '3223679452', # WEIBO_APP_KEY, 'response_type': 'code', 'redirect_uri': 'http://127.0.0.1:8888/oauth/callback/', # VUE的回调, 微博后台授权的回调地址 } # 拼接微博授权路由url weibo_url = url + urlencode(data) return Response({'code': '0', 'msg': '成功', 'data': {'url': weibo_url}}) class WBCallBack(APIView): # 自定义权限类 # permission_classes = (AllowAny,) def post(self, request): # 接收vue端传过来的code( 微博的用户code) # 1.使用微博用户code+微博开发者账号信息换取微博的认证access_token code = request.data.get('code') data = { 'client_id': '3223679452', 'client_secret': 'd70a48d3b12e7eb1d6c4b5bf3cecbd58', 'grant_type': 'authorization_code', 'code': code, 'redirect_uri': 'http://127.0.0.1:8888/oauth/callback/' } url = 'https://api.weibo.com/oauth2/access_token' weibo_data = requests.post(url=url, data=data) print(type(weibo_data)) json_weibo_data = weibo_data.json() uid = json_weibo_data.get("uid") if uid: try: uid_user = WbUser.objects.get(uid=uid) user = uid_user.user payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) data = jwt_response_payload_handler(token, user) res_data = { 'code': 0, "msg": "授权成功", "data": { "type": 0, "uid": uid, "username": uid_user.user.username, "token": data['token'] } } return Response(res_data) except Exception as e: res_data = { 'code': 0, "msg": "授权成功", "data": { "type": 1, "uid": uid, } } return Response(res_data) else: return Response({"code": 999, "msg": "获取微博信息失败"}) class BindUser(APIView): def post(self,request): oauth_type=1 username=request.data.get("username") password=request.data.get("password") weibo_uid=request.data.get("weibo_uid") print(username,password,weibo_uid) if not all([username,password,weibo_uid]): return Response({"code":4005,"msg":"参数不全"}) # 存在绑定用户 try: user=User.objects.filter(username=username).first() payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) data = jwt_response_payload_handler(token, user) oauthinfo=WbUser.objects.create(uid=weibo_uid,oauth_type=oauth_type,user=user) data={ "authenticcated":True, "id":user.id, "role":None, "name":user.nick_name, "username":username, "email":user.email, "token":data['token'], "type":0 } res_data={ "code":0, "msg":"登录成功", "data":data } return Response(res_data) #不存在则create创建 except Exception as e: print(e) password=make_password(password) user=User.objects.create(username=username,password=password) oauthinfo = WbUser.objects.create(uid=weibo_uid, oauth_type=oauth_type, user=user) payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) data_t = jwt_response_payload_handler(token, user) data = { "authenticcated": True, "id": user.id, "role": None, "name": user.nick_name, "username": username, "email": user.email, "token": data_t['token'], "type": 0 } res_data = { "code": 0, "msg": "登录成功", "data": data } return Response(res_data)
4.在oauth/urls.py里配置二级路由
# -*- coding: utf-8 -*- from django.urls import path from . import views urlpatterns = [ path('weibo/', views.WBUrl.as_view(), ), # 拼接微博url path('weibo/callback/', views.WBCallBack.as_view(), ), # 授权回调 path('weibo/binduser/', views.BindUser.as_view(), ), # 绑定用户 ]