Oauth2.0认证 + 微博三方登陆

Oauth2.0授权认证

oauth2.0是什么?

OAuth(开放授权)是一个开放标准,允许用户让第三方应用访问该用户在某一网站上存储的私密的资源(如照片,视频,联系人列表),而无需将用户名和密码提供给第三方应用。

 

 

 

Oauth2.0的四种授权模式?

  • 隐式授权模式(Implicit Grant)
  • 授权码授权模式(Authorization code Grant)
  • 密码模式(Resource Owner Password Credentials Grant)
  • 客户端凭证模式(Client Credentials Grant)

 

微博三方登陆

微博登陆流程图

 

 

1.创建应用(syl/apps)

pyhton ../manage.py  startapp  oauth

2.在syl/setting.py里面配置

INSTALLED_APPS = [
    
    'oauth',

]

WEIBO_APP_KEY = '3909184723'
WEIBO_APP_SECRET = 'd4ca62c699779f0f91bd00c7e7c1197f'
WEIBO_CALL_BACK = 'http://127.0.0.1:8888/oauth/callback/'   # 回调路由
syl/setting.py

3.apps下oauth/views.py

from urllib.parse import urlencode
import requests
from django.contrib.auth.hashers import make_password
from rest_framework.response import Response
from rest_framework.views import APIView
from oauth.models import WbUser
from user.models import User
from user.views import jwt_response_payload_handler
from rest_framework_jwt.serializers import *


class WBUrl(APIView):
    def post(self, request):
        url = 'https://api.weibo.com/oauth2/authorize?'  # 微博授权的url地址

        data = {
            'client_id': '3223679452',  # WEIBO_APP_KEY,
            'response_type': 'code',
            'redirect_uri': 'http://127.0.0.1:8888/oauth/callback/',  # VUE的回调, 微博后台授权的回调地址
        }
        # 拼接微博授权路由url
        weibo_url = url + urlencode(data)

        return Response({'code': '0', 'msg': '成功', 'data': {'url': weibo_url}})



class WBCallBack(APIView):
    # 自定义权限类
    # permission_classes = (AllowAny,)

    def post(self, request):
        # 接收vue端传过来的code( 微博的用户code)
        # 1.使用微博用户code+微博开发者账号信息换取微博的认证access_token
        code = request.data.get('code')
        data = {
            'client_id': '3223679452',
            'client_secret': 'd70a48d3b12e7eb1d6c4b5bf3cecbd58',
            'grant_type': 'authorization_code',
            'code': code,
            'redirect_uri': 'http://127.0.0.1:8888/oauth/callback/'
        }
        url = 'https://api.weibo.com/oauth2/access_token'
        weibo_data = requests.post(url=url, data=data)
        print(type(weibo_data))
        json_weibo_data = weibo_data.json()
        uid = json_weibo_data.get("uid")
        if uid:
            try:
                uid_user = WbUser.objects.get(uid=uid)
                user = uid_user.user
                payload = jwt_payload_handler(user)
                token = jwt_encode_handler(payload)
                data = jwt_response_payload_handler(token, user)
                res_data = {
                    'code': 0, "msg": "授权成功",
                    "data": {
                        "type": 0,
                         "uid": uid,
                        "username": uid_user.user.username,
                        "token": data['token']
                    }
                }
                return Response(res_data)
            except Exception as e:
                res_data = {
                    'code': 0,
                    "msg": "授权成功",
                    "data": {
                        "type": 1,
                        "uid": uid,
                    }
                }
                return Response(res_data)
        else:
            return Response({"code": 999, "msg": "获取微博信息失败"})



class BindUser(APIView):
    def post(self,request):
        oauth_type=1
        username=request.data.get("username")
        password=request.data.get("password")
        weibo_uid=request.data.get("weibo_uid")
        print(username,password,weibo_uid)

        if not all([username,password,weibo_uid]):
            return Response({"code":4005,"msg":"参数不全"})
        # 存在绑定用户
        try:
            user=User.objects.filter(username=username).first()
            payload = jwt_payload_handler(user)
            token = jwt_encode_handler(payload)
            data = jwt_response_payload_handler(token, user)
            oauthinfo=WbUser.objects.create(uid=weibo_uid,oauth_type=oauth_type,user=user)
            data={
                "authenticcated":True,
                "id":user.id,
                "role":None,
                "name":user.nick_name,
                "username":username,
                "email":user.email,
                "token":data['token'],
                "type":0
            }
            res_data={
                "code":0,
                "msg":"登录成功",
                "data":data
            }
            return Response(res_data)
        #不存在则create创建
        except Exception as e:
            print(e)
            password=make_password(password)
            user=User.objects.create(username=username,password=password)
            oauthinfo = WbUser.objects.create(uid=weibo_uid, oauth_type=oauth_type, user=user)
            payload = jwt_payload_handler(user)
            token = jwt_encode_handler(payload)
            data_t = jwt_response_payload_handler(token, user)
            data = {
                "authenticcated": True,
                "id": user.id,
                "role": None,
                "name": user.nick_name,
                "username": username,
                "email": user.email,
                "token": data_t['token'],
                "type": 0
            }
            res_data = {
                "code": 0,
                "msg": "登录成功",
                "data": data
            }
            return Response(res_data)
 oauth/views.py

4.在oauth/urls.py里配置二级路由

# -*- coding: utf-8 -*-
from django.urls import path
from . import views
urlpatterns = [
    path('weibo/', views.WBUrl.as_view(), ),  # 拼接微博url
    path('weibo/callback/', views.WBCallBack.as_view(), ), # 授权回调
    path('weibo/binduser/', views.BindUser.as_view(), ),   # 绑定用户

]
oauth/urls.py

 

posted @ 2020-12-28 16:25  Aurora.🌻  阅读(156)  评论(0编辑  收藏  举报