【发布时间】:2019-02-03 06:38:31
【问题描述】:
我在本地使用 Bottle 开发了一个 Python webapp,并让它(大部分)在 pythonanywhere 上运行。
也就是说,当我尝试对用户进行身份验证(在我的本地安装上工作)时,我收到以下错误:
Redirect_uri mismatch: null. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process.
我更新了我的 fitbit api 应用程序设置,并反复检查了设置中的 redirect_uri 是否与我的应用程序中的匹配。
查看 fitbit 文档论坛,this could be a percent-encoding issue 似乎在哪里...
https://www.fitbit.com/login?disableThirdPartyLogin=true&redirect=%2Foauth2%2Fauthorize%3Fclient_id%XXXXXXXX%26redirect_uri%3Dhttp%253A%252F%252Fexample.com%252Fcallback%26response_type%3Dcode%26scope%3Dactivity%2Bsleep%2Bweight%2Bnutrition%2Bsettings%26state%3D024
应该是……
https://www.fitbit.com/login?disableThirdPartyLogin=true&redirect=%2Foauth2%2Fauthorize%3Fclient_id%XXXXXXXX%26redirect_uri%3Dhttp://example.com/callback%26response_type%3Dcode%26scope%3Dactivity%2Bsleep%2Bweight%2Bnutrition%2Bsettings%26state%3D024
到授权页面的重定向是这样构建的......
@app.route('/aas/<study_id>')
def hello(study_id):
'''This is the primary request page that redirects users to the fitbit api for authorization.'''
authorization_page = f'https://www.fitbit.com/oauth2/authorize' \
f'?response_type=code' \
f'&client_id={CLIENT_ID}' \
f'&redirect_uri={str(REDIRECT_URI)}' \
f'&scope={SCOPE}' \
f'&state={study_id}'
redirect(url=authorization_page)
有没有办法可以防止这种编码发生,只是为了看看这是否是问题所在?我假设它是由 wsgi 完成的。
非常感谢任何其他想法/想法。
【问题讨论】:
标签: oauth-2.0 wsgi bottle pythonanywhere fitbit