我们从Python开源项目中,提取了以下8个代码示例,用于说明如何使用oauth2client.client.verify_id_token()。
def verify_google_token(request): token = request.data.get('token') if token is None: raise ValidationError({'detail': 'Auth token required.'}) try: idinfo = client.verify_id_token(token, settings.GOOGLE_AUTH_KEY) if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: raise crypt.AppIdentityError('Wrong issuer.') if idinfo.get('hd') != settings.GOOGLE_AUTH_HOSTED_DOMAIN: raise crypt.AppIdentityError('Wrong hosted domain.') except crypt.AppIdentityError as e: raise AuthenticationFailed(e) defaults = { 'email': idinfo['email'], 'first_name': idinfo.get('given_name', ''), 'last_name': idinfo.get('family_name', ''), } user, created = get_user_model().objects.get_or_create( username=idinfo['email'], defaults=defaults) user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) return Response({})
def authenticate(self, request): token = self.get_jwt_value(request) if token is None: return None, None try: idinfo = client.verify_id_token(token, settings.GOOGLE_AUTH_KEY) if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: raise crypt.AppIdentityError("Wrong issuer.") if idinfo.get('hd') != settings.GOOGLE_AUTH_HOSTED_DOMAIN: raise crypt.AppIdentityError("Wrong hosted domain.") except crypt.AppIdentityError as e: raise exceptions.AuthenticationFailed(e) defaults = { 'email': idinfo['email'], 'first_name': idinfo['given_name'], 'last_name': idinfo['family_name'], } user, created = get_user_model().objects.get_or_create( username=idinfo['email'], defaults=defaults, ) return user, idinfo
def _verify_token(self, token): """Return the ID of the signed-in user. Or throw an Exception if the token is invalid. """ try: idinfo = client.verify_id_token(token, KEYS['OAUTH_CLIENT_ID']) except Exception as e: raise crypt.AppIdentityError('Exception caught trying to verify ID token: {}'.format(e)) if idinfo['aud'] != KEYS['OAUTH_CLIENT_ID']: raise crypt.AppIdentityError('Unrecognized client.') if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: raise crypt.AppIdentityError('Wrong issuer.') return idinfo['sub']
def _verify_google_id_token(request): if 'google_id_token' not in request.POST: raise crypt.AppIdentityError("google_id_token missing.") token = request.POST.get('google_id_token', None) idinfo = client.verify_id_token(token, django_settings.GOOGLE_CLIENT_ID) if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: raise crypt.AppIdentityError("Invalid issuer.") return token, idinfo
def login(self, data): try: idinfo = client.verify_id_token(data, None) if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: raise crypt.AppIdentityError("Wrong issuer.") userid = idinfo['sub'] print(userid, "connected") if userid not in server.users: #Creation of user in users.json server.users[userid] = {'clicks': 0} with open('users.json', 'w') as f: json.dump(server.users, f) f.close() with open('users.json') as file_users: server.users = json.load(file_users) file_users.close() print(server.users) self.player = Player(userid, server.users[userid]) print(server.users, "DONE") await self.ws.send(json.dumps({'auth': True})) await self.ws.send(json.dumps(self.player, default = lambda o: o.__dict__)) except crypt.AppIdentityError: print("failed to log-in") await self.ws.send(json.dumps({'auth': False}))
def getTokenValidation(clientId, token): """Calls Google to receive a validation of a Google user token. """ tokenInfo = None try: tokenInfo = client.verify_id_token(token, clientId) if tokenInfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: raise crypt.AppIdentityError("Wrong issuer.") except crypt.AppIdentityError as e: print(e) tokenInfo = False return tokenInfo
def sign_in(): """Authenticate a user with Google sign in""" try: token = request.form['idtoken'] except KeyError: return 'No idtoken provided', 401 try: idinfo = client.verify_id_token(token, KEYS['OAUTH_CLIENT_ID']) if idinfo['aud'] != KEYS['OAUTH_CLIENT_ID']: raise crypt.AppIdentityError('Unrecognized client.') if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: raise crypt.AppIdentityError('Wrong issuer.') except ValueError: url = "https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={}".format(token) req = urllib2.Request(url) response = urllib2.urlopen(url=req, timeout=30) res = response.read() idinfo = json.loads(res) except crypt.AppIdentityError, e: return 'Did not successfully authenticate' user = User.from_google_id(idinfo['sub']) data = { 'isNewUser': not user.exists() } if user.exists(): data['userId'] = user.id return jsonify(**data)
def resolve_google_oauth(request): # token should be passed as an object {'ID_Token' : id_token } # to this view token = request.data.get('ID_Token') CLIENT_ID = os.environ.get('CLIENT_ID') token.replace(" ", "") try: idinfo = client.verify_id_token(token, CLIENT_ID) if 'hd' not in idinfo: raise AuthenticationFailed('Sorry, only Andelans can sign in') if idinfo['hd'] != 'andela.com': raise AuthenticationFailed('Sorry, only Andelans can sign in') if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']: raise PermissionDenied('Wrong Issuer') if idinfo['email_verified'] == 'True' and idinfo['aud'] == CLIENT_ID: return idinfo except crypt.AppIdentityError: raise PermissionDenied('Invalid Token') return idinfo
