我关注了页面 https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Resource-Owner-Password-Credentials-flow通过测试 API
curl -F grant_type=password \
-F username=foo@bar.com \
-F password=mypass \
-X POST http://localhost:3000/oauth/token
我得到了回应:
{"access_token":"6d4398b75d94835631a453af770161a6f58618b101b58ccf62a5a8492bce3440","token_type":"bearer","expires_in":600,"refresh_token":"c1445d0a27a8278268c1187c2e3da7163525f1fac8093890430edd328f51c3de","created_at":1429931390}
但是当我调用/oauth/authorize 时:
curl -F response_type=6d4398b75d94835631a453af770161a6f58618b101b58ccf62a5a8492bce3440 \
-F client_id=9c291dc4aa87bfafd6c6a4cf6930d225c106f8fe88e1d0769832047f1ee011c4 \
-F client_secret=decba5aca425095978d33653ef03d654f0b74427bcec0596bdde518016708c35 \
-F redirect_uri=urn:ietf:wg:oauth:2.0:oob \
-F username=foo@bar.com \
-X POST http://localhost:3000/oauth/authorize
但我得到了:
Started POST "/oauth/authorize" for 127.0.0.1 at 2015-04-25 00:30:05 -0300 Processing by Doorkeeper::AuthorizationsController#create as / Parameters: {"response_type"=>"6d4398b75d94835631a453af770161a6f58618b101b58ccf62a5a8492bce3440", "client_id"=>"9c291dc4aa87bfafd6c6a4cf6930d225c106f8fe88e1d0769832047f1ee011c4", "client_secret"=>"[FILTERED]", "redirect_uri"=>"urn:ietf:wg:oauth:2.0:oob", "username"=>"foo@bar.com"} Can't verify CSRF token authenticity Completed 422 Unprocessable Entity in 1ms ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): ...
我究竟做错了什么?
最佳答案
如果您仅使用 API,我的猜测是您可以通过添加以下行在环境文件 (test/developpement/production.rb) 中简单地将其关闭:config.action_controller.allow_forgery_protection = false'
干杯!
关于ruby-on-rails-4 - Doorkeeper::AuthorizationsController#create 无法验证 CSRF token 的真实性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29860725/