Requests 简明教程
Requests - Authentication
本章将讨论 Requests 模块中可用的认证类型。
This chapter will discuss the types of authentication available in the Requests module.
本教程中,我们将讨论以下内容:
We are going to discuss the following −
-
Working of Authentication in HTTP Requests
-
Basic Authentication
-
Digest Authentication
-
OAuth2 Authentication
Working of Authentication in HTTP Requests
HTTP 认证是在服务器端进行的,当客户端请求一个网址时,要求提供一些认证信息,例如用户名和密码。这是对客户端和服务器之间交换的请求和响应的额外安全保护。
HTTP authentication is on the server-side asking for some authentication information like username, password when the client requests a URL. This is additional security for the request and the response being exchanged between the client and the server.
从客户端角度而言,这些额外的认证信息(即用户名和密码)可以发送在标头中,稍后将在服务器端进行验证。只有在认证有效的情况下,才会从服务器端传递响应。
From the client-side these additional authentication information i.e. username and password can be sent in the headers, which later on the server side will be validated. The response will be delivered from the server-side only when the authentication is valid.
Requests 库已在 requests.auth 中使用了最常用的认证,它们是基本认证(HTTPBasicAuth)和摘要认证(HTTPDigestAuth)。
Requests library has most commonly used authentication in requests.auth, which are Basic Authentication (HTTPBasicAuth) and Digest Authentication (HTTPDigestAuth).
Basic Authentication
这是提供服务器认证的最简单形式。为了使用基本认证,我们将使用 requests 库提供的 HTTPBasicAuth 类。
This is the simplest form of providing authentication to the server. To work with basic authentication, we are going to use HTTPBasicAuth class available with requests library.
Example
这是一个如何使用它的工作示例。
Here is a working example of how to use it.
import requests
from requests.auth import HTTPBasicAuth
response_data =
requests.get('httpbin.org/basic-auth/admin/admin123',
auth = HTTPDigestAuth('admin', 'admin123'))
print(response_data.text)我们调用网址 https://httpbin.org/basic-auth/admin/admin123 ,其中用户是 admin,密码是 admin123。
We are calling the url, https://httpbin.org/basic-auth/admin/admin123 with user as admin and password as admin123.
因此,如果没有认证(即用户名和密码),这个网址将无法工作。一旦您使用 auth 参数提供认证,则只有服务器才会返回响应。
So, this URL will not work without authentication, i.e. user and password. Once you give the authentication using the auth param, then only the server will give back the response.
Digest Authentication
这是 requests 中可用的另一种认证形式。我们将使用 requests 中的 HTTPDigestAuth 类。
This is another form of authentication available with requests. We are going to make use of HTTPDigestAuth class from requests.
OAuth2 Authentication
-
要使用 OAuth2 身份验证,我们需要 "requests_oauth2" 库。要安装 "requests_oauth2",请执行以下操作:
To use OAuth2 Authentication, we need “requests_oauth2” library. To install “requests_oauth2” do the following −
pip install requests_oauth2安装时,您的终端屏幕中显示的内容将类似于以下内容:
The display in your terminal while installing will be something as shown below −
E:\prequests>pip install requests_oauth2
Collecting requests_oauth2
Downloading https://files.pythonhosted.org/packages/52/dc/01c3c75e6e7341a2c7a9
71d111d7105df230ddb74b5d4e10a3dabb61750c/requests-oauth2-0.3.0.tar.gz
Requirement already satisfied: requests in c:\users\xyz\appdata\local\programs
\python\python37\lib\site-packages (from requests_oauth2) (2.22.0)
Requirement already satisfied: six in c:\users\xyz\appdata\local\programs\pyth
on\python37\lib\site-packages (from requests_oauth2) (1.12.0)
Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in c:\use
rs\xyz\appdata\local\programs\python\python37\lib\site-packages (from requests
->requests_oauth2) (1.25.3)
Requirement already satisfied: certifi>=2017.4.17 in c:\users\xyz\appdata\loca
l\programs\python\python37\lib\site-packages (from requests->requests_oauth2) (2
019.3.9)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in c:\users\xyz\appdata\l
ocal\programs\python\python37\lib\site-packages (from requests->requests_oauth2)
(3.0.4)
Requirement already satisfied: idna<2.9,>=2.5 in c:\users\xyz\appdata\local\pr
ograms\python\python37\lib\site-packages (from requests->requests_oauth2) (2.8)
Building wheels for collected packages: requests-oauth2
Building wheel for requests-oauth2 (setup.py) ... done
Stored in directory: C:\Users\xyz\AppData\Local\pip\Cache\wheels\90\ef\b4\43
3743cbbc488463491da7df510d41c4e5aa28213caeedd586
Successfully built requests-oauth2我们已经完成了“requests-oauth2”的安装。要使用 Google、Twitter 的 API,我们需要其同意,这将使用 OAuth2 身份验证完成。
We are done installing “requests-oauth2”. To use the API’s of Google, Twitter we need its consent and the same is done using OAuth2 authentication.
对于 OAuth2 身份验证,我们需要客户端 ID 和密钥。有关如何获取它们的详细信息,可以在链接中找到: https://developers.google.com/identity/protocols/OAuth2 。
For OAuth2 authentication we will need Client ID and a Secret Key. The details of how to get it, is mentioned on link: https://developers.google.com/identity/protocols/OAuth2.
稍后,登录 Google API 控制台,该控制台可在 https://console.developers.google.com/ 获得,并获取客户端 ID 和密钥。
Later on, login to Google API Console which is available at https://console.developers.google.com/and get the client id and secret key.
Example
下面是使用“requests-oauth2”的示例。
Here is an example of how to use "requests-oauth2".
import requests
from requests_oauth2.services import GoogleClient
google_auth = GoogleClient(
client_id="xxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
redirect_uri="http://localhost/auth/success.html",
)
a = google_auth.authorize_url(
scope=["profile", "email"],
response_type="code",
)
res = requests.get(a)
print(res.url)我们无法重定向到给定的 URL,因为它需要登录 Gmail 帐户,但在这里,您将从示例中看到,google_auth 可用,并给出了授权 URL。
We will not be able to redirect to the URL given, as it needs to login to the Gmail account, but here, you will see from the example, that google_auth works and the authorized URL is given.