Authorization Credentials Stripped — django, elastic beanstalk, oauth

后端 未结 4 1115
无人及你
无人及你 2020-12-02 07:31

I implemented a REST api in django with django-rest-framework and used oauth2 for authentication.

I tested with:

curl -X POST -d \"client_id=YOUR_CLI         


        
相关标签:
4条回答
  • 2020-12-02 07:56

    I like the idea of just having some extra configuration on the standard place. In your .ebextensions directory create a wsgi_custom.config file with:

    files:
      "/etc/httpd/conf.d/wsgihacks.conf":
        mode: "000644"
        owner: root
        group: root
        content: |
          WSGIPassAuthorization On
    

    As posted here: https://forums.aws.amazon.com/message.jspa?messageID=376244

    0 讨论(0)
  • 2020-12-02 08:02

    Though the above solution is interesting, there is another way. Keep the wsgi.conf VirtualHost configuration file you want to use in .ebextensions, and overwrite it in a post deploy hook (you can't do this pre-deploy because it will get re-generated (yes, I found this out the hard way). If you do this, to reboot, make sure to use the supervisorctl program to restart so as to get all your environment variables set properly. (I found this out the hard way as well.)

    cp /tmp/wsgi.conf /etc/httpd/conf.d/wsgi.conf
     /usr/local/bin/supervisorctl -c /opt/python/etc/supervisord.conf restart httpd
    exit 0
    

    01_python.config:

    05_fixwsgiauth:
        command: "cp .ebextensions/wsgi.conf /tmp"
    
    0 讨论(0)
  • 2020-12-02 08:09

    I thought the problem was with my configuration in django or some other error type instead of focusing on the differences between localhost and EB. The issue is with EB's Apache settings.

    WSGIPassAuthorization is natively set to OFF, so it must be turned ON. This can be done in your *.config file in your .ebextensions folder with the following command added:

    container_commands:
      01_wsgipass:
        command: 'echo "WSGIPassAuthorization On" >> ../wsgi.conf'
    

    Please let me know if I missed something or if there is a better way I should be looking at the problem. I could not find anything specifically about this anywhere on the web and thought this might save somebody hours of troubleshooting then feeling foolish.

    0 讨论(0)
  • 2020-12-02 08:13

    I use a slightly different approach now. sahutchi's solution worked as long as env variables were not changed as Tom dickin pointed out. I dug a bit deeper inside EB and found out where the wsgi.conf template is located and added the "WSGIPassAuthorization On" option there.

    commands:
      WSGIPassAuthorization:
        command: sed -i.bak '/WSGIScriptAlias/ a WSGIPassAuthorization On' config.py
        cwd: /opt/elasticbeanstalk/hooks
    

    That will always work, even when changing environment variables. I hope you find it useful.

    Edit: Seems like lots of people are still hitting this response. I haven't used ElasticBeanstalk in a while, but I would look into using Manel Clos' solution below. I haven't tried it personally, but seems a much cleaner solution. This one is literally a hack on EBs scripts and could potentially break in the future if EB updates them, specially if they move them to a different location.

    0 讨论(0)
提交回复
热议问题