OAuth 和 YouTube API [英] OAuth and the YouTube API

问题描述

我正在尝试通过 OAuth 使用 YouTube 服务.我已经能够获取请求令牌，授权它们并将它们转换为访问令牌.

I am trying to use the YouTube services with OAuth. I have been able to obtain request tokens, authorize them and transform them into access tokens.

现在我正在尝试使用这些令牌实际向 YouTube 服务发出请求.例如，我正在尝试将视频添加到播放列表中.因此，我正在向

Now I am trying to use those tokens to actually do requests to the YouTube services. For instance I am trying to add a video to a playlist. Hence I am making a POST request to

https://gdata.youtube.com/feeds/api/playlists/XXXXXXXXXXXX

发送正文

<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns="http://www.w3.org/2005/Atom"
    xmlns:yt="http://gdata.youtube.com/schemas/2007">
  <id>XXXXXXXXX</id>
</entry>

和标题

Gdata-version: 2
Content-type: application/atom+xml
Authorization: OAuth oauth_consumer_key="www.xxxxx.xx",
                                oauth_nonce="xxxxxxxxxxxxxxxxxxxxxxxxx",
                                oauth_signature="XXXXXXXXXXXXXXXXXXX",
                                oauth_signature_method="HMAC-SHA1",
                                oauth_timestamp="1310985770",
                                oauth_token="1%2FXXXXXXXXXXXXXXXXXXXX",
                                oauth_version="1.0"
X-gdata-key: key="XXXXXXXXXXXXXXXXXXXXXXXXX"

加上一些在请求时由 urllib2(我使用 Python)添加的标准标头(Host 和 Content-Length).

plus some standard headers (Host and Content-Length) which are added by urllib2 (I am using Python) at the moment of the request.

不幸的是，我收到一个Error 401: Unknown authorization header，响应的标头是

Unfortunately, I get an Error 401: Unknown authorization header, and the headers of the response are

X-GData-User-Country: IT
WWW-Authenticate: GoogleLogin service="youtube",realm="https://www.google.com/youtube/accounts/ClientLogin"
Content-Type: text/html; charset=UTF-8
Content-Length: 179
Date: Mon, 18 Jul 2011 10:42:50 GMT
Expires: Mon, 18 Jul 2011 10:42:50 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

特别是我不知道如何解释 WWW-Authenticate 标头，其领域提示 ClientLogin.

In particular I do not know how to interpret the WWW-Authenticate header, whose realm hints to ClientLogin.

我还尝试使用 OAuth Playground 和该站点发送的授权标头看起来和我的一模一样，除了字段的顺序.尽管如此，在操场上一切正常.好吧，几乎:我收到一条错误消息，指出缺少 Developer 密钥，但这是合理的，因为无法在操场上添加密钥.尽管如此，我还是通过了错误 401.

I have also tried to play with the OAuth Playground and the Authorization header sent by that site looks exactly like mine, except for the order of the fields. Still, on the plyaground everything works. Well, almost: I get an error telling that a Developer key is missing, but that is reasonable since there is no way to add one on the playground. Still, I go past the Error 401.

我还尝试从那里手动复制 Authorization 标头，但出现 Error 400: Bad request.

I have also tried to manually copy the Authorization header from there, and I got an Error 400: Bad request.

我做错了什么?

推荐答案

原来问题是 xmlns:yt 之前的换行符.我能够使用 ncat 对此进行调试，正如 此处 所建议的，并检查完整响应.

Turns out the problem was the newline before xmlns:yt. I was able to debug this using ncat, as suggeested here, and inspecting the full response.

这篇关于OAuth 和 YouTube API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！