请求访问令牌时,AppEngine错误400 [英] AppEngine error 400 when requesting access token
问题描述
我正在编写一个基于Delphi的PC应用程序,它访问AppEngine servlet。我正在尝试使用OAuth 1.0 dance来验证用户并允许访问应用程序的受限制部分。
我可以使用浏览器访问受限制的servlet,并通过Google用户身份验证。
我现在正在尝试实施舞蹈。
我使用OAuthGetRequestToken成功获取令牌和令牌密钥。
键:='XXXX.appspot.com';
秘密:='YYYY';
URL:='https://XXXX.appspot.com/_ah/OAuthGetRequestToken';
Consumer:= TOAuthConsumer.Create(Key,Secret);
HMAC:= TOAuthSignatureMethod_HMAC_SHA1.Create;
ARequest:= TOAuthRequest.Create(URL);
ARequest:= ARequest.FromConsumerAndToken(Consumer,nil,URL,'','oob','');
ARequest.Sign_Request(HMAC,Consumer,nil,true);
URL:= URL +'?'+ ARequest.GetString;
idHTTP1.Get(URL,ms);
ARequest.Destroy;
HMAC.Destroy;
Consumer.Destroy;
GET请求和响应如下所示:
GET / _ah / OAuthGetRequestToken HTTP / 1.1
主机:XXXX.appspot.com
接受:* / *
授权:OAuth oauth_version = 1.0,oauth_nonce =1511ec6d98e5b89c561b1af4b3022476,oauth_timestamp =1347534557,oauth_consumer_key =XXXX.appspot.com,oauth_callback =oob,oauth_signature_method =HMAC-SHA1,oauth_signature =JPSgMsipsLumldKsca8SA8gDXgw%3D
HTTP / 1.1 200 OK
日期:2012年9月13日星期四11:09:18 GMT
内容类型:text / html
服务器:Google Frontend
内容 - 长度:88
oauth_token = 4%2FY4ReEZt9v8IYHJ_4WnZYkzurXOgw& oauth_token_secret = S9150fuyvo_jjr43Cd47CPzY
接下来,我授权
URL:='https://inksureauth.appspot.com/_ah/OAuthAuthorizeToken?oauth_token='+TOAuthUtil .urlEncodeRFC3986(Token.Text);
IdHTTP1.Get(URL,ms);
我被重定向到Google网页进行登录。正如我所说的'回拨'回拨,我收到了我复制的网页上的验证码。
最后,我尝试获取交换令牌的访问令牌。这里我失败了。
URL:='https://XXXX.appspot.com/_ah/OAuthGetAccessToken';
键:='XXXX.appspot.com';
秘密:='YYYY';
Consumer:= TOAuthConsumer.Create(Key,Secret);
ARequest:= TOAuthRequest.Create(URL);
AToken:= TOAuthToken.Create(TOAuthUtil.urlEncodeRFC3986(Token.Text),TokenSecret.Text);
ARequest.HTTPURL:= URL;
ARequest:= ARequest.FromConsumerAndToken(消费者,AToken,URL,'','','从网页验证代码');
HMAC:= TOAuthSignatureMethod_HMAC_SHA1.Create;
ARequest.Sign_Request(HMAC,Consumer,AToken,true);
URL:= URL +'?'+ ARequest.GetString;
IdHTTP1.Disconnect;
IdHTTP1.Get(URL,ms);
HMAC.Destroy;
ARequest.Destroy;
Consumer.Destroy;
GET命令如下所示:
GET /_ah/OAuthGetAccessToken?oauth_version=1.0&oauth_nonce=4A86BEECE494C25AF94882F74DEE6231&oauth_timestamp=1347545383&oauth_consumer_key=XXXX.appspot.com&oauth_verifier=yGEhCENYOlni2ayo8aNckyPG&oauth_token=4%2FEKGFo9i2wmuMGcBLmbmQhqDba0z4&oauth_signature_method=HMAC -SHA1& oauth_signature = 2ZwRvGp8LnXenTXrjYo5%2FtFHW30%3D HTTP / 1.1
并回应:
HTTP / 1.1 400错误请求
日期:2012年9月13日星期四14:09:44 GMT
Content-Type :text / html; charset = UTF-8
服务器:Google Frontend
内容长度:273
< html>< head>
< meta http-equiv =content-typecontent =text / html; charset = utf-8>
< title> 400错误请求< / title>
< / head>
< body text =#000000 bgcolor =#ffffff>
< h1>错误:错误请求< / h1>
< h2>您的客户发布了格式错误或非法的请求。< / h2>
< h2>< / h2>
< / body>< / html>
我使用OAuth操作区访问相同的应用程序,并成功地检索访问密钥。我将游乐场的请求参数与我的应用程序生成的参数进行比较,并且它们是兼容的。我使用我的签名功能签署了操场生成的请求并匹配签名。最后一步失败会有什么其他原因?
在您的客户发出格式错误或非法请求之后,是否有可能从验证服务器获得更丰富的响应?
更新:我已经使用我的应用程序成功检索到Google日历的访问令牌。使用相同的代码,我将切换回AppEngine应用程序,并在GetAccessToken步骤失败。 谷歌同时转移到Oauth 2.0。您可以在这里找到OAuth 2.0客户端身份验证解决方案:
https: //github.com/lordcrc/IndySASLOAuth2
简单的用于Indy的OAuth2 SASL验证器。
使用Delphi REST客户端库。
使用Delphi XE6进行测试。
授权根据Apache 2.0许可证
I'm writing a Delphi based PC application which accesses an AppEngine servlet. I'm trying to use the OAuth 1.0 dance to authenticate users and allow access to a restricted part of the application. I'm able to get access to the restricted servlet using a browser and going through google user authentication. I'm now trying to implement the dance. I successfully get the token and token secret using OAuthGetRequestToken.
Key := 'XXXX.appspot.com';
Secret := 'YYYY';
URL := 'https://XXXX.appspot.com/_ah/OAuthGetRequestToken';
Consumer := TOAuthConsumer.Create(Key, Secret);
HMAC := TOAuthSignatureMethod_HMAC_SHA1.Create;
ARequest := TOAuthRequest.Create(URL);
ARequest := ARequest.FromConsumerAndToken(Consumer, nil, URL,'','oob','');
ARequest.Sign_Request(HMAC, Consumer, nil,true);
URL := URL + '?' + ARequest.GetString;
idHTTP1.Get(URL,ms);
ARequest.Destroy;
HMAC.Destroy;
Consumer.Destroy;
The GET request and response look like this:
GET /_ah/OAuthGetRequestToken HTTP/1.1
Host: XXXX.appspot.com
Accept: */*
Authorization: OAuth oauth_version="1.0", oauth_nonce="1511ec6d98e5b89c561b1af4b3022476", oauth_timestamp="1347534557", oauth_consumer_key="XXXX.appspot.com", oauth_callback="oob", oauth_signature_method="HMAC-SHA1", oauth_signature="JPSgMsipsLumldKsca8SA8gDXgw%3D"
HTTP/1.1 200 OK
Date: Thu, 13 Sep 2012 11:09:18 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 88
oauth_token=4%2FY4ReEZt9v8IYHJ_4WnZYkzurXOgw&oauth_token_secret=S9150fuyvo_jjr43Cd47CPzY
Next, I authorize the token.
URL := 'https://inksureauth.appspot.com/_ah/OAuthAuthorizeToken?oauth_token='+TOAuthUtil.urlEncodeRFC3986(Token.Text);
IdHTTP1.Get(URL,ms);
I'm redirected to the google web page for login. As I stated 'oob' for callback, I receive a verification code on the web page which I copy.
Finally, I try to get exchange the token for an access token. Here I fail.
URL := 'https://XXXX.appspot.com/_ah/OAuthGetAccessToken';
Key := 'XXXX.appspot.com';
Secret := 'YYYY';
Consumer := TOAuthConsumer.Create(Key, Secret);
ARequest := TOAuthRequest.Create(URL);
AToken := TOAuthToken.Create(TOAuthUtil.urlEncodeRFC3986(Token.Text), TokenSecret.Text);
ARequest.HTTPURL := URL;
ARequest := ARequest.FromConsumerAndToken(Consumer,AToken , URL,'','','VERIFICATION CODE FROM WEB PAGE');
HMAC := TOAuthSignatureMethod_HMAC_SHA1.Create;
ARequest.Sign_Request(HMAC, Consumer, AToken,true);
URL := URL + '?' + ARequest.GetString;
IdHTTP1.Disconnect;
IdHTTP1.Get(URL,ms);
HMAC.Destroy;
ARequest.Destroy;
Consumer.Destroy;
The GET command looks like this:
GET /_ah/OAuthGetAccessToken?oauth_version=1.0&oauth_nonce=4A86BEECE494C25AF94882F74DEE6231&oauth_timestamp=1347545383&oauth_consumer_key=XXXX.appspot.com&oauth_verifier=yGEhCENYOlni2ayo8aNckyPG&oauth_token=4%2FEKGFo9i2wmuMGcBLmbmQhqDba0z4&oauth_signature_method=HMAC-SHA1&oauth_signature=2ZwRvGp8LnXenTXrjYo5%2FtFHW30%3D HTTP/1.1
And the response:
HTTP/1.1 400 Bad Request
Date: Thu, 13 Sep 2012 14:09:44 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Frontend
Content-Length: 273
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>400 Bad Request</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Bad Request</h1>
<h2>Your client has issued a malformed or illegal request.</h2>
<h2></h2>
</body></html>
I used the OAuth playground to access the same application and it is successful in retrieving the access key. I compared the playground's request parameters to the parameters generated by my application and they are compatible. I used my signing function to sign a request generated by the playground and the signatures matched. What other reason can there be for the last step to fail? Is it possible to get a more informative response from the authentication server beyond "Your client has issued a malformed or illegal request"?
Update: I have used my application to retrieve an access token to Google calendar successfuly. Using the same code I change back to the AppEngine application and fail on the GetAccessToken step.
Google moved to Oauth 2.0 meanwhile. You can find OAuth 2.0 client authentication solution here:
https://github.com/lordcrc/IndySASLOAuth2
Simple OAuth2 SASL authenticator for Indy.
Uses the Delphi REST client libraries.
Tested on Delphi XE6.
Licensed under the Apache 2.0 license
这篇关于请求访问令牌时,AppEngine错误400的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
