Magento Rest Oauth API(签名无效)401 [英] Magento Rest Oauth API (Signature Invalid) 401

问题描述

当我尝试从Java中的Magento获取数据时，出现签名无效问题.我的代码有什么问题:

I get a Signature invalid problem when I try to get data from Magento in Java. What is wrong with my code:

public class MagentoFacade {

final String MAGENTO_API_KEY = "apikey";
final String MAGENTO_API_SECRET = "apisecret";
final String MAGENTO_REST_API_URL = "urlmagento/api/rest";

public void testMethod() {

    OAuthService service = new ServiceBuilder()
    .provider(MagentoThreeLeggedOAuth.class)
    .apiKey(MAGENTO_API_KEY)
    .apiSecret(MAGENTO_API_SECRET)
    .debug()
    .build();




    System.out.println("" + service.getVersion());

    // start
            Scanner in = new Scanner(System.in);
            System.out.println("Magento's OAuth Workflow");
            System.out.println();
            // Obtain the Request Token
            System.out.println("Fetching the Request Token...");
            Token requestToken = service.getRequestToken();
            System.out.println("Got the Request Token!");
            System.out.println();

             // Obtain the Authorization URL
            System.out.println("Fetching the Authorization URL...");
            String authorizationUrl = service.getAuthorizationUrl(requestToken);
            System.out.println("Got the Authorization URL!");
            System.out.println("Now go and authorize Main here:");
            System.out.println(authorizationUrl);
            System.out.println("And paste the authorization code here");
            System.out.print(">>");
            Verifier verifier = new Verifier(in.nextLine());
            System.out.println();

            System.out.println("Trading the Request Token for an Access Token...");
            Token accessToken = service.getAccessToken(requestToken, verifier);
            System.out.println("Got the Access Token!");
            System.out.println("(if your curious it looks like this: "
                    + accessToken + " )");
            System.out.println();

             OAuthRequest request = new OAuthRequest(Verb.GET, MAGENTO_REST_API_URL+ "/products?limit=2");
                service.signRequest(accessToken, request);
                Response response = request.send();
                System.out.println();
                System.out.println(response.getCode());
                System.out.println(response.getBody());
                        System.out.println();
}


public static void main(String[] args) {
    MagentoFacade mf = new MagentoFacade();
    mf.testMethod();
}

}

public final class MagentoThreeLeggedOAuth extends DefaultApi10a {
private static final String BASE_URL = "urltoMagento/";

@Override
public String getRequestTokenEndpoint() {
    return BASE_URL + "oauth/initiate";
}

@Override
public String getAccessTokenEndpoint() {
    return BASE_URL + "oauth/token";
}

@Override
public String getAuthorizationUrl(Token requestToken) {
    return BASE_URL + "richard/oauth_authorize?oauth_token="
            + requestToken.getToken(); //this implementation is for admin roles only...
}

}

签名是:NnRaB73FqCcFAAVB4evZtGkWE3k = 附加了其他OAuth参数:{oauth_callback-> oob，oauth_signature-> NnRaB73FqCcFAAVB4evZtGkWE3k =，oauth_version-> 1.0，oauth_nonce-> 753236685，oauth_signature_method-> HMAC-SHA1，oauth_consumerst_b -4 p8trit_t1 _t4_t1 _t4_t1t，-4 p3trit_t1} t4_t1，t_t_t_t_t _4t 使用Http标头签名 正在传送要求... 响应状态码:401 响应正文:oauth_problem = signature_invalid& debug_sbs = MCe/RB8/GNuqV0qku00ubepc/Sc = 线程主" org.scribe.exceptions.OAuthException中的异常:响应主体不正确.无法从中提取令牌和机密:"oauth_problem = signature_invalid& debug_sbs = MCe/RB8/GNuqV0qku00ubepc/Sc =" 在org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:41) 在org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:27) 在org.scribe.oauth.OAuth10aServiceImpl.getRequestToken(OAuth10aServiceImpl.java:52) 在magento.MagentoFacade.testMethod(MagentoFacade.java:39) 在magento.MagentoFacade.main(MagentoFacade.java:73)

signature is: NnRaB73FqCcFAAVB4evZtGkWE3k= appended additional OAuth parameters: { oauth_callback -> oob , oauth_signature -> NnRaB73FqCcFAAVB4evZtGkWE3k= , oauth_version -> 1.0 , oauth_nonce -> 753236685 , oauth_signature_method -> HMAC-SHA1 , oauth_consumer_key -> ptrij1xt8tjisjb6kmdqed2v4rpla8av , oauth_timestamp -> 1359710704 } using Http Header signature sending request... response status code: 401 response body: oauth_problem=signature_invalid&debug_sbs=MCe/RB8/GNuqV0qku00ubepc/Sc= Exception in thread "main" org.scribe.exceptions.OAuthException: Response body is incorrect. Can't extract token and secret from this: 'oauth_problem=signature_invalid&debug_sbs=MCe/RB8/GNuqV0qku00ubepc/Sc=' at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:41) at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:27) at org.scribe.oauth.OAuth10aServiceImpl.getRequestToken(OAuth10aServiceImpl.java:52) at magento.MagentoFacade.testMethod(MagentoFacade.java:39) at magento.MagentoFacade.main(MagentoFacade.java:73)

推荐答案

我可能为您提供了答案，但在您的情况下可能无法解决. 我很努力地找出为什么我的本地计算机上的签名无效.

I might have an answer for you, but it may not work in your case. I struggled hard to find out why I got signature invalid on my local machine.

事实证明，当在Mage_Oauth_Model_Server :: _ validateSignature()中计算签名时，Magento构建了请求URI部分，其中URL端口路径已修剪:$this->_request->getHttpHost()

Turns out that when calculating the signature in Mage_Oauth_Model_Server::_validateSignature(), Magento builds the request URI part with the URL port path trimmed : $this->_request->getHttpHost()

在我的情况下，本地Web服务器在端口81上运行，因此我的签名和Magento签名不匹配. 通过将false参数传递给getHttpHost方法，可以防止端口修整.

In my case, the local webserver runs on port 81, thus my signature and the Magento one could not match. By passing the false parameter to the getHttpHost method you can keep prevent port trim.

我知道这是非常具体的，但是我弄丢了所有的头发，弄清楚了为什么，所以我需要分享它.谁知道呢，也许这会有所帮助.

I know this is very specific, but I lost all my hair figuring out why so I needed to share it. And who knows, maybe this could help.

欢呼 布尼

这篇关于Magento Rest Oauth API(签名无效)401的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！