无法理解这个API的OAuth流 [英] Can't understand OAuth flow for this API
问题描述
谁能帮我了解汗学院API的OAuth流。
它可以通过这个链接访问:
https://github.com/Khan/khan-api/wiki /汗学院-API认证
Can anyone help me understand OAuth flow for Khan Academy API. It can be accessed through this link: https://github.com/Khan/khan-api/wiki/Khan-Academy-API-Authentication
我使用的抄写。
下面是工作code:
OAuthService serv = new ServiceBuilder().provider(KhanApi.class)
.apiKey("").apiSecret("")
.build();
Token token = new Token("", "");
OAuthRequest req = new OAuthRequest(Verb.GET,
"http://www.khanacademy.org/api/auth/request_token");
serv.signRequest(token, req);
Response resp = req.send();
System.out.println(resp.getBody());
在你得到的回应则需要用户重定向到该页面。然后登录成功后,浏览器将包含请求令牌的URL回应...
After you get the response you need to redirect user to that page. Then after a successful login browser will respond with a url which contains request token...
下面是我尝试和没有工作好,两个不同的东西他们的结果:
Here are two different things that I tried and didn't work out well and their results:
1)
OAuthService serv = new ServiceBuilder().provider(KhanApi.class)
.apiKey("***").apiSecret("***")
.build();
Token token = serv.getRequestToken();
结果是:
异常线程mainorg.scribe.exceptions.OAuthException:响应主体不正确。无法提取令牌和秘密从这个:
Exception in thread "main" org.scribe.exceptions.OAuthException: Response body is incorrect. Can't extract token and secret from this:
<!DOCTYPE html>
<html>
<head>
<title>Login to Khan Academy</title>
<style>
#login-page {
padding-top: 18px;
}
.providers {
height: 100px;
}
.providers .provider .img-container {
height: 80px;
}
.horizontal-separator .separator-text {
background-color: white;
margin-left: 185px;
}
.pw-login {
width: 415px;
height: auto;
text-align: right;
}
.pw-login img.tree {
float: left;
}
</style>
</head>
<body>
<article id="login-page">
<div id="login-inner-content">
<form method="POST"
class="auth-form"
id="login-form"
action="https://khan-academy.appspot.com/login/mobileoauth">
<h3>Login to Khan Academy</h3>
<input type="hidden" name="oauth_map_id" value="889298340">
<input type="hidden" name="view" value="normal">
<ul class="providers">
<li class="provider action-gradient" title="Google">
</div>
</article>
</body>
</html>'
at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:41)
at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:27)
at org.scribe.oauth.OAuth10aServiceImpl.getRequestToken(OAuth10aServiceImpl.java:52)
at com.saeid.scribe.oauth.Main.main(Main.java:117)
响应是一个字符串,一个破碎的HTML文件(在这个意义上,图像不被显示...碎)
The response is a string of a broken html file.(broken in the sense that images are not being shown...)
2)
另外我想:
2) Also I tried:
OAuthRequest req = new OAuthRequest(Verb.GET,
"http://www.khanacademy.org/api/auth/request_token");
Map<String, String> parameters = generateParameters("GET",
"http://www.khanacademy.org/api/auth/request_token");
req.addQuerystringParameter("oauth_consumer_key", parameters.get("oauth_consumer_key"));
req.addQuerystringParameter("oauth_nonce", parameters.get("oauth_nonce"));
req.addQuerystringParameter("oauth_signature", parameters.get("oauth_signature"));
req.addQuerystringParameter("oauth_signature_method", parameters.get("oauth_signature_method"));
req.addQuerystringParameter("oauth_timestamp", parameters.get("oauth_timestamp"));
req.addQuerystringParameter("oauth_version", parameters.get("oauth_version"));
Response res = req.send();
结果是:
OAuth error. Invalid signature. Expected signature base string: GET&http%3A%2F%2Fwww.khanacademy.org%2Fapi%2Fauth%2Frequest_token&oauth_consumer_key%3D***********%26oauth_nonce%3D1341526030%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1341526030%26oauth_version%3D1.0
我使用的是相同的基本字符串生成签名,我使用的消费者密钥作为HMAC-SHA1方式的关键。
I am using the same base string to generate signature and I am using consumer key as the key for HMAC-SHA1 method.
下面是KhanAPI的样子:
进口org.scribe.builder.api.DefaultApi10a;
进口org.scribe.model.Token;
Here is the how KhanAPI looks like: import org.scribe.builder.api.DefaultApi10a; import org.scribe.model.Token;
公共类KhanApi扩展DefaultApi10a {
public class KhanApi extends DefaultApi10a{
@Override
public String getAccessTokenEndpoint() {
return "http://www.khanacademy.org/api/auth/access_token";
}
@Override
public String getAuthorizationUrl(Token arg0) {
return "";
}
@Override
public String getRequestTokenEndpoint() {
return "http://www.khanacademy.org/api/auth/request_token";
}
}
谁能帮我?
谢谢,
Can anyone help me? Thanks,
推荐答案
不抄写添加所有所需的OAuth的参数,并为您执行签名?我期待在LinkedIn的例子,它是基于关闭默认的OAuth 1.0a的流量,我没有看到它在做这样的事情。
doesn't Scribe add all of the required OAuth parameters, and perform the signing for you? i'm looking at the LinkedIn example, which is based off of a default OAuth 1.0a flow, and i don't see it doing anything like that.
<一个href=\"https://github.com/fernandezpablo85/scribe-java/blob/master/src/test/java/org/scribe/examples/LinkedInExample.java\" rel=\"nofollow\">https://github.com/fernandezpablo85/scribe-java/blob/master/src/test/java/org/scribe/examples/LinkedInExample.java
如果您必须手动制定URL和自己签名,究竟是抄写员为你做?
if you have to manually formulate the URL and sign it yourself, what exactly is Scribe doing for you?
这篇关于无法理解这个API的OAuth流的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!