eBay oauth令牌和刷新令牌 [英] eBay oauth token and refresh tokens

问题描述

在eBay令牌身份验证中苦苦挣扎了几天。
我发现很难理解如何获取新令牌，在注册开发人员程序帐户后，我请求了密钥集并获得了它们，然后我授予对Auth'n'Auth令牌的访问权限，持续18个月，是的，该令牌仅适用于Trading，Shopping和Finding API。

但是当您需要执行Buy，Sell和Commerce API时，您必须获取oauth令牌。然后，您可以通过用户令牌工具在oauth上进行所谓的单一用户应用样式和登录，并获得2小时有效的oauth。

稍后在令牌上过期，您可能会失去对上述api的访问权限。我尝试从交易>获取会话ID，交易>获取令牌中获取令牌，但是在将会话ID提供给获取令牌后，它说：最终用户尚未完成Auth& Auth登录流程。虽然有有效的18个月令牌，但它会不断返回此错误。

是否有关于此示例的文章，任何人都可能读或写？

解决方案

这详细说明了 New Sell API（而非auth'n'auth或旧版Trading API）的OAuth流程。尽管生产过程相同，但也适用于沙箱。

您的困惑并非没有根据。我自己在使用此API流程以及大部分官方开发论坛中的经验压力很大。下面详细说明了生成oauth 不相关的过程，该过程与您是否要连接到单个，专用，帐户还是多个用户帐户有关。 p>

有官方指南，它确实说明了整个过程，因此，我很犹豫在此处重新创建整个指南。不过，我可以提供摘要（建议您在尝试通过您的应用之前，先使用Postman遵循以下内容）：

1. 收集您的客户ID和客户密码来自此处（请勿公开共享这些）
b $ b
2. 从此处生成RuName（重定向URL名称） ，方法是单击通过您的应用程序从eBay获取令牌 ，然后填写表格。此表单用于构建登录页面的外观，用户将被重定向以允许您的应用程序访问其帐户。然后，RuName将直接出现在列标题 RuName（eBay重定向URL名称）之下


3. 收集所需的范围列表。每个API端点都需要具有适当范围权限的OAuth令牌。 创建或替换库存项目端点，用于例如，需要 https://api.ebay.com/oauth/api_scope/sell.inventory 范围。找出所需的终结点，然后转到每个终结点的API文档，找到作用域部分。



4. get请求现在看起来像这样：

    `https://signin.sandbox.ebay.com/authorize？ 
    client_id =< your-client-id-value>& 
    redirect_uri =< your-RuName-value>& 
    response_type = code& 
    scope = https％3A％2F％2Fapi.ebay.com％2Foauth％2Fapi_scope％2Fsell.account％20 
    https％3A％2F％2Fapi.ebay.com％2Foauth％2Fapi_scope％2Fsell.inventory `
     

   建议您添加状态查询字符串，为易于使用，我已将其省略，但您应该研究它们是什么以及为什么建议将它们用于OAuth。



5. 浏览器中的此URL会将您重定向到用户的登录页面，以允许您的应用访问他们的帐户，但仅适用于URL中的范围。从PHP curl请求中转储，您将获得重定向URL本身。
   重要提示：即使您的应用程序只有一个用户，最终用户也需要签名。例如，您有一个客户的电子商务网站，并且想要将他们的产品发送到他们的单一eBay帐户。您仍然需要至少每18个月执行一次此过程（找出为什么很快这样做）。


6. 用户登录并确认后，浏览器将显示您可以关闭此窗口现在页面。下一步所需的授权代码位于此页面的URL中，为 code 查询字符串。如果您正在为多个用户开发应用程序，并计划让他们实际在此页面上登录，则需要配置您的应用程序以获取确认响应（即上述URL），并从中提取代码。该代码非常短命。如果您是通过浏览器手动检索它，则需要快速完成下一步。



7. 您现在需要对 https://api.sandbox.ebay.com/identity/v1/oauth2/token 。请参见以下结构：

     HTTP方法：POST 
    URL（沙盒）：https：//api.sandbox。 ebay.com/identity/v1/oauth2/token 
    
    HTTP标头：
    Content-Type =应用程序/ x-www-form-urlencoded 
   授权=基本< B64-编码的oauth-凭据（由您的客户ID和客户机密得出的base64编码值，以冒号分隔。例如，在PHP中，您可以使用以下代码生成该值：`base64_encode（ fakeclientid123：fakeclientsecret123）`）
    
   请求正文（为便于阅读而包装）：
    grant_type = authorization_code& （字面意思是字符串 authorization_code）
    code =<授权码值>& （在上一步中检索的代码）
    redirect_uri =< RuName-value> （与先前的RuName相同）
     

   如果成功，此请求将返回以下内容：

     {
    access_token： v ^ 1.1＃i ^ 1＃p ^ 3＃r ^ 1 ... XzMjRV4xMjg0 ，
    token_type：用户令牌，
    expires_in：7200，
    refresh_token： v ^ 1.1＃i ^ 1＃p ^ 3＃r ^ 1。 .zYjRV4xMjg0，
    refresh_token_expires_in：47304000 
   } 
     

   有oauth我们使用的令牌，将持续 2小时。第二个令牌是刷新令牌，将持续约18个月。确保此令牌安全，不要共享它，也不要在您的应用中对其进行硬编码。从现在开始，您的应用应使用此令牌执行刷新调用，以在需要时获取新的oauth。 18个月结束后，或者如果用户再次执行允许访问过程，则需要执行上述所有操作来生成新的刷新令牌。假定那时的API尚未更改。

   
   
   

   值得注意的是，18个月的寿命不是OAuth刷新的正常过程，通常应返回新的刷新




8. 刷新oauth：

     HTTP方法：POST 
    URL（沙盒）：https://api.sandbox.ebay.com/identity/v1/oauth2/token 
    
    HTTP标头：
   内容类型=应用程序/ x-www-form-urlencoded 
   授权=基本< B64编码的oauth-credentials> 
    
   请求正文（为便于阅读而包装）：
    grant_type = refresh_token& 
    refresh_token =<您的刷新令牌值>& 
    scope = https％3A％2F％2Fapi.ebay.com％2Foauth％2Fapi_scope％2Fsell.account％20 
    https％3A％2F％2Fapi.ebay.com％2Foauth％2Fapi_scope％2Fsell.inventory 
     

我希望这会有所帮助！

been struggling for couple of days with eBay token authentication. I am finding it hard to understand how to fetch new tokens, after signing up for a developer program account, I requested the key-set and got them, afterwards I grant access on Auth'n'Auth token which promises to last for 18 months, and yes the token works only on Trading, Shopping and Finding api.

But when you need to perform Buy, Sell and Commerce api's you have to obtain oauth tokens. And you can do the so called "Single User app" style and signin on oauth from User Token Tool, and get an oauth with 2 hours expiry.

Later on the token expires and you kinda lose the access to the api's mentioned above. I tried fetching tokens from Trading > Get session ID, Trading > Fetch token, but after providing session id to Fetch token it says: "The end user has not completed Auth & Auth sign in flow." while there is a valid 18 months token, it keeps returning this error.

Is there any example article on this, which anyone might have read or wrote?

解决方案

This details the OAuth process of the "New Sell" API, not auth 'n' auth or the legacy Trading API. It is also for the sandbox, although the procedure for Production is the same.

Your confusion is not unwarranted. My own experiences with this API flow, along with those of a large portion of the official dev forums, has been stressful. The below details the procedure to generate an oauth irrelevant of whether you are connecting to a single, dedicated, account or multiple user accounts.

There is the official guide, which does explain the whole process, so I'm hesitant to recreate entire guide here. I can provide a summary though (I advise following the below using Postman before attempting through your app):

1. Gather your client ID and Client Secret from here (do not share these publicly)
2. Generate an RuName (Redirect URL Name) from here by clicking "Get a Token from eBay via Your Application" and filling out the form. This form is for building the look of the login page that users will be redirected to allow your application access to their account. The RuName will then appear directly underneath the column header " RuName (eBay Redirect URL name)"
3. Gather the list of scopes you require. Each API endpoint requires an OAuth token with the appropriate scope permissions. The Create or Replace Inventory Item endpoint, for instance, requires the https://api.ebay.com/oauth/api_scope/sell.inventory scope. Figure out what endpoints you will need and go to the API doc for each and find the scope section.

4. The get request now looks like this:

   `https://signin.sandbox.ebay.com/authorize?
   client_id=<your-client-id-value>&
   redirect_uri=<your-RuName-value>&
   response_type=code&
   scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.account%20
   https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.inventory`
   

   It is also recommended you add astate query string, which I have omitted for ease of use, but you should research what they are and why they are recommended for OAuth.

5. This URL in a browser will redirect you to a sign-in page for the user to allow your application access to their account, but only for the scopes in the URL. Dumped from a PHP curl request you will get the redirect URL itself. Important: A sign by the end user is needed even if your application will only have one user. For instance, you have an e-commerce site for a client and you want to send their products to their singular eBay account. You will still need to do this process at least once every 18 months (find out why soon).
6. Once the user has logged in and confirmed, the browser will display a "you can close this window now" page. The authorization code you need for the next step is in the URL of this page as the code query string. If you are developing an application for multiple users and plan to actually have them sign in on this page then you need to configure your app to grab the confirmation response, which will be the aforementioned URL, and extract the code from it. This code is very short-lived. If you are manually retrieving it via a browser you need to progress through the next steps quickly.

7. You now need to perform a POST request to https://api.sandbox.ebay.com/identity/v1/oauth2/token. See the structure below:

   HTTP method:   POST
   URL (Sandbox): https://api.sandbox.ebay.com/identity/v1/oauth2/token
   
   HTTP headers:
   Content-Type = application/x-www-form-urlencoded
   Authorization = Basic <B64-encoded-oauth-credentials> (A base64-encoded value made from your client ID and client secret, separated by colon. For example, in PHP you could generate it with: `base64_encode ("fakeclientid123:fakeclientsecret123")`)
   
   Request body (wrapped for readability):
   grant_type=authorization_code& (literally the string "authorization_code")
   code=<authorization-code-value>& (code retreived in previous step)
   redirect_uri=<RuName-value> (same RuName as earlier)
   

   If successful this request will return something like the below:

   {
       "access_token": "v^1.1#i^1#p^3#r^1...XzMjRV4xMjg0",
       "token_type": "User token",
       "expires_in": 7200,
       "refresh_token": "v^1.1#i^1#p^3#r^1...zYjRV4xMjg0",
       "refresh_token_expires_in": 47304000
     }
   

   There's the oauth token we're after, which will last 2 hours. The second token is a refresh token, which will last ~18 months. Keep this token safe and do not share it, nor hard-code it in your app. From this point onwards your app should perform refresh calls, using this token, to get a new oauth whenever it needs to. Once the 18 months is up, or if the user goes through the "Allow Access" procedure again, you will need to do all of the above to generate a new refresh token. Assuming the API has not changed by that point.

   It is worth noting that the 18 month lifespan is not a normal procedure for OAuth refreshing, which normally should return a new refresh token each time the old one is used.

8. To refresh an oauth:

     HTTP method:   POST
     URL (Sandbox): https://api.sandbox.ebay.com/identity/v1/oauth2/token
   
     HTTP headers:
       Content-Type = application/x-www-form-urlencoded
       Authorization = Basic <B64-encoded-oauth-credentials>
   
      Request body (wrapped for readability):
         grant_type=refresh_token&
         refresh_token=<your-refresh-token-value>&
         scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.account%20
         https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.inventory
   

I hope this helps!

这篇关于eBay oauth令牌和刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！