如何使用GreaseMonkey用户脚本以编程方式打开登录窗口以进行隐式授权 [英] How to programmatically open login window using GreaseMonkey userscript for implicit grant authorization

问题描述

在另一个网站(www.sharelatex.com)上，如何编码GreaseMonkey用户脚本以将我带到授权/登录窗口?我的理解是GM_xmlhttpRequest将执行此功能，并且在成功加载GM_xmlhttpRequest之后获得确定"状态时，没有登录窗口出现.我应该使用其他功能吗?此登录必须以编程方式完成，以便用户脚本可以捕获"成功登录后附加到重定向URL的令牌号.然后，该令牌号将在Mendeley API调用中使用，以从我的Mendeley帐户下载所需文件(使用隐式授权流程).

How do I code my GreaseMonkey userscript to take me to an authorization/login window while on a different website (www.sharelatex.com)? My understanding was that GM_xmlhttpRequest would perform this function, and while I get an "OK" status after GM_xmlhttpRequest has successfully loaded, no login window presents itself. Should I be using a different function? This login must be done programmatically so that the userscript can "catch" the token number that gets attached to the redirect URL following successful login. This token number will then be used in a Mendeley API call to download the desired file from my Mendeley account (using implicit grant flow).

背景信息:我正在尝试构建一个GreaseMonkey用户脚本，该脚本将在我的www.sharelatex.com帐户中添加一个按钮，当按下该按钮时，它将使用该网站的API从www.mendeley.com上的我的帐户中自动下载文件. .与按钮关联的代码还应考虑使用API​​所需的登录和身份验证要求.我已经向Mendeley注册了我的应用程序，收到了一个客户端ID"编号(出于说明目的，为0000)，该编号已用于构造以下网址:

Background info: I am trying to build a GreaseMonkey userscript that will add a button to my www.sharelatex.com account that, when pushed, will automatically download a file from my account on www.mendeley.com using that site's API. The code associated with the button should also take of login and authentication requirements needed to use the API. I've registered my application with Mendeley, received a "client ID" number (0000, for purposes of illustration) which I have used to construct the following url:

var urlAuth  = "https://api.mendeley.com/oauth/authorize?client_id=0000&redirect_uri=http://localhost&response_type=token&scope=all"

如果我直接将上述URL作为URL地址直接输入到浏览器中，则会进入类似以下内容的登录/授权页面，这正是我想要看到的内容，但是是通过编程方式而不是手动方式: 点击此处查看身份验证/登录窗口 以下是发生故障的GreaseMonkey用户脚本的相关内容:

If I manually enter the above URL directly into my browser as a URL address, I am taken to a login/authorization page that looks like the below, which is exactly what I want to see, but programmatically instead of manually: Click here to view authentication/login window Below are the relevant bits of my malfunctioning GreaseMonkey userscript:

// ==UserScript==
//  ... skipping over irrelevant lines ... 
// @grant       GM_xmlhttpRequest
// ==/UserScript==
var urlAuth  = "https://api.mendeley.com/oauth/authorize?client_id=0000&redirect_uri=http://localhost&response_type=token&scope=all"
/* ***************   CREATE BUTTON ************************* */
var input = document.createElement("input"); 
input.type = "button"; 
input.value="Update bibtex"; 
input.onclick = getBib; 
input.setAttribute("style", "font-size:18px; position:absolute; bottom:10px;left:10px;");
document.body.appendChild(input);
/* ================================================================ */
function getBib()
{    
GM_xmlhttpRequest({ 
method: 'GET',
url: urlAuth, 
onload: function(reply) { alert(reply.statusText) }
}

警报指示确定"状态，但是没有显示登录窗口.当我做一个:

the Alert indicates an OK status, but no login window presents itself. When I do an:

alert(urlAuth)

在onload部分中，我手动将警报框中显示的内容复制/粘贴到浏览器地址区域，浏览器将我带到相应的登录/授权窗口，因此URL本身就可以了.

within the onload section and I manually copy/paste what appears in the alert box into the browser address area, the browser takes me to the appropriate login/authorization window, so the URL itself is fine.

为什么GM_xmlhttpRequest无法将我带到登录屏幕?我是否误解了GM_xmlhttpRequest的功能，而应该使用其他功能?我花了大约2个月的时间试图弄清楚这一点，浏览了有关OAuth2，用户脚本，Mendeley API等主题的数百篇参考文献.一些示例: https://salesforce.stackexchange.com/questions/76397/accessing- salesforce-rest-api-through-greasemonkey-script (提供的答案从未解决过如何获取登录窗口的问题).

Why isn't the GM_xmlhttpRequest taking me to the login screen? Am I misunderstanding the functionality of GM_xmlhttpRequest, and should instead be using a different function? I've spent about 2 solid months trying to figure this out, poring through hundreds of references on the topic of OAuth2, userscripts, Mendeley API, etc. A few examples: http://userscripts-mirror.org/scripts/review/292038 (was promising as it is the only GreaseMonkey/Mendeley userscript out there but unfortunately does not perform OAuth2 stuff), https://salesforce.stackexchange.com/questions/76397/accessing-salesforce-rest-api-through-greasemonkey-script (the provided answer never addressed the question of how to get the login window).

推荐答案

虽然OAuth2流程的主题涉及多个步骤，但这个问题只集中在一个步骤上:如何通过GreaseMonkey用户脚本.答案(请参见上面的Brock Adams的评论)由 meta.stackexchange.com/a/293498/148310提供的示例给出.更具体地说，登录窗口是由window.open函数生成的，如以下示例所示(请参见下面的第21行):

While the topic of OAuth2 process involves multiple steps, this question was focused on one step: how to get the authorization / log-in window to present itself through a GreaseMonkey userscript. The answer (see comment by Brock Adams above) is given by an example provided in meta.stackexchange.com/a/293498/148310. More specifically, the log-in window is produced by the window.open function, as illustrated in the following example (see Line #21 below):

// ==UserScript==
<other needed info in the metadata block should be included here>
// @match       https://stackexchange.com/oauth/login_success*
// ==/UserScript==

var rootUrl = "https://api.mendeley.com/oauth/authorize?"
// the rootUrl should point to whatever API service you are trying to use. 
// I am using Mendeley, but could be i.e, facebook, YouTube, Twitter, Google, etc. 
var clientId = "0000"   // needs to be the number you got when you registered your app
// through whatever API service you want to use
var redirectUrl = "https://stackexchange.com/oauth/login_success"  
// The above directs where the login page will be redirected after successful
//     log-in/authorization. 
// This URL needs to point to a real page. 
// Also make sure that whatever is given for the redirectUrl is also 
//     listed in the @match statement in the metadata block section at the top, 
//     but with an astericks at the end (to allow for the token number to be 
//     attached as a hash fragment, as part of the OAuth2 process)
var other   = "response_type=token&scope=all" 
var urlAuth = rootUrl + clientId + "&" + redirectUrl + "&" + other
authWindow = window.open ( urlAuth, "Log in", "resizeable, scrollbars, status, toolbar, 
             dependent, width=660,height=480" ) 
// tailor window sizing, etc. to your own aesthetics

这篇关于如何使用GreaseMonkey用户脚本以编程方式打开登录窗口以进行隐式授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！