BigCommerce私人应用程序可以使用OAuth吗 [英] Can BigCommerce Private Apps use OAuth
问题描述
我对BC关于其API的文档感到非常困惑,因为他们让您创建了草稿应用"(私有应用),现在我在他们的文档中看到他们说我们目前不提供保留OAuth应用的方法私人的.".
我在这里的担心是,他们最近做了一些更改,这些更改可能影响了我一个月前运行良好的一些私有应用程序.如果有人可以提供一些见解,我将不胜感激!
https://developer.bigcommerce.com/api/guides/oauth-transition
仅出于访问商店API的目的而使用草稿应用"创建oAuth凭据没有错.您不必发布应用程序,在这种情况下,您的应用程序将永远不会被公开".除非您想在商店中提供一个界面,否则您也不必费心加载回调URL"并在应用程序草稿中填写详细信息.
草稿应用程序"功能专门用于允许开发人员为BC App Marketplace构建应用程序,以便在提交之前在商店中测试其应用程序.但是,您可以使用它来制作仅适用于您的商店的私有应用程序-我在这里为其他人提供该过程!
使用oAuth(或如何为商店生成oAuth凭据)制作私人应用
您需要什么- 访问您要在其上安装应用程序的商店中列为商店所有者"的帐户,或者具有使访问者可以完成几个步骤的功能
- 能够设置本地或公共URL来接收验证回叫请求"
入门
您应该做的第一件事就是整理一个本地或公共URL,以接收"Auth Callback"请求.该资源必须能够通过HTTPS连接工作,但是SSL可以是自签名的. Bigcommerce的"Auth Callback"请求是一个GET请求,该请求在URL上具有3个查询参数:代码,范围和上下文.
在此进行更详细的描述:
https://developer.bigcommerce.com/api/callback#get-req
其他信息在构建公共应用程序时,重要的是将接收到Auth Callback请求的服务配置为捕获3个查询值,并将它们与您已有的信息结合起来.然后,您将在POST中将所有这些信息发送到BC oAuth令牌服务,以生成商店的API令牌.除此之外,您还希望以200状态和用户界面或说明来响应Auth Callback请求.
在构建私有应用程序的上下文中,您无需为此担心.您需要做的就是捕获查询值.如果已经有了,请继续并跳至下面有关生成API令牌的部分.
继续之前
您应该具有一个可以接收GET请求并捕获查询参数的URL路径.对其进行测试,并确保它可以工作.以下是几个示例URL:
https://example.com/auth-callback
https://localhost:8000/auth-service
注册应用
此处的关键点是,必须由您要安装应用程序的商店的商店所有者帐户完成该应用程序的注册 .如果您有权访问商店所有者帐户凭据,请按照此页面底部的步骤操作:
https://developer.bigcommerce.com/api/registration
如果您与商店所有者合作,则可以指导他们完成上述步骤.您需要向他们提供您为完成第9步而创建的 Auth回调URL .确实必须填写 Load Callback URL ,但是可以保留提供的默认示例.
范围注册应用程序时,您可以选择应用程序的范围.将它们全部保持打开状态很简单,但是最好的做法是仅启用所需的范围.以下是范围的列表:
https://developer.bigcommerce.com/api/scopes
如果不确定是否需要某个范围,则将其保持启用状态,因为如果必须更改应用程序的范围,则必须重新生成API令牌(执行应用程序的重新安装).
继续之前
您需要具有 client_id 和 client_secret .如果其他人注册了该应用程序,则需要向他们询问.注册应用后,有一个查看客户端ID 按钮将提供该按钮.
生成Auth回调请求
您将需要具有商店所有者访问权限的人再次执行此步骤.他们需要登录到自己的商店,然后转到左侧列的应用部分.之后,依次点击市场->然后我的应用(在右上角)->然后我的草稿应用
现在您应该会看到一个列表,其中包含商店所有者已注册的所有应用程序".选择与您打算使用的 client_id 相关的一个.点击安装该应用.
现在已发送Auth Callback请求,您已在此处完成.除非您用内容响应Auth Callback请求,否则您应该期望结果只显示空白页或灰色页.您的应用现在正在等待验证.
如果使用自签名证书当您的Auth Callback URL具有自签名证书时,尝试安装该应用程序时,您将在浏览器中看到不受信任的证书"错误.您应该选择信任证书并继续.
继续之前
您现在应该已经在Auth Callback URL上收到了代码,范围和上下文.如果没有,则可能是由于服务器上没有SSL/TLS.您可以在启动该应用的同一位置取消安装,根据需要多次重放Auth Callback请求.您甚至可以打开开发工具并观察请求的发生,以查看控制台中显示了哪些错误.如果仍然失败,那么您应该联系Bigcommerce支持或在此处提出新问题!
生成API令牌以完成安装
请按照以下步骤操作:
https://developer.bigcommerce.com/api/callback#post-req
您应该具有将POST请求发送到BC Auth令牌服务的所有详细信息,网址为 https://login.bigcommerce.com/oauth2/token
确保使用URL对您的内容进行编码,您应该会很好!这是一个可以为您进行URL编码和解码的网站: http://meyerweb.com/eric/tools/dencoder/
请注意,当这些符号实际上分别用作字段之间或字段/值之间的分隔符时,对它们进行编码& 和 = .
您应该已经收到来自Auth服务的成功响应,其中包括您的 API令牌.有了这些,就可以访问商店的API.您不再需要启用您的Auth Callback URL并可以使用它,并且可以将其取下来.
还要注意用于创建API路径的上下文.
访问API
现在您已经拥有自己的 API令牌和上下文,您都可以访问商店的API.从对/time端点的简单请求开始.
发出GET请求,并包含以下标头(减去花括号):
- X-Auth-Client:{CLIENT_ID}
- X-Auth-Token:{API_TOKEN}
- 接受:application/json
- 内容类型:application/json
将您的请求发送到(减去花括号)的URL路径:
https://api.bigcommerce.com/ {context}/v2/time
如果您收到200条回复,那么您就准备好了!
附加说明-打破凭证的方法
为特定应用成功生成API令牌后,该应用将在控制面板"中的应用部分中以图标形式显示.该应用程序在那里的事实表明它已安装并允许访问.如果您卸载该应用程序,则先前生成的API令牌将停止工作.
在已安装的应用程序上更改范围,将要求重新安装该应用程序以更正令牌.
在商店上更改商店所有者的电子邮件将导致令牌停止工作.该API令牌专门与注册该应用程序的商店所有者绑定.
I am very confused by the BC documentation on their API, because they let you create "Draft Apps" (private apps) and now I see that in their documentation they say "We do not currently provide a means of keeping OAuth apps private.".
My concern here is that they made some changes recently that might have affected a few of my Private Apps that I had running just fine a month ago. If anyone can provide some insight, I would appreciate it greatly!
https://developer.bigcommerce.com/api/guides/oauth-transition
There is nothing wrong with creating oAuth credentials with a "Draft App" for the sole purpose of accessing the API of your store. You do not ever have to publish your app and your app will never be made "public" in that case. You also don't have to bother with the 'Load Callback URL' and filling out the details on your draft app, unless you want to provide yourself an interface in the store.
The "Draft App" function was specifically meant to allow Developers building apps for the BC App Marketplace to test their apps in a store before submission. However, you can use it to make a private application that is only intended for your store - I'm including the process here for others!
Making a Private App with oAuth (or How to Generate oAuth Credentials for a Store)
What you will need- Access to the account listed as the "store owner" of the store where you want to install your app or the ability to get a person with access to complete a couple steps
- Ability to setup a local or public URL to receive the 'Auth Callback Request'
Getting started
The first thing you should do is sort out making available a local or public URL that can receive an "Auth Callback" request. This resource must be able to work over an HTTPS connection but the SSL can be self-signed. The 'Auth Callback' request from Bigcommerce is a GET request that will have 3 query parameters on the URL: code, scope, and context.
It is described in greater detail here:
https://developer.bigcommerce.com/api/callback#get-req
Additional infoWhen building a public app it is important that the service receiving the Auth Callback request be configured to catch the 3 query values and combine them with information you already have. You would then send all of this information in a POST to the BC oAuth Token service to generate your API token for the store. In addition to that you would want to respond to the Auth Callback request with a 200 status and an interface, or instructions, for the user.
In the context of building a private application you don't need to worry about any of that. All you need to do is capture the query values. If you have this already then go ahead and jump down to the section on generating an API token below.
Before Moving On
You should have a URL path that can receive a GET request and captures query parameters. Test it out and make sure it works. Here are a couple example URLs:
https://example.com/auth-callback
https://localhost:8000/auth-service
Registering an App
The key point here is that the registration of the app must be completed by the store owner account of the store where you want to install the app. If you have access to the store owner account credentials then follow the steps at the bottom of this page:
https://developer.bigcommerce.com/api/registration
If you are working with the store owner then you can direct them to complete the steps above. You will need to provide them the Auth Callback URL you created for completing Step 9. The Load Callback URL does have to be filled in but the default example provided can be left in place.
SCOPESWhen registering an app you are able to choose the scopes for the app. It is simple to just leave them all open but it is best practice to only enable the scopes you need. Here is a list of the scopes:
https://developer.bigcommerce.com/api/scopes
If you are not sure whether or not you will need a certain scope then leave it enabled because you will have to re-generate your API Token (perform a re-install of the app) if you have to change the scopes on your app.
Before Moving On
You need to have the client_id and client_secret. If someone else registered the app then you will need to ask them for this. There is a View Client ID button that will provide it after registering an app.
Generate the Auth Callback Request
You will need the person with store owner access again for this step. They will need to login to their store and go to the Apps section on the left side column. After that click on Marketplace -> then My Apps (in the top-right) -> then My Draft Apps
You should now see a list containing any "apps" that the store owner has registered. Choose the one relating to the client_id you plan to use. Click to install the app.
The Auth Callback request has now been sent and you are done here. You should expect to see just a blank or grey page as a result unless you are responding to the Auth Callback request with content. Your app is now awaiting authentication.
If using a self-signed certificateWhen your Auth Callback URL has a self-signed certificate then you will see a "untrusted cert" error in your browser when you attempt installation of the app. You should choose to trust the certificate and continue.
Before Moving On
You should now have received the code, scope, and context at your Auth Callback URL. If you did not it was likely due to not having SSL/TLS at your server. You can replay the Auth Callback request as many times as needed by Cancelling Installation of the app in the same place where you started it. You can even open up a Dev tool and watch the request happen to see what errors show up in the console. If this is continuing to fail then you should reach out to Bigcommerce support or ask a new question on here!
Generating an API Token to Complete Installation
Follow the steps here:
https://developer.bigcommerce.com/api/callback#post-req
You should have all of the details needed to send a POST request to the BC Auth Token Service at https://login.bigcommerce.com/oauth2/token
Make sure to URL encode your content and you should be good! Here is a site that can URL encode and decode for you: http://meyerweb.com/eric/tools/dencoder/
Just be careful of it encoding & and = signs when those are actually being used as separators between fields or between field/value (respectively).
You should have received a successful response from the Auth service which will include your API Token. Once you have this you are all set to access the API of the store. You no longer need to have your Auth Callback URL up and available and can take that down.
Also take note of the context to use to create your API path.
Accessing the API
Now that you have your API Token and context you are all set to access the API of a store. Start off with a simple request to the /time endpoint.
Make a GET request and include the following headers (minus the curly braces):
- X-Auth-Client: {CLIENT_ID}
- X-Auth-Token: {API_TOKEN}
- Accept: application/json
- Content-Type: application/json
Send your request to a URL path of (minus curly braces):
https://api.bigcommerce.com/{context}/v2/time
If you get back a 200 response then you are all set!
Additional Notes - Ways to Break Credentials
Once you have successfully generated an API Token for a certain app, that app will display in the Control Panel as an icon in the Apps section. The fact the app is there shows it is installed and allowing access. If you uninstall that app then the previously generated API token will stop working.
Changing the scopes on an already installed app will require it to be re-installed to correct the token.
Changing the store owner email on the store will cause the token to stop working. The API Token is specifically tied to the store owner that registered the app.
这篇关于BigCommerce私人应用程序可以使用OAuth吗的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
