withings API认证 [英] withings api authentication

问题描述

我试图用withings API进行身份验证。我已经得到了正确的消费者密钥和秘密，我能够得到应用页面，我也可以用API认证。

问题是，它是不回来，而不是显示404错误：找不到网页。
我已经交叉检查的回调URL很多次了。

这里的<一个href=\"http://oauth.withings.com/account/authorize?oauth_callback=http%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback&oauth_token=3659f7e3c3eccbfc6990fe5f194d4c947783b1544755c6147f380813231\"相对=nofollow>网址。

这是code，我试图用验证：文档 GEM1 ，的 Gem2 。

我想获得用户返回到我的申请。

  @callback_url ='http://127.0.0.1:3000/auth/withings/callback
    @consumer =的OAuth :: Consumer.new（WITHINGS_KEY，WITHINGS_SECRET，{
        ：网站=＆GT; https://oauth.withings.com'，
        ：request_token_path =＆GT; '/帐号/ request_token'，
        ：access_token_path =＆GT; '/帐号/ ACCESS_TOKEN'，
        ：authorize_path =＆GT; '/帐号/授权
    }）
    @request_token = @ consumer.get_request_token（：oauth_callback =＆GT; @callback_url）
    会话[：request_token] = @request_token
    redirect_to的@ request_token.authorize_url（：oauth_callback =＆GT; @callback_url）
 

解决方案

嘛。我想，你不应该使用第三方库，因为

  @ request_token.authorize_url（：oauth_callback =＆GT; @callback_url）
 

返回不正确的URL。

尽量让自己的实现的OAuth的。

1）使用HMAC-SHA1算法的字符串：

<$p$p><$c$c>GET&https%3A%2F%2Foauth.withings.com%2Faccount%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback%26oauth_consumer_key%3D{WITHINGS KEY}％26oauth_nonce％3D {随机字符串}％26oauth_signature_method％3DHMAC-SHA1％26oauth_timestamp％3D {当前时间}％26oauth_version％3D1.0

此字符串包含3个部分：
{方法} +＆放大器; + {EN $ C $的cD请求URL} +＆放大器; + {EN $ C $的cD请求查询一部分}

签名密钥：{WITHINGS SECRET} +＆放大器;

在结果EN code这个标志。

2）发送请求的网址：

<$p$p><$c$c>https://oauth.withings.com/account/request_token?oauth_callback=http%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback&oauth_consumer_key={WITHINGS KEY}＆安培; oauth_nonce = {随机数从第1步}＆安培; oauth_signature = {步骤1}＆安培结果; oauth_signature_method = HMAC-SHA1和放大器; oauth_timestamp = {TIMESTAMP从步骤1}＆安培; oauth_version = 1.0

3）解析响应主体。取得OAuth凭证和OAuth的秘密。

4）使用HMAC-SHA1算法的字符串：

<$p$p><$c$c>GET&https%3A%2F%2Foauth.withings.com%2Faccount%2Fauthorize&oauth_callback%3Dhttp%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback%26oauth_consumer_key%3D{SECRET KEY}％26oauth_nonce％3D {随机字符串}％26oauth_signature_method％3DHMAC-SHA1％26oauth_token％3D {Oauth权杖}％26oauth_timestamp％3D {当前时间}％26oauth_version％3D1.0

签名密钥：{WITHINGS SECRET} +＆放大器; + {OAUTH SECRET}

在结果EN code这个标志。

5）重定向用户的网址：

<$p$p><$c$c>https://oauth.withings.com/account/rauthorize?oauth_callback=http%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback&oauth_consumer_key={WITHINGS KEY}＆安培; oauth_nonce = {随机数从步骤4}＆安培; oauth_signature = {STEP 4}＆安培结果; oauth_signature_method = HMAC-SHA1和放大器;组oauth_token = {Oauth权杖}＆安培; oauth_timestamp = {TIMESTAMP步骤4}＆安培; oauth_version = 1.0

I am trying to authenticate with the withings api. I have got the consumer key and secret correctly and am able to get to the app page, and I can also authenticate with the api.

The problem is that it is not coming back, instead showing a 404 error: page not found. I have cross-checked the callback url many times.

Here's the url.

This is the code I am trying to authenticate with: Documentation, Gem1, Gem2.

I want to get the user back to my application.

@callback_url = 'http://127.0.0.1:3000/auth/withings/callback'
    @consumer = OAuth::Consumer.new(WITHINGS_KEY, WITHINGS_SECRET, {
        :site => 'https://oauth.withings.com',
        :request_token_path => '/account/request_token',
        :access_token_path => '/account/access_token',
        :authorize_path => '/account/authorize'
    })
    @request_token = @consumer.get_request_token(:oauth_callback => @callback_url)
    session[:request_token] = @request_token
    redirect_to @request_token.authorize_url(:oauth_callback => @callback_url)

解决方案

Well. I think, you should not use third-party libraries, because

@request_token.authorize_url(:oauth_callback => @callback_url)

return incorrect url.

Try to make your own implementation of OAuth.

1) Use HMAC-SHA1 algorithm for string:

GET&https%3A%2F%2Foauth.withings.com%2Faccount%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback%26oauth_consumer_key%3D{WITHINGS KEY}%26oauth_nonce%3D{RANDOM STRING}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D{CURRENT TIME}%26oauth_version%3D1.0

This string contains 3 parts: {METHOD} + "&" + {ENCODED REQUEST URL} + "&" + {ENCODED REQUEST QUERY PART}

SECRET KEY for signing: {WITHINGS SECRET}+"&"

In result encode this sign.

2) Send request to the URL:

https://oauth.withings.com/account/request_token?oauth_callback=http%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback&oauth_consumer_key={WITHINGS KEY}&oauth_nonce={NONCE FROM STEP 1}&oauth_signature={RESULT OF STEP 1}&oauth_signature_method=HMAC-SHA1&oauth_timestamp={TIMESTAMP FROM STEP 1}&oauth_version=1.0

3) Parse response body. Get OAUTH TOKEN and OAUTH SECRET.

4) Use HMAC-SHA1 algorithm for string:

GET&https%3A%2F%2Foauth.withings.com%2Faccount%2Fauthorize&oauth_callback%3Dhttp%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback%26oauth_consumer_key%3D{SECRET KEY}%26oauth_nonce%3D{RANDOM STRING}%26oauth_signature_method%3DHMAC-SHA1%26oauth_token%3D{OAUTH TOKEN}%26oauth_timestamp%3D{CURRENT TIME}%26oauth_version%3D1.0

SECRET KEY for signing: {WITHINGS SECRET}+"&" + {OAUTH SECRET}

In result encode this sign.

5) Redirect user to the URL:

https://oauth.withings.com/account/rauthorize?oauth_callback=http%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback&oauth_consumer_key={WITHINGS KEY}&oauth_nonce={NONCE FROM STEP 4}&oauth_signature={RESULT OF STEP 4}&oauth_signature_method=HMAC-SHA1&oauth_token={OAUTH TOKEN}&oauth_timestamp={TIMESTAMP FROM STEP 4}&oauth_version=1.0

这篇关于withings API认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！