使用 Rauth、Python 针对 Vimeo API 的 OAuth 签名无效错误 [英] OAuth Signature not valid error using Rauth, Python against the Vimeo API

问题描述

对不起，如果这是一个菜鸟问题，但我试图测试并开始使用带有 Vimeo API 的 RAuth python 库.

我正在使用应用页面上提供的访问令牌/秘密，用于我在开发者网站上向 Vimeo 注册的应用.所以我想问题的第一部分是:这是一个有效的访问令牌/秘密还是我需要实际通过 OAuth 过程，尽管我正在尝试使用此 API 访问我公司的帐户?

假设这是一个有效的令牌，那么问题的核心是，鉴于此实现:

 from rauth.session 导入 OAuth1Session会话 = OAuth1Session(消费者密钥=VIMEO_CLIENTID，消费者秘密=VIMEO_CLIENTSECRET，access_token=VIMEO_ACCESSTOKEN，access_token_secret=VIMEO_ACCESSTOKENSECRET )响应 = session.get(VIMEO_URL_BASE + 'vimeo.oauth.checkAccessToken')

我收到以下回复:

{"response": {"err": {"expl": "传递的 oauth_signature 无效.", "code": "401", "msg": "无效签名"}, "stat": "fail", "generated_in": "0.0041"}

基于看起来像这样的 OAuth 标头(注意，我只是从会话对象中提取了这些标头，因此密钥不是内部使用的，而是按照 Rauth 库定义的方式发送的):

<预><代码>{"signature": "DH9ueZmrnguFgBIDZs7ZQPE7qHs=","nonce": "8bcbc130548c0677cd134e7d7f22b17df7a2eee6",时间戳":1380266167，"oauth_version": "1.0",令牌":VIMEO_ACCESSTOKENSSECRET，"consumer_key": VIMEO_CLIENTID,"sig_method": "HMAC-SHA1"}

我读过一些关于时钟关闭的帖子.我的开发工作站正在检查 time.windows.com，但我确实用 time-a.nist.gov 将其关闭以防万一.我还关闭了同步并手动将时钟移动了几秒钟.这些都没有效果.我还尝试根据我的时钟检查 developer.vimeo.com 站点的操场示例中的时间戳，它们之间最多相差 1-2 秒.

尽管假设第一个问题的答案是正确的，但我认为我在做一些菜鸟，并且根据我在 RAuth 代码中读到的内容，如果我有一个有效的身份验证令牌和秘密，我应该能够使用这些无需经历整个 OAuth 过程，因为这只会生成一个新的令牌/秘密.

同样，我是 OAuth 的新手，我对 Python 也比较陌生，所以我可能会做一些愚蠢的事情.

解决方案

这里的问题是您试图获取整个 URL 并且不允许 Rauth 通过请求的 API 对参数进行签名.这不起作用，因为 Rauth 需要能够查看参数并以特定方式签名.相反，您应该这样做:

print sess.get('http://vimeo.com/api/rest/v2', params={'method': 'vimeo.oauth.checkAccessToken'}).content<?xml version="1.0" encoding="UTF-8"?>\n<rspgenerated_in="0.0044" stat="ok">\n <oauth>\n <token>...</token>\n <permission>删除</permission>\n <user display_name="Max Countryman" id="16760357" username="user16760357"/>\n </oauth>\n</rsp>\n'

请记住，Rauth 是请求，但添加了方便的 OAuth 处理.这意味着您应该像使用请求一样使用 Rauth.

以下应该可以工作(我亲自用我的 Vimeo 凭据进行了测试，它似乎按预期工作):

 from rauth.session 导入 OAuth1Sessionsession = OAuth1Session(consumer_key=VIMEO_CLIENTID,消费者秘密=VIMEO_CLIENTSECRET，access_token=VIMEO_ACCESSTOKEN，access_token_secret=VIMEO_ACCESSTOKENSECRET)response = session.get('http://vimeo.com/api/rest/v2', params={'method': 'vimeo.oauth.checkAccessToken'})

希望有帮助！

Sorry if this is a noob question but I was trying to test and start using the RAuth python library with Vimeo's API.

I'm using the access token/secret provided on the app page for the app I registered with Vimeo on the developer's site. So I guess the first part of the question is: is that a valid access token/secret or do I need to actually go through the OAuth process despite the fact that I'm trying to access my company's account using this API?

Assuming that's a valid token, then the meat of the question is, given this implementation:

from rauth.session import OAuth1Session

session = OAuth1Session(
                    consumer_key=VIMEO_CLIENTID,
                    consumer_secret=VIMEO_CLIENTSECRET,
                    access_token=VIMEO_ACCESSTOKEN,
                    access_token_secret=VIMEO_ACCESSTOKENSECRET )

response = session.get(VIMEO_URL_BASE + 'vimeo.oauth.checkAccessToken')

I'm getting the following as a response:

{"response": {"err": {"expl": "The oauth_signature passed was not valid.", "code": "401", "msg": "Invalid signature"}, "stat": "fail", "generated_in": "0.0041"}

Based on OAuth headers that look like this (note, I just extracted these out of the session object so the keys aren't what are being used internally and sent through as those are defined by the Rauth library):

{
"signature": "DH9ueZmrnguFgBIDZs7ZQPE7qHs=", 
"nonce": "8bcbc130548c0677cd134e7d7f22b17df7a2eee6", 
"timestamp": 1380266167, 
"oauth_version": "1.0", 
"token": VIMEO_ACCESSTOKENSECRET, 
"consumer_key": VIMEO_CLIENTID, 
"sig_method": "HMAC-SHA1"
}

I'd read some posts about clocks being off. My dev workstation's checking time.windows.com though I did switch it out with time-a.nist.gov just in case. I also turned off sync and manually shifted my clock a few seconds. None of that had an effect. I also tried checking the timestamps in the developer.vimeo.com site's playground examples against my clock and they're within 1-2 seconds of each other at most.

I figure I'm doing something noobish though assuming the answer to the first question is right, and according to what I read in the RAuth code, if I have a valid auth token and secret, I should be able to use those without having to go through the entire OAuth process since that would just generate a new token/secret anyway.

Again, I'm new to OAuth and I'm relatively new to Python so I might be doing something stupid.

解决方案

The issue here is that you're attempting to get the whole URL and not allowing Rauth to sign the parameters via the Requests' API. This doesn't work because Rauth needs to be able to look at the parameters and sign then in a specific way. Instead you should do this:

print sess.get('http://vimeo.com/api/rest/v2', params={'method': 'vimeo.oauth.checkAccessToken'}).content

<?xml version="1.0" encoding="UTF-8"?>\n<rsp generated_in="0.0044" stat="ok">\n  <oauth>\n    <token>...</token>\n    <permission>delete</permission>\n    <user display_name="Max Countryman" id="16760357" username="user16760357"/>\n  </oauth>\n</rsp>\n'

Remember that Rauth is Requests but with the addition of convenient OAuth handling. What that means is you should use Rauth as though it were Requests.

The following should work (I personally tested with my Vimeo credentials and it seems to work as expected):

from rauth.session import OAuth1Session

session = OAuth1Session(consumer_key=VIMEO_CLIENTID,
                        consumer_secret=VIMEO_CLIENTSECRET,
                        access_token=VIMEO_ACCESSTOKEN,
                        access_token_secret=VIMEO_ACCESSTOKENSECRET)

response = session.get('http://vimeo.com/api/rest/v2', params={'method': 'vimeo.oauth.checkAccessToken'})

Hope that helps!

这篇关于使用 Rauth、Python 针对 Vimeo API 的 OAuth 签名无效错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！