eBay oauth 令牌和刷新令牌 [英] eBay oauth token and refresh tokens

问题描述

几天来一直在为 eBay 令牌身份验证而苦苦挣扎.我发现很难理解如何获取新令牌，在注册开发者计划帐户后，我请求了密钥集并获得了它们，之后我授予了对 Auth'n'Auth 令牌的访问权限，该令牌承诺持续 18 个月，是的，该令牌仅适用于交易、购物和查找 api.

但是当您需要执行 Buy、Sell 和 Commerce api 时，您必须获得 oauth 令牌.您可以执行所谓的单用户应用程序"样式并从 User Token Tool 登录 oauth，并获得 2 小时到期的 oauth.

稍后令牌过期，您将失去对上述 api 的访问权限.我尝试从交易 > 获取会话 ID、交易 > 获取令牌中获取令牌，但是在向获取令牌提供会话 ID 后，它说:最终用户尚未完成身份验证和身份验证登录流程."虽然有一个有效的 18 个月令牌，但它不断返回此错误.

是否有任何人可能读过或写过的关于此的示例文章?

解决方案

这里详细介绍了New Sell"的 OAuth 流程API，而不是 auth 'n' auth 或旧版交易 API.它也适用于沙箱，尽管生产过程是相同的.

您的困惑并非毫无根据.我自己对这个 API 流程的经验，以及大部分官方开发论坛的经验，一直有压力.下面详细介绍了生成 oauth 无关的过程，无论您是连接到单个、专用帐户还是多个用户帐户.>

有官方指南，它确实解释了整个过程，所以我很犹豫要不要在这里重新创建整个指南.不过，我可以提供一个摘要(我建议在尝试通过您的应用程序之前使用 Postman 执行以下操作):

1. 从此处收集您的客户端 ID 和客户端密钥(做不公开分享这些)

2. 从 生成 RuName(重定向 URL 名称)在此处点击通过您的应用程序从 eBay 获取令牌"并填写表格.此表单用于构建登录页面的外观，用户将被重定向以允许您的应用程序访问他们的帐户.然后 RuName 将直接出现在列标题 " 的下方.RuName(eBay 重定向 URL 名称)"

3. 收集您需要的范围列表.每个 API 端点都需要一个具有适当范围权限的 OAuth 令牌.创建或替换库存项目端点，例如，需要 https://api.ebay.com/oauth/api_scope/sell.inventory 范围.确定您需要哪些端点，然后转到每个端点的 API 文档并找到范围部分.

4. get 请求现在看起来像这样:

   `https://signin.sandbox.ebay.com/authorize?client_id=<your-client-id-value>&redirect_uri=<your-RuName-value>&response_type=代码&范围=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.account%20https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.inventory`

   还建议您添加state 查询字符串，为了便于使用，我已将其省略，但您应该研究 它们是什么 以及为什么推荐它们用于 OAuth.

5. 浏览器中的此 URL 会将您重定向到用户的登录页面，以允许您的应用程序访问他们的帐户，但仅限于 URL 中的范围.从 PHP curl 请求转储后，您将获得重定向 URL 本身.重要提示:即使您的应用程序只有一个用户，也需要最终用户的签名.例如，您有一个客户的电子商务网站，并且您想将他们的产品发送到他们唯一的 eBay 帐户.您仍然需要至少每 18 个月执行一次此过程(尽快找出原因).

6. 用户登录并确认后，浏览器将显示您现在可以关闭此窗口".页.下一步需要的授权码作为code查询字符串出现在这个页面的URL中.如果您正在为多个用户开发应用程序并计划让他们实际登录此页面，那么您需要配置您的应用程序以获取确认响应，即上述 URL，并从中提取代码.这段代码非常存在.如果您通过浏览器手动检索它，则需要快速完成后续步骤.

7. 您现在需要向 https://api.sandbox.ebay.com/identity/v1/oauth2/token.请参阅以下结构:

   HTTP 方法:POSTURL(沙盒):https://api.sandbox.ebay.com/identity/v1/oauth2/tokenHTTP 标头:内容类型 = 应用程序/x-www-form-urlencoded授权 = 基本 <B64-encoded-oauth-credentials>(由您的客户端 ID 和客户端密码组成的 base64 编码值，以冒号分隔.例如，在 PHP 中，您可以使用以下命令生成它:`base64_encode ("fakeclientid123:fakeclientsecret123")`)请求正文(为了可读性而包装):grant_type=authorization_code&(字面意思是字符串authorization_code")代码=<授权代码值>&(代码在上一步中检索)redirect_uri=(与之前的 RuName 相同)

   如果成功，此请求将返回如下内容:

   <代码>{access_token":v^1.1#i^1#p^3#r^1...XzMjRV4xMjg0"，token_type":用户令牌"，expires_in":7200，refresh_token":v^1.1#i^1#p^3#r^1...zYjRV4xMjg0"，refresh_token_expires_in":47304000}

   这是我们要的 oauth 令牌，它将持续 2 小时.第二个令牌是刷新令牌，将持续约 18 个月.确保此令牌安全，不要共享它，也不要在您的应用程序中对其进行硬编码.从这一点开始，您的应用程序应使用此令牌执行刷新调用，以在需要时获取新的 oauth.一旦 18 个月结束，或者如果用户通过允许访问"再次执行此过程，您将需要执行上述所有操作以生成新的刷新令牌.假设到那时 API 没有改变.

   值得注意的是，18 个月的生命周期并不是 OAuth 刷新的正常过程，通常每次使用旧令牌时都应该返回一个新的刷新令牌.

8. 要刷新 oauth:

    HTTP 方法:POSTURL(沙盒):https://api.sandbox.ebay.com/identity/v1/oauth2/tokenHTTP 标头:内容类型 = 应用程序/x-www-form-urlencoded授权 = 基本 <B64-encoded-oauth-credentials>请求正文(为了可读性而包装):grant_type=refresh_token&refresh_token=&范围=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.account%20https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.inventory

我希望这会有所帮助！

been struggling for couple of days with eBay token authentication. I am finding it hard to understand how to fetch new tokens, after signing up for a developer program account, I requested the key-set and got them, afterwards I grant access on Auth'n'Auth token which promises to last for 18 months, and yes the token works only on Trading, Shopping and Finding api.

But when you need to perform Buy, Sell and Commerce api's you have to obtain oauth tokens. And you can do the so called "Single User app" style and signin on oauth from User Token Tool, and get an oauth with 2 hours expiry.

Later on the token expires and you kinda lose the access to the api's mentioned above. I tried fetching tokens from Trading > Get session ID, Trading > Fetch token, but after providing session id to Fetch token it says: "The end user has not completed Auth & Auth sign in flow." while there is a valid 18 months token, it keeps returning this error.

Is there any example article on this, which anyone might have read or wrote?

解决方案

This details the OAuth process of the "New Sell" API, not auth 'n' auth or the legacy Trading API. It is also for the sandbox, although the procedure for Production is the same.

Your confusion is not unwarranted. My own experiences with this API flow, along with those of a large portion of the official dev forums, has been stressful. The below details the procedure to generate an oauth irrelevant of whether you are connecting to a single, dedicated, account or multiple user accounts.

There is the official guide, which does explain the whole process, so I'm hesitant to recreate entire guide here. I can provide a summary though (I advise following the below using Postman before attempting through your app):

1. Gather your client ID and Client Secret from here (do not share these publicly)

2. Generate an RuName (Redirect URL Name) from here by clicking "Get a Token from eBay via Your Application" and filling out the form. This form is for building the look of the login page that users will be redirected to allow your application access to their account. The RuName will then appear directly underneath the column header " RuName (eBay Redirect URL name)"

3. Gather the list of scopes you require. Each API endpoint requires an OAuth token with the appropriate scope permissions. The Create or Replace Inventory Item endpoint, for instance, requires the https://api.ebay.com/oauth/api_scope/sell.inventory scope. Figure out what endpoints you will need and go to the API doc for each and find the scope section.

4. The get request now looks like this:

   `https://signin.sandbox.ebay.com/authorize?
   client_id=<your-client-id-value>&
   redirect_uri=<your-RuName-value>&
   response_type=code&
   scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.account%20
   https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.inventory`
   

   It is also recommended you add astate query string, which I have omitted for ease of use, but you should research what they are and why they are recommended for OAuth.

5. This URL in a browser will redirect you to a sign-in page for the user to allow your application access to their account, but only for the scopes in the URL. Dumped from a PHP curl request you will get the redirect URL itself. Important: A sign by the end user is needed even if your application will only have one user. For instance, you have an e-commerce site for a client and you want to send their products to their singular eBay account. You will still need to do this process at least once every 18 months (find out why soon).

6. Once the user has logged in and confirmed, the browser will display a "you can close this window now" page. The authorization code you need for the next step is in the URL of this page as the code query string. If you are developing an application for multiple users and plan to actually have them sign in on this page then you need to configure your app to grab the confirmation response, which will be the aforementioned URL, and extract the code from it. This code is very short-lived. If you are manually retrieving it via a browser you need to progress through the next steps quickly.

7. You now need to perform a POST request to https://api.sandbox.ebay.com/identity/v1/oauth2/token. See the structure below:

   HTTP method:   POST
   URL (Sandbox): https://api.sandbox.ebay.com/identity/v1/oauth2/token
   
   HTTP headers:
   Content-Type = application/x-www-form-urlencoded
   Authorization = Basic <B64-encoded-oauth-credentials> (A base64-encoded value made from your client ID and client secret, separated by colon. For example, in PHP you could generate it with: `base64_encode ("fakeclientid123:fakeclientsecret123")`)
   
   Request body (wrapped for readability):
   grant_type=authorization_code& (literally the string "authorization_code")
   code=<authorization-code-value>& (code retreived in previous step)
   redirect_uri=<RuName-value> (same RuName as earlier)
   

   If successful this request will return something like the below:

   {
       "access_token": "v^1.1#i^1#p^3#r^1...XzMjRV4xMjg0",
       "token_type": "User token",
       "expires_in": 7200,
       "refresh_token": "v^1.1#i^1#p^3#r^1...zYjRV4xMjg0",
       "refresh_token_expires_in": 47304000
     }
   

   There's the oauth token we're after, which will last 2 hours. The second token is a refresh token, which will last ~18 months. Keep this token safe and do not share it, nor hard-code it in your app. From this point onwards your app should perform refresh calls, using this token, to get a new oauth whenever it needs to. Once the 18 months is up, or if the user goes through the "Allow Access" procedure again, you will need to do all of the above to generate a new refresh token. Assuming the API has not changed by that point.

   It is worth noting that the 18 month lifespan is not a normal procedure for OAuth refreshing, which normally should return a new refresh token each time the old one is used.

8. To refresh an oauth:

     HTTP method:   POST
     URL (Sandbox): https://api.sandbox.ebay.com/identity/v1/oauth2/token
   
     HTTP headers:
       Content-Type = application/x-www-form-urlencoded
       Authorization = Basic <B64-encoded-oauth-credentials>
   
      Request body (wrapped for readability):
         grant_type=refresh_token&
         refresh_token=<your-refresh-token-value>&
         scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.account%20
         https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.inventory
   

I hope this helps!

这篇关于eBay oauth 令牌和刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！