使用带有用户名和密码的 Invoke-WebRequest 在 GitHub API 上进行基本身份验证 [英] Use Invoke-WebRequest with a username and password for basic authentication on the GitHub API

问题描述

使用 cURL，我们可以通过 HTTP 网络请求传递用户名，如下所示:

With cURL, we can pass a username with an HTTP web request as follows:

$ curl -u <your_username> https://api.github.com/user

-u 标志接受用于身份验证的用户名，然后 cURL 将请求密码.cURL 示例用于使用 GitHub Api 进行基本身份验证.

The -u flag accepts a username for authentication, and then cURL will request the password. The cURL example is for Basic authentication with the GitHub Api.

我们如何类似地将用户名和密码与 Invoke-WebRequest 一起传递?最终目标是通过 GitHub API 中的基本身份验证来使用 PowerShell.

How do we similarly pass a username and password along with Invoke-WebRequest? The ultimate goal is to user PowerShell with Basic authentication in the GitHub API.

推荐答案

我在这里假设基本身份验证.

I am assuming Basic authentication here.

$cred = Get-Credential
Invoke-WebRequest -Uri 'https://whatever' -Credential $cred

您可以通过其他方式(Import-Clixml 等)获取您的凭证，但它必须是一个 [PSCredential] 对象.

You can get your credential through other means (Import-Clixml, etc.), but it does have to be a [PSCredential] object.

GitHub 在您提供的链接中对此进行了解释:

GitHub is breaking RFC as they explain in the link you provided:

API 支持 RFC2617 中定义的基本身份验证，其中包含一些细微差别.主要区别在于 RFC 要求使用 401 Unauthorized 回答未经身份验证的请求回应.在很多地方，这会暴露用户的存在数据.相反，GitHub API 响应 404 Not Found.这可能导致假设 401 Unauthorized 的 HTTP 库出现问题回复.解决方案是手动制作 Authorization 标头.

The API supports Basic Authentication as defined in RFC2617 with a few slight differences. The main difference is that the RFC requires unauthenticated requests to be answered with 401 Unauthorized responses. In many places, this would disclose the existence of user data. Instead, the GitHub API responds with 404 Not Found. This may cause problems for HTTP libraries that assume a 401 Unauthorized response. The solution is to manually craft the Authorization header.

Powershell 的 Invoke-WebRequest 据我所知，在发送凭据之前会等待 401 响应，而且由于 GitHub 从未提供过响应，因此永远不会发送您的凭据.

Powershell's Invoke-WebRequest does to my knowledge wait for a 401 response before sending the credentials, and since GitHub never provides one, your credentials will never be sent.

相反，您必须自己创建基本的身份验证标头.

Instead you'll have to create the basic auth headers yourself.

基本身份验证采用由用户名和密码组成的字符串，以冒号分隔 user:pass，然后发送该字符串的 Base64 编码结果.

Basic authentication takes a string that consists of the username and password separated by a colon user:pass and then sends the Base64 encoded result of that.

这样的代码应该可以工作:

Code like this should work:

$user = 'user'
$pass = 'pass'

$pair = "$($user):$($pass)"

$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))

$basicAuthValue = "Basic $encodedCreds"

$Headers = @{
    Authorization = $basicAuthValue
}

Invoke-WebRequest -Uri 'https://whatever' -Headers $Headers

您可以组合一些字符串连接，但我想将其分解以使其更清晰.

You could combine some of the string concatenation but I wanted to break it out to make it clearer.

这篇关于使用带有用户名和密码的 Invoke-WebRequest 在 GitHub API 上进行基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！