我如何获得live.com一个OAuth request_token? [英] How do I get an OAuth request_token from live.com?
问题描述
这可能是一个重复的问题,但还没有一个答案。该库的OAuth点网和DotNetOpenAuth都是可怕的令人费解,似乎通过OAuth的运行主题,而
的 OAuth的认证与在.NET中是指导性和更容易理解,它说:
<> EM>使用WebBrowser控件的,和
桌面应用程序中打开授权网页。当用户点击允许,抓住从
的WebBrowser控件响应文本,自动提取码,然后拿到
访问令牌。发送5或6的HTTP请求而在用户需要查看
只有一个允许/拒绝对话。简单的。
这是一个没有浏览器的OAuth?不,它的不是的。它的工作原理,只要你使用Web浏览器来调用URL并运行响应,这是在HTML浏览器基础的自动化,元刷新,无脚本标签和JavaScript的全唱全跳舞的奇迹。但我不希望这样做。
微软而言,这是为了你!我需要做纯粹的休息,不要的大多
REST除非它的JavaScript 的
我想检索请求令牌,如通过OAuth的RFC描述。一个
请求令牌,而不是一个软件认证的机器人。 请求
令牌。
当我使用Web客户端直接执行该GET
GET /oauth20_authorize.srf?client_id=00000000400A9B87&scope=wl.signin%20wl.basic&response_type=code&redirect_uri=http%3a %2F%2fwhitehouse.podzone.net%2F HTTP / 1.1
我回到机器的难言混乱生成的JavaScript。对于皮特的爱,我希望有一个该死的request_token,而不是一个JavaScript的爱情项。那么,如何做扑火我从live.com请求令牌?
我目前涉水throught通过发送HTML引用的混淆和压缩库,但它是艰难的事。如果有人已经这样做了,我会寻求帮助非常感激。甚至指导如何劫持,跟踪脚本这个页面,这可能会加快速度公平位上。
如果你正在检查GET,重定向URI http://whitehouse.podzone.net/ 通过映射到网络服务器我家的台式机上,这是通常在应用程序中的HttpListener正在调试,或有时IIS。这就是我如何处理重定向(通常刚落,但它很高兴知道,事情变得那么远)。
我具有一些工作我没有根据别人的工作围绕SkyDrive中解除了短期的黑客。它通过利用一个事实,即SkyDrive中申请预先批准用于每Live帐户可以避免这个问题。然而,这是一个黑客。我想使用OAuth得当,它只是似乎并不像那将是实用的。
尽管真正勇敢的尝试从达林,这打开了一些东西,我希望我看到的第一天帮忙,我留下了他的联系的 http://msdn.microsoft.com/en-us/library/live/hh826529.aspx (我的重点)
的为了实现客户端的认证流程,桌面应用程序必须
使用Web浏览器的控制。的大多数开发语言包括:这样的
控制。在这个例子中,我们的应用程序使用
System.Windows.Forms.WebBrowser类。的符号后中完成的,所有的
随后的实时连接API调用,可以通过使用
类System.Net.WebRequest完成。使用Web浏览器控件启动
登录,通过类似这样的一个网址。
他们只希望我因为放弃汇率控制使得它更难跳过呈现用户干预的机会,用自己的机器人登录。没有的固有的原因,我无法实现的登录过程我自己。什么他们的JavaScript可以发表我可以用Web客户端发布。我可以做相同的加密。在一个道德层面的用户将难以得到展示自己的用户名和密码,如果他们不希望我的软件做的事情。
我已经标记达林的答案,因为他很努力,协助并提出一些优秀的东西,但我想我会用我的小黑客这是令人失望贴敷。
解决方案您可以使用
隐性补助流程具有丰富的客户端应用程序(grant_type =标记)。这个想法是有它启动被重定向到live.com授权服务器,并提供一个回调URL认证流程WebBrowser控件。如果用户授权您的应用程序中的live.com将回重定向到回调URL并通过访问令牌的网址:http://contoso.com/Callback.htm#access_token=ACCESS_TOKEN
您可以然后检索
的access_token从web浏览器的URL的片段用它来执行认证的请求。你并不需要解析你的web浏览器内返回的内容。你需要做的是检索该URL的访问令牌。
另外还有的
授权拨款码流(grant_type =代码),这是更适合于基于Web的应用程序。
您不妨来看看在的
下面的文章使用桌面应用程序的完整示例。It may be a duplicate question but there hasn't been an answer yet. The libraries oauth-dot-net and DotNetOpenAuth are both frighteningly convoluted, a theme that seems to run through OAuth, and while OAuth with Verification in .NET is instructive and much easier to understand, it says
Use a WebBrowser control, and open the authorize web page within the desktop app. When the user clicks "Allow", grab the response text from that WebBrowser control, extract the PIN automatically, then get the access tokens. You send 5 or 6 HTTP requests but the user needs to see only a single Allow/Deny dialog. Simple.
This is OAuth without a browser? No, it isn't. It works, provided you use a web browser to invoke the URL and run the response, which is an all-singing all-dancing miracle of browser based automation in HTML, meta refresh, noscript tags and javascript. But I do not wish to do this.
Microsoft, this is aimed at you! I need to do pure REST, not mostly REST except when it's javascript.
I wish to retrieve a request token, as described by the OAuth RFC. A request token, not a software authentication robot. A REQUEST TOKEN.
When I use WebClient to directly execute this GET
GET /oauth20_authorize.srf?client_id=00000000400A9B87&scope=wl.signin%20wl.basic&response_type=code&redirect_uri=http%3a%2f%2fwhitehouse.podzone.net%2f HTTP/1.1I get back an unspeakable mess of machine generated javascript. For the love of Pete, I want a goddamn request_token, not a javascript love-in. So, how the blazes do I get a request token from live.com?
I'm currently wading throught the obfuscated and compressed libraries referenced by the sent HTML, but it's heavy going. If anyone has already done this I would be very grateful for assistance. Or even guidance on how to hijack and trace the script on this page, which would probably speed things up a fair bit.
If you're examining the GET, the redirect URI http://whitehouse.podzone.net/ maps through to the webserver on my home desktop machine, which is usually an HttpListener in the application being debugged, or sometimes IIS. That's how I process the redirect (usually just drop it, but it's nice to know things got that far).
I have a short term hack lifted from some work I did based on someone else's work around Skydrive. It avoids the problem by exploiting the fact that the Skydrive application is pre-approved for every Live account. However, this is a hack. I'd like to use OAuth properly, it just doesn't seem like that's going to be practical.
Despite a really gutsy attempt to help from Darin, which turned up some stuff I wish I'd seen on day one, I'm left with this quote from his link http://msdn.microsoft.com/en-us/library/live/hh826529.aspx (my emphasis)
To implement the client-side authentication flow, desktop apps must use a web browser control. Most development languages include such a control. In this example, our app uses the System.Windows.Forms.WebBrowser class. After sign in is complete, all subsequent Live Connect API calls can be accomplished by using the System.Net.WebRequest class. Use the web browser control to start the sign-in, passing a URL similar to this one.
They only want me to use their robot for sign-in because relinquishing control of the exchange makes it harder to skip presenting a user intervention opportunity. There is no inherent reason I can't implement the sign-in procedure myself. Anything their javascript can post I can post with WebClient. I can do the same encryption. On an ethical level the user would hardly be presenting their username and password if they didn't want my software to do its thing.
I've marked up Darin's answer because he's tried very hard to assist and presented some excellent stuff, but I guess I'll be sticking with my little hack which is disappointing.
解决方案You could use the
implicit grant flowwith rich client applications (grant_type=token). The idea is to have a WebBrowser control which initiates the authentication flow by redirecting to the live.com authorization server and providing a callback url. If the user authorizes your application the live.com will redirect back to the callback url and pass the access token in the url:http://contoso.com/Callback.htm#access_token=ACCESS_TOKENYou could then retrieve the
access_tokenfragment of the url from the WebBrowser and use it to perform authenticated requests. You do not need to parse the returned content inside your WebBrowser. What you need to do is to retrieve the access token from the url.There's also the
authorization grant code flow(grant_type=code) which is more suitable for web based applications.You might take a look at the
following articlefor a complete sample using a desktop application.这篇关于我如何获得live.com一个OAuth request_token?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
