如何通过AJAX / jQuery的做OAuth认证? [英] How to do OAuth authentication via AJAX / jQuery?
问题描述
我已经工作了一点与Twitter的Web API,我知道它的工作原理与OAuth的,我已经消耗使用Python库的API。我也尝试了一下Instagram的API使用Java脚本小型图书馆。
I've worked a bit with Twitter web API, I know it works with OAuth, I've consumed the API using a python library. I've also tried a bit of Instagram API using a Java Script small library.
我知道在后台的执行Web REST请求,验证,然后再询问我code请求。
I know those perform web REST requests in the background, authenticating first and then querying requests as I code.
但是,如果我想用的jQuery $。阿贾克斯从Web进行requets什么应用程序?
However, what if I want to perform the requets using jQuery $.ajax from a web application?
我读过一些文档和网站,似乎它只是可能。只喜欢ajaxing的API路线,首先是认证路径。
I've read some docs and sites and it seems it's just possible. Like only ajaxing to the API routes, starting with the authentication route.
不过,这如何处理工作?我的意思是,我通过查询AJAX的权威性路线,然后我怎么保持跟踪验证。如何保持这种的通信的?请问重定向URL发挥作用呢?
But, how does this process work? I mean, I query by AJAX to the auth route and then how do I keep track of that authentication. How to keep that communication? Will the redirect URL play its role then?
阅读本网站Instagram的API 我开始得到一个关于它的线索,但得到了外界的质疑上面提到的。
Reading this site for Instagram API I start getting a clue about it, but got the doubts mentioned above.
我想执行的Java脚本服务器后台所有的AJAX请求(我使用的的node.js ),假设我会提供了 $我的应用程序的OAuth。 AJAX 。那是好还是我居然可以code它在客户现场保持我的OAuth令牌救?
I want to perform all AJAX requests in the Java Script server background (I'm using node.js), assuming I will provide my apps OAuth in the $.ajax. Is that OK or I can actually code it on client site keeping my OAuth tokens save?
和,如果它是这个同样的问题,当谈到关注的字节的(如图片,声音等)如何的抓的从API响应。
And, if it's concern of this same question, when it comes to bytes (pictures, sound, etc) how to catch the response from API.
推荐答案
好吧,如果我没有理解你正在试图做的是使从一个网页一个Ajax调用Twitter的API和后/检索鸣叫等信息从Twitter。
Okay, if I understand what you are trying to do is to make an Ajax call from a web page to the Twitter API and post/retrieve tweets and other info from Twitter.
由于API V1.1的发布,微博有去precated的1.0 API和主要的变化之一,是1.1的验证需要所有端点
Since the release of the API v1.1, Twitter has deprecated the v1.0 API and one of the major changes in 1.1 was Authentication Required on all Endpoints
和从JavaScript和jQuery做,这是完全可能的(虽然很繁琐,难度大,需要使用很多第三方JS库为HMAC哈希使得你的要求之前,你的数据和密钥,并计算在客户端的内容长度。 Twitter的API不支持CORS,但不支持JSONP对于这类Ajax请求,但不建议这样做 - 因为在客户端做这需要你有你的Twitter应用程序访问密钥 - 私有密钥 - 嵌入到你的脚本文件 - 这基本上是一个很大的禁忌,因此在服务器端解决方案生成您的OAuth令牌的建议。但是,一旦你已经实现了,它可能是更容易得到令牌上你的脚本,并使用来自浏览器Ajax调用但是我还没有那么远在我的研究。
And to do this from JavaScript and jQuery is quite possible (albeit very cumbersome, difficult and requires the use of many 3rd party JS libraries to HMAC Hash your data and keys and calculate content lengths on the client side before making your Request. Twitter API does not support CORS but does support JSONP for these kind of Ajax requests. But this is not recommended - since doing this on the client side will require you to have your Twitter App Access Keys - Private keys - embedded in your script files - which is basically a big NO-NO. And hence a server side solutions to generate your oAuth tokens is recommended. But once you have achieved that, it may be easier to get the token on your script and make Ajax calls using that from the browser. But I haven't gone that far in my research.
此外,这是基于关闭我的研究在2013年年中的时候,我微博的Ajax控件停止,因为这种变化的工作,我放弃了使用这条路线来修复它后,我意识到这将危及我的安全密钥。自那时以来,事情可能会改变。
Also, this is based off of my research in Mid 2013 when my Twitter Ajax widgets stopped working because of this change and I gave up trying to fix it using that route after I realized it would compromise my security keys. Things may have changed since then.
如果您仍然有兴趣找到一个解决方案,这次演练将是一个很好的开始了解Twitter的OAuth的,以及如何生成的访问令牌:的 https://dev.twitter.com/docs/auth/oauth
If you are still interested to find a solution, this walkthrough would be a good place to start learning about Twitter's oAuth and how the Access Tokens are generated: https://dev.twitter.com/docs/auth/oauth
这篇关于如何通过AJAX / jQuery的做OAuth认证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
