HTTP / 1.1 401令牌无效 - AuthSub令牌范围错误 [英] HTTP/1.1 401 Token invalid - AuthSub token has wrong scope

问题描述

尝试从Google Analytics（分析）API获取Feed时，我发现此错误。但是，使用相同的标记，我可以从Google日历获取成功的Feed。两者之间的代码与feed网址完全相同。所以它必须与Google Analytics（分析）有关，https和Calendar只是http。

我已经成功创建了一个不安全，长寿命的令牌。请求初始令牌时的范围参数：

  scope = http％3A％2F％2Fwww.google.com％2Fcalendar％2Ffeeds ％2F％20https％3A％2F％2Fwww.google.com％2分析％2Ffeeds 
  

我的请求长寿命的令牌：

  GET / accounts / AuthSubSessionToken HTTP / 1.1 
授权：AuthSub token =CP_AgsyLDxDCtpjg- f____8B
内容类型：应用程序/ x-www-form-urlencoded 
主机：www.google.com:443 
接受：text / html，* / * 
接受-Encoding：identity 
用户代理：Mozilla / 3.0（兼容; Indy Library）
  

返回长寿命的令牌。将其用于Google日历：

  GET / calendar / feeds / default / allcalendars / full HTTP / 1.1 
连接： keep-alive 
内容类型：application / x-www-form-urlencoded 
授权：AuthSub token =CP_AgsyLDxCh2tmj-P ____ 8B
主机：www.google.com 
接受：text / html，image / gif，image / jpeg，*; q = .2，* / *; q = .2 
接受编码：身份
用户代理：Mozilla / 3.0（兼容; Indy库）
  

返回临时重定向（302）：

  HTTP / 1.1 302暂时移动
过期日期：2009年11月01日03:00:01 GMT 
日期：Sun，01 Nov 2009 03:00:01 GMT 
设置Cookie：S = calendar = mta4-_BxxANrylcSnzUatg; Expires = Mon ，2010年11月01日03:00:01 GMT 
位置：http://www.google.com/calendar/feeds/default/allcalendars/full?gsessionid=mta4-_BxxANrylcSnzUatg 
  

导致成功获取：

  GET / calendar / feeds / default / allcalendars / full？gsessionid = mta4-_BxxANrylcSnzUatg HTTP / 1.1 
连接：keep-alive 
内容类型：application / x-www-form- urlencoded 
授权：AuthSub token =CP_AgsyLDxCh2tmj-P ____ 8B
主机：www.google.com 
接受：text / html，image / gif，image / jpeg，*; q = .2，* / *; q = .2 
接受编码：身份
用户代理：Mozilla / 3.0（兼容; Indy库）
 Cookie：S = calendar = mta4-_BxxANrylcSnzUatg 
  

但是，尝试获取Google Analytics（分析）资讯提供时，我收到错误401：

  GET / analytics / feeds / accounts / default HTTP / 1.1 
内容类型：application / x-www-form-urlencoded 
授权：AuthSub token = CP_AgsyLDxCh2tmj-P ____ 8B
主机：www.google.com:443 
接受：text / html，image / gif，image / jpeg，*; q = .2，* / *; q = .2 
接受编码：身份
用户代理：Mozilla / 3.0（兼容; Indy库）
  

我的域名需要有效的SSL证书吗？已经与此战斗了几个星期！

在Apache中使用Indy10与Delphi 2007。

请求提供一些Delphi代码。这里提供的是GET到Feed的代码。我不提供代码来获取令牌，因为我认为它们是好的（我可以获得日历Feed）。

  var 
 IdHTTP：TIdHTTP; 
 IdSSLIOHandlerSocket1：TIdSSLIOHandlerSocketOpenSSL; 
 
 begin 
 IdSSLIOHandlerSocket1：= TIdSSLIOHandlerSocketOpenSSL.create（nil）; 
 IdHTTP：= TIdHTTP.create（nil）; 
 with IdSSLIOHandlerSocket1 do begin 
 SSLOptions.Method：= sslvSSLv3; 
 SSLOptions.Mode：= sslmUnassigned; 
 SSLOptions.VerifyMode：= []; 
 SSLOptions.VerifyDepth：= 2; 
结束
 with IdHTTP do begin 
 IOHandler：= IdSSLIOHandlerSocket1; 
 ProxyParams.BasicAuthentication：= False; 
 Request.UserAgent：='Mozilla / 3.0（兼容; Indy Library）'; 
 Request.ContentType：='application / x-www-form-urlencoded'; 
 request.host：='www.google.com/analytics'; 
 request.connection：='keep-alive'; 
 Request.Accept：='text / html，image / gif，image / jpeg，*; q = .2，* / *; q = .2'; 
结束
 
 idhttp.Request.CustomHeaders.Add（'Authorization：AuthSub token ='+ mToken +''）; 
 
 IdHTTP.Get（'https://www.google.com/analytics/feeds/accounts/default'）; //结果在401 
  

解决方案

我使用Fiddler和Curl php方法。找到这一行：

 主持人：www.google.com:443 
  

无法使用：443 。必须如下：

 主持人：www.google.com 
  

当看到https时，Indy TIdHTTP组件会自动将其附加到主机。唯一的办法就是发布自己的主机属性。

I get this error when trying to get a feed from Google Analytics API. However, using the same token I get successful feeds from Google Calendar. The code between the two is exactly the same except for the feed url. So it must have something to do with Analytics being https and Calendar just http.

I have successfully created a non-secure, long-lived token. The scope parameter while requesting the initial token:

scope=http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds%2F%20https%3A%2F%2Fwww.google.com%2Fanalytics%2Ffeeds

My request for the long-lived token:

GET /accounts/AuthSubSessionToken HTTP/1.1
Authorization: AuthSub token="CP_AgsyLDxDCtpjg-f____8B"
Content-Type: application/x-www-form-urlencoded
Host: www.google.com:443
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)

Returns a long-lived token. Using it for Google Calendar:

GET /calendar/feeds/default/allcalendars/full HTTP/1.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="CP_AgsyLDxCh2tmj-P____8B"
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)

returns a temporary redirect (302):

HTTP/1.1 302 Moved Temporarily
Expires: Sun, 01 Nov 2009 03:00:01 GMT
Date: Sun, 01 Nov 2009 03:00:01 GMT
Set-Cookie: S=calendar=mta4-_BxxANrylcSnzUatg;Expires=Mon, 01-Nov-2010 03:00:01 GMT
Location: http://www.google.com/calendar/feeds/default/allcalendars/full?gsessionid=mta4-_BxxANrylcSnzUatg

which results in a successful Get to this:

GET /calendar/feeds/default/allcalendars/full?gsessionid=mta4-_BxxANrylcSnzUatg HTTP/1.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="CP_AgsyLDxCh2tmj-P____8B"
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
Cookie: S=calendar=mta4-_BxxANrylcSnzUatg

But I get the error 401 when attempting to get the Google Analytics feed:

GET /analytics/feeds/accounts/default HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="CP_AgsyLDxCh2tmj-P____8B"
Host: www.google.com:443
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)

Do I need a valid SSL certificate for my domain? Been fighting with this for weeks!!!
using Indy10 with Delphi 2007 in Apache.

A request was made to provide some of the Delphi code. What I have provided here is the code for the GET to the feed. I don't provide code to get the tokens because I assume they are good (I am able to get calendar feeds).

var
  IdHTTP: TIdHTTP;
  IdSSLIOHandlerSocket1: TIdSSLIOHandlerSocketOpenSSL;

begin
  IdSSLIOHandlerSocket1 := TIdSSLIOHandlerSocketOpenSSL.create(nil);
  IdHTTP := TIdHTTP.create(nil);
  with IdSSLIOHandlerSocket1 do begin
    SSLOptions.Method := sslvSSLv3;
    SSLOptions.Mode :=  sslmUnassigned;
    SSLOptions.VerifyMode := [];
    SSLOptions.VerifyDepth := 2;
  end;
  with IdHTTP do begin
    IOHandler := IdSSLIOHandlerSocket1;
    ProxyParams.BasicAuthentication := False;
    Request.UserAgent := 'Mozilla/3.0 (compatible; Indy Library)';
    Request.ContentType := 'application/x-www-form-urlencoded';
    request.host := 'www.google.com/analytics';
    request.connection := 'keep-alive';
    Request.Accept := 'text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2';
  end;

  idhttp.Request.CustomHeaders.Add('Authorization: AuthSub token="'+mToken+'" ');

  IdHTTP.Get('https://www.google.com/analytics/feeds/accounts/default');  // results in the 401

解决方案

Took some time and required me to use Fiddler and the Curl php approach. Found this line:

Host: www.google.com:443

can't have the :443. Must be like this:

Host: www.google.com

The Indy TIdHTTP component was automatically appending this to the host when it saw https. The only way I could get around it was to publish my own "host" property.

这篇关于HTTP / 1.1 401令牌无效 - AuthSub令牌范围错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！