到目前为止,我一直在使用库来处理OAuth,但最近我一直在深入挖掘,试图理解底层的OAuth流程.目前,我正在尝试使用OAuth 1.0a使用以下简单代码连接到Tumblr API v2:
import urllib,urllib2,time,random,hmac,base64,hashlib
def makenonce():
random_number = ''.join( str( random.randint( 0,9 ) ) for _ in range( 40 ) )
m = hashlib.md5( str( time.time() ) + str( random_number ) )
return m.hexdigest()
def encodeparams(s):
return urllib.quote( str( s ),safe='~' )
# Actual key and secret from a test app created using a dummy Tumblr account
consumer_key = '97oAujQhSaQNv4XDXzCjdZlOxwNyhobmDwmueJBCHWsFFsW7Ly'
consumer_secret = '5q1dpF659SOgSUb0Eo52aAyoud8N8QOuJu6enCG92aDR6WoMlf'
#oauth URLs
request_tokenURL = 'http://www.tumblr.com/oauth/request_token'
#oauth params
oauth_parameters = {
'oauth_consumer_key' : consumer_key,'oauth_nonce' : makenonce(),'oauth_timestamp' : str(int(time.time())),'oauth_signature_method' : "HMAC-SHA1",'oauth_version' : "1.0"
}
normalized_parameters = encodeparams( '&'.join( ['%s=%s' % ( encodeparams( str( k ) ),encodeparams( str( oauth_parameters[k] ) ) ) for k in sorted( oauth_parameters )] ) )
# Since I'm focusing only on getting the request token for now,I set this to POST.
normalized_http_method = 'POST'
normalized_http_url = encodeparams( request_tokenURL )
signature_base_string = '&'.join( [normalized_http_method,normalized_http_url,normalized_parameters] )
oauth_key = consumer_secret + '&'
hashed = hmac.new( oauth_key,signature_base_string,hashlib.sha1 )
oauth_parameters['oauth_signature'] = base64.b64encode( hashed.digest() )
oauth_header = 'Authorization: OAuth realm="http://www.tumblr.com",' + 'oauth_nonce="' + oauth_parameters['oauth_nonce'] + '",' + 'oauth_timestamp="' + oauth_parameters['oauth_timestamp'] + '",' + 'oauth_consumer_key="' + oauth_parameters['oauth_consumer_key'] + '",' + 'oauth_signature_method="HMAC-SHA1",oauth_version="1.0",oauth_signature="' + oauth_parameters['oauth_signature'] +'"'
# sample oauth_header generated by the code above:
# Authorization: OAuth realm="http://www.tumblr.com",oauth_nonce="c200a0e06f30b84b851ac3e99a71054b",oauth_timestamp="1315231855",oauth_consumer_key="97oAujQhSaQNv4XDXzCjdZlOxwNyhobmDwmueJBCHWsFFsW7Ly",oauth_signature_method="HMAC-SHA1",oauth_signature="kVAlmwolCX0WJIvTF9MB2UV5rnU="
req = urllib2.Request( request_tokenURL )
req.add_header( 'Authorization',oauth_header )
# If all goes well,Tumblr should send me the oauth request token.
print urllib2.urlopen( req ).read()
Tumblr返回HTTP错误401:未授权,而不是OAuth请求令牌.
我尝试过的事情没有取得任何成功:
>将oauth_version从“1.0”更改为“1.0a”,然后再将其更改回来.
>关于OAuth的指南要求添加’&’在consumer_secret的末尾获取oauth_key.我尝试删除’&’稍后看看是否有任何区别.
>检查OAuth参数是否已排序,它们是否已排序.
>没有将字符串“Authorization:”添加到oauth_header,然后将其添加回来.两者都没有任何区别.
我哪里出错了?
最佳答案
在上面的代码中进行了两次简单的更改后解决了它:
> normalized_http_method =’GET’#not POST
> oauth_header =’OAuth realm =“http:// www …’#”授权“这个词是不必要的.我之前已经把它拿出来,如”我尝试过的东西没有任何成功“,但列出的错误在(1)让我偏离轨道.随着(1)解决,我可以看到“授权”如何确实是不必要的.
当我最终做对时,OAuth请求令牌Tumblr发送给我:
组oauth_token = mbRUgyDkPePfkEztiLELMqUl1kyNXEcaTCCwpb7SoXDF9mhiTF&安培; oauth_token_secret = 5pXllXGKA8orAaUat1G7ckIfMfYup8juMBAgEELUkeMZoC3pv6&安培; oauth_callback_confirmed =真
↑
这是一次性的令牌,我在这里列出的仅仅是为了完整性.