Pocket API授权:禁止
[英]Pocket API Authorization: Forbidden
问题描述
I'm testing out RoR by building a Rails app with Pocket API, and I have to authorize the user. 
我正在通过使用Pocket API构建Rails应用程序来测试RoR,我必须授权用户。 For HTTP requests, I'm using https://github.com/rest-client/rest-client library. 对于HTTP请求,我使用的是https://github.com/rest-client/rest-client库。
The first step, obtaining a request token works fine: 第一步,获取请求令牌工作正常:
require 'rest_client'
response = RestClient.post 'https://getpocket.com/v3/oauth/request', :consumer_key => @consumer_key, :redirect_uri => @redirect_uri
@code = response.split("=")[1]
But I get a Bad Request error on the second step, which is to get an access token using the request token received on the step above: 但是我在第二步遇到错误请求错误,即使用上面步骤中收到的请求令牌获取访问令牌:
access_token = RestClient.post 'https://getpocket.com/v3/oauth/authorize', :consumer_key => @consumer_key, :code => @code
400 Bad Request is what I get on Ruby application error screen. 400错误请求是我在Ruby应用程序错误屏幕上得到的。 I have also tried the same request with cURL and POSTMan Chrome extension, and the status code I get then is: 403 Forbidden. 我也尝试过使用cURL和POSTMan Chrome扩展程序的相同请求,我得到的状态代码是:403 Forbidden。 X-Error Code I get is 158 which translates to X-Error message "User rejects code." 我得到的X-Error Code是158,它转换为X-Error消息“User rejects code”。 on Pocket API docs: http://getpocket.com/developer/docs/authentication . 在Pocket API文档上: http : //getpocket.com/developer/docs/authentication 。
Since I have tried several different channels to test this request and failed each time, I'm guessing that the problem is not with parsing, but rather I might be missing an important detail or a step (maybe HTTP request headers?). 由于我已经尝试了几个不同的通道来测试这个请求并且每次都失败了,我猜测问题不在于解析,而是我可能错过了一个重要的细节或步骤(也许是HTTP请求头?)。 Thanks for your help in advance! 感谢您的帮助!
2 个解决方案
解决方案1
7 已采纳 2014-12-28 05:42:34
Turns out that I (or we) have been missing an important detail: 事实证明我(或我们)错过了一个重要的细节:
Whenever testing out your request for Pocket API in POSTMan or anywhere else, we naturally skip the process of visiting the authorization URL which is in the form of: 每当在POSTMan或其他任何地方测试您对Pocket API的请求时,我们自然会跳过访问授权URL的过程,其形式为:
https://getpocket.com/auth/authorize?request_token=YOUR_REQUEST_TOKEN&redirect_uri=YOUR_REDIRECT_URI
Now, even though you might have allowed your app to access your account before, on each call, Pocket API doesn't activate a request token before this URL is visited. 现在,即使您可能已经允许您的应用访问您的帐户,但在每次调用之前,Pocket API都不会在访问此URL之前激活请求令牌。 Only then your request token becomes activated and can be used for 2nd authentication step. 只有这样,您的请求令牌才会被激活,并可用于第二个身份验证步骤。 It works fine after doing that. 这样做后效果很好。
As a side note to anyone who is using Pocket API in Ruby on Rails, there is a nice wrapper gem for it: https://github.com/turadg/pocket-ruby 作为在Ruby on Rails中使用Pocket API的任何人的旁注,有一个很好的包装宝石: https : //github.com/turadg/pocket-ruby
解决方案2
2 2014-12-27 00:27:09
I can confirm that you are indeed missing HTTP headers, which will cause the Pocket server to reject the post request you're trying to send. 我可以确认您确实缺少HTTP标头,这将导致Pocket服务器拒绝您尝试发送的发布请求。
There are a few ways in which headers can be communicated: sometimes they are communicated through the codes/tokens associated with the server request (which here appears not to be the case). 可以通过几种方式传送标题:有时它们通过与服务器请求相关联的代码/令牌进行通信(这里似乎不是这种情况)。 You need to use an "Authorization" header as per your doing this with OAuth with your initial request. 您需要使用“授权”标题,根据您的初始请求使用OAuth执行此操作。
This should help you: notice the "Authorization:" header after the "Content-Type:" header contains the information that's returned. 这应该可以帮助您:在“Content-Type:”标题包含返回的信息之后,请注意“Authorization:”标题。
For some in depth reading, go here . 对于一些深入阅读,请到这里 。
I might also suggest trying the OAuth2 gem which does most of the requesting for you - it will probably simplify what you're doing quite a bit!! 我可能还建议尝试OAuth2 gem ,它可以满足您的大部分需求 - 它可能会简化您正在做的事情!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.