堆栈内存溢出
  简体   繁体   English

如何从网页html或javascript获取Box访问令牌?

[英]How to get Box access token from a webpage html or javascript?

 原文  2015-01-14 18:37:37       javascript/ oauth/ box-api/ box/ boxapiv2

问题描述

Hi I'm trying to login a user to Box.com from a webpage. 嗨,我正在尝试从网页上将用户登录到Box.com。 I accomplished the first part with a simple HTML form submit: 我用一个简单的HTML表单提交完成了第一部分: 

<form action="https://www.box.com/api/oauth2/authorize" type="POST" enctype="application/x-www-form-urlencoded">
    <input type="text" name="response_type" value="code">
    <input type="text" name="client_id" value="[REMOVED]">
    <input type="text" name="state" value="vexhax97td8xf_SomeTemporaryValueForTesting">
    <input type="submit">
</form>

This works fine, and I get the authorization code from the query parameters using javascript. 这可以正常工作,我可以使用javascript从查询参数中获取授权代码。 I then try the same thing to get the access code (the auth-code is set by javascript on page load): 然后,我尝试使用相同的方法获取访问代码(auth代码是由javascript在页面加载时设置的): 

<form action="https://app.box.com/api/oauth2/token" type="POST" enctype="application/x-www-form-urlencoded">
    <input type="text" name="grant_type" value="authorization_code">
    <input id="auth-code" type="text" name="code" value="">
    <input type="text" name="client_id" value="[REMOVED]">
    <input type="text" name="client_secret" value="[REMOVED]">
    <input type="submit">
</form>

But I get an "Invalid grant_type parameter or parameter missing" error. 但是我收到“无效的grant_type参数或参数丢失”错误。 Plus this wouldn't be a good user experience to show the response json anyway. 另外,无论如何,显示响应json都不是一个好的用户体验。 I've tried it without the enctype="application/x-www-form-urlencoded" and get the same error. 我尝试了没有enctype="application/x-www-form-urlencoded"并得到了相同的错误。

The Box tutorial does it with curl which obviously isn't an option on a webpage. Box教程使用curl来做到这一点,而这显然不是网页上的选择。 How do I get the access token without hitting the "Invalid..." error and is there a way to do this via javascript behind the scenes? 如何获取访问令牌而不会出现“ Invalid ...”错误,有没有办法通过后台的JavaScript来实现?

1 个解决方案

解决方案1
 0  2015-01-15 10:40:21

For the authorization-code to access-token exchange, "redirect_uri" parameter is missing. 对于访问令牌交换的授权码,缺少“ redirect_uri”参数。 But this is not the real problem. 但这不是真正的问题。

The exchange is supposed to take place on the server-side and you are doing it on the client-side (browser). 交换应该在服务器端进行,而您是在客户端(浏览器)进行交换。 Maybe you could do the exchange by AJAX call to correctly handle JSON reply but only if box.com allows CORS (which I doubt). 也许您可以通过AJAX调用进行交换,以正确处理JSON答复,但前提是box.com允许CORS(我对此表示怀疑)。

This way you would also expose your client_id and client_secret on your web page (so why do you hesitate posting it on the stackoverflow?). 这样,您还将在网页上公开client_id和client_secret(因此,为什么不愿意将其发布在stackoverflow上?)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 javascript-如何获取网页的内部html宽度 - javascript - how to get the inner html width of the webpage 如何从 Google Sign-In Javascript SDK 获取访问令牌? - How to get the access token from Google Sign-In Javascript SDK? 如何使用JavaScript从Dropbox获取访问令牌? - How to get access token from Dropbox using JavaScript? Instagram如何使用JavaScript从访问令牌中获取用户ID? - Instagram how to get user id from access token using javascript? 如何通过javascript访问静态网页的某些元素(无法访问html)? - How to access certain element of a static webpage(html not accesible) through javascript? 如何使用 JavaScript 从网页中获取突出显示的文本 - How to get highlighted text from webpage with JavaScript 使用IPv6地址和javascript从网页获取HTML - get html from webpage using IPv6 address and javascript javascript从网页保存html - javascript save html from a webpage 如何获取从html源到javascript的值访问集以进行处理 - how to get access set of values from html source to javascript for processing 如何获取 html、css 和 javascript 的源代码以及网页的特定部分 - how to get source of html, css and javascript and specific portion of webpage
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM