使用oauth_token和oauth_verifier轉換Twitter的請求令牌時收到的過期的access_token
[英]Expired access_token received while converting request token of Twitter using oauth_token and oauth_verifier
問題描述
我正在嘗試使用Twitter的3條腿標志,因為我的步驟如下:
- 創建應用
- 獲取API和秘密
- 獲取請求令牌
- 獲取訪問令牌
- 如果需要,獲取配置文件
我能夠獲得請求令牌:
private String getRequestToken() throws Exception {
String url = "https://api.twitter.com/oauth/request_token";
URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
String get_or_post = "POST";
String oauth_signature_method = "HMAC-SHA1";
String uuid_string = UUID.randomUUID().toString();
uuid_string = uuid_string.replaceAll("-", "");
String oauth_nonce = uuid_string;
Calendar tempcal = Calendar.getInstance();
long ts = tempcal.getTimeInMillis();// get current time in milliseconds
String oauth_timestamp = (new Long(ts / 1000)).toString();
String parameter_string = "oauth_consumer_key=" + twitter_consumer_key + "&oauth_nonce=" + oauth_nonce
+ "&oauth_signature_method=" + oauth_signature_method + "&oauth_timestamp=" + oauth_timestamp
+ "&oauth_version=1.0";
System.out.println("parameter_string=" + parameter_string);
String twitter_endpoint = "https://api.twitter.com/oauth/request_token";
String signature_base_string = get_or_post + "&" + encode(twitter_endpoint) + "&" + encode(parameter_string);
String oauth_signature = "";
try {
oauth_signature = computeSignature(signature_base_string, twitter_consumer_secret + "&");
} catch (GeneralSecurityException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
String authorization_header_string = "OAuth oauth_consumer_key=\"" + twitter_consumer_key
+ "\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"" + oauth_timestamp + "\",oauth_nonce=\""
+ oauth_nonce + "\",oauth_version=\"1.0\",oauth_signature=\"" + encode(oauth_signature) + "\"";
System.out.println("authorization_header_string=" + authorization_header_string);
// add reuqest header
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", USER_AGENT);
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
con.setRequestProperty("Authorization", authorization_header_string);
System.out.println("---------------------------------------");
System.out.println(authorization_header_string);
System.out.println("---------------------------------------");
// Send post request
con.setDoOutput(true);
int responseCode = con.getResponseCode();
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Response Code : " + responseCode);
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
// print result
System.out.println(response.toString());
String[] twitterResponse = response.toString().split("&");
oauth_token = twitterResponse[0].substring(twitterResponse[0].indexOf("=") + 1);
oauth_token_secret = twitterResponse[1].substring(twitterResponse[1].indexOf("=") + 1);
oauth_callback_confirmed = twitterResponse[2].substring(twitterResponse[2].indexOf("=") + 1);
return response.toString();
}
它的反應很好。 第五步是提供額外信息,即x_auth_expires = 0 ,這意味着接收到的令牌已過期。 因此,我的下一個無法正常工作,這是我的代碼來獲取access_token
public String getAccessToken(HttpServletRequest req) throws Exception {
String url = "https://api.twitter.com/oauth/access_token";
String oauthToken = (String) req.getParameter("oauth_token");
String oauth_verifier = (String) req.getParameter("oauth_verifier");
System.out.println("oauthToken----------"+oauthToken);
System.out.println("oauth_verifier-----------"+oauth_verifier);
URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
String get_or_post = "POST";
String oauth_signature_method = "HMAC-SHA1";
String uuid_string = UUID.randomUUID().toString();
uuid_string = uuid_string.replaceAll("-", "");
String oauth_nonce = uuid_string;
Calendar tempcal = Calendar.getInstance();
long ts = tempcal.getTimeInMillis();
String oauth_timestamp = (new Long(ts / 1000)).toString();
String parameter_string = "oauth_consumer_key=" + twitter_consumer_key + "&oauth_nonce=" + oauth_nonce
+ "&oauth_signature_method=" + oauth_signature_method + "&oauth_timestamp=" + oauth_timestamp
+ "&oauth_token=" + oauthToken + "&oauth_version=1.0";
System.out.println("parameter_string=" + parameter_string);
String twitter_endpoint = "https://api.twitter.com/oauth/request_token";
String signature_base_string = get_or_post + "&" + encode(twitter_endpoint) + "&" + encode(parameter_string);
String oauth_signature = "";
try {
oauth_signature = computeSignature(signature_base_string, twitter_consumer_secret + "&");
} catch (GeneralSecurityException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
String authorization_header_string = "OAuth oauth_consumer_key=\"" + twitter_consumer_key
+ "\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"" + oauth_timestamp + "\",oauth_nonce=\""
+ oauth_nonce + "\",oauth_token=\"" + oauthToken + "\",oauth_version=\"1.0\",oauth_signature=\""
+ encode(oauth_signature) + "\"";
System.out.println("authorization_header_string=" + authorization_header_string);
String urlParameters = "oauth_verifier=" + oauth_verifier;
// add reuqest header
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", USER_AGENT);
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
con.setRequestProperty("Authorization", authorization_header_string);
System.out.println("---------------------------------------");
System.out.println(authorization_header_string);
System.out.println("---------------------------------------");
// Send post request
con.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(urlParameters);
wr.flush();
wr.close();
int responseCode = con.getResponseCode();
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Response Code : " + responseCode);
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
// print result
System.out.println(response.toString());
String[] responseOauthToken=response.toString().split("&");
String oauth_token=responseOauthToken[0].substring(responseOauthToken[0].indexOf("=")+1);
String screenname=responseOauthToken[3].substring(responseOauthToken[3].indexOf("=")+1);
System.out.println("oauth_token---------"+oauth_token);
System.out.println("screenname---------"+screenname);
getProfile(oauth_token,screenname);
return "";
}
驗證配置文件的代碼:
public void getProfile(String oauthToken,String screenname) throws Exception {
String url = "https://api.twitter.com/1.1/account/verify_credentials.json";
URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
String get_or_post = "GET";
String oauth_signature_method = "HMAC-SHA1";
String uuid_string = UUID.randomUUID().toString();
uuid_string = uuid_string.replaceAll("-", "");
String oauth_nonce = uuid_string;
Calendar tempcal = Calendar.getInstance();
long ts = tempcal.getTimeInMillis();
String oauth_timestamp = (new Long(ts / 1000)).toString();
String parameter_string = "oauth_consumer_key=" + twitter_consumer_key + "&oauth_nonce=" + oauth_nonce
+ "&oauth_signature_method=" + oauth_signature_method + "&oauth_timestamp=" + oauth_timestamp
+"&screen_name="+screenname+"&oauth_token="+oauthToken
+ "&oauth_version=1.0";
System.out.println("parameter_string=" + parameter_string);
String twitter_endpoint = "https://api.twitter.com/1.1/account/verify_credentials.json";
String signature_base_string = get_or_post + "&" + encode(twitter_endpoint) + "&" + encode(parameter_string);
String oauth_signature = "";
try {
oauth_signature = computeSignature(signature_base_string, twitter_consumer_secret + "&");
} catch (GeneralSecurityException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
String authorization_header_string = "OAuth oauth_consumer_key=\"" + twitter_consumer_key
+ "\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"" + oauth_timestamp + "\",oauth_nonce=\""
+ oauth_nonce +"\",oauth_token=\""+oauthToken+ "\",oauth_version=\"1.0\",oauth_signature=\"" + encode(oauth_signature) + "\"";
System.out.println("authorization_header_string=" + authorization_header_string);
// add reuqest header
con.setRequestMethod("GET");
con.setRequestProperty("User-Agent", USER_AGENT);
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
con.setRequestProperty("Authorization", authorization_header_string);
System.out.println("---------------------------------------");
System.out.println(authorization_header_string);
System.out.println("---------------------------------------");
// Send post request
con.setDoOutput(true);
int responseCode = con.getResponseCode();
System.out.println("\nSending '"+get_or_post+"' request to URL : " + url);
System.out.println("Response Code : " + responseCode);
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
// print result
System.out.println(response.toString());
}
1 個解決方案
解決方案1
1 已采納 2016-02-10 14:43:00
當x_auth_expires為0時,表示您的訪問令牌沒有到期,因此我不認為這是您的問題。
您的問題(希望是唯一的問題)似乎在getProfile()這一行上:
oauth_signature = computeSignature(signature_base_string, twitter_consumer_secret + "&");
您應該使用消費者密碼以及訪問令牌密碼(以“&”開頭)進行簽名,但是您僅使用消費者密碼。 似乎在接收並提取訪問令牌時甚至沒有提取oauth_token_secret (訪問oauth_token_secret與請求oauth_token_secret )。
我還注意到,您當前正在按索引從響應中提取oauth_token和screen_name 。 雖然屬性的順序似乎是一致的,但按名稱命名最安全。
實際上,我確實看到了另一個問題。 在getProfile() , screen_name不應包含在參數字符串中,因為它不是參數,如果是,則必須按照字典順序。
無法使用access_token訪問資源:Spring Boot Oauth2
[英]Unable to access resources with access_token : spring boot Oauth2
spring oauth2:成功請求后,access_token 沒有響應
[英]spring oauth2: access_token isn't in response after succefull request
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
oAuth 2.0,access_token,Facebook,Twitter
OAuth令牌請求 - 從響應實體獲取access_token
Twitter oauth無效的oauth_verifier參數
從Scribe中的請求標頭中刪除oauth_token
Salesforce OAuth Access_Token是否為null?
刪除/撤消GitHub OAuth'access_token'
無法使用access_token訪問資源:Spring Boot Oauth2
Oauth2從UBER獲取access_token
如何在 azure 和 OAuth 2.0 中使用 access_token
spring oauth2:成功請求后,access_token 沒有響應
相關標簽