我在创建OAuth授权标头时遇到了麻烦。我一直收到INVALID_LOGIN_ATTEMPT,但找不到我做错的事情。
我已经按照here的指示创建了授权标头。
我完整的工作流程:
RESTlet URL是从部署详细信息中复制/粘贴的,并且 帐户ID是从“设置/集成/ Web服务首选项”中提取的
这是我的虚拟客户端:
const https = require('https');
const crypto = require('crypto');
function generateNonce() {
return crypto.randomBytes(16).toString("hex");
}
const NETSUITE_ACCOUNT_ID = 'tstdrv00000000';
const BASE_URL = `https://${NETSUITE_ACCOUNT_ID}.restlets.api.netsuite.com/app/site/hosting/restlet.nl`;
const HTTP_METHOD = 'GET';
const SCRIPT_ID = '546';
const SCRIPT_DEPLOYMENT_ID = '1';
const OAUTH_VERSION = '1.0';
const TOKEN_ID = "0";
const TOKEN_SECRET = "0";
const CONSUMER_KEY = "0";
const CONSUMER_SECRET = "0";
const OAUTH_NONCE = generateNonce();
const TIMESTAMP = Date.now();
function createSignature() {
const key = `${CONSUMER_SECRET}&${TOKEN_SECRET}`;
const data = `deploy=${SCRIPT_DEPLOYMENT_ID}&oauth_consumer_key=${CONSUMER_KEY}&oauth_nonce=${OAUTH_NONCE}&oauth_signature_method=HMAC-SHA256&oauth_timestamp=${TIMESTAMP}&oauth_token=${TOKEN_ID}&oauth_version=${OAUTH_VERSION}&script=${SCRIPT_ID}`;
const payload = `${HTTP_METHOD}&${encodeURIComponent(BASE_URL)}&${encodeURIComponent(data)}`;
const hmac = crypto.createHmac('sha256', key);
const digest = hmac.update(payload).digest('hex');
const signature = new Buffer(digest).toString('base64');
return signature;
}
let OAuth = `OAuth oauth_signature="${createSignature()}", oauth_version="1.0", oauth_nonce="${OAUTH_NONCE}", oauth_signature_method="HMAC-SHA256", oauth_consumer_key="${CONSUMER_KEY}", oauth_token="${TOKEN_ID}", oauth_timestamp="${TIMESTAMP}", realm="${NETSUITE_ACCOUNT_ID}"`;
const request = new Promise((resolve, reject) => {
const responsePayload = [];
const request = https.get(
`${BASE_URL}?script=${SCRIPT_ID}&deploy=${SCRIPT_DEPLOYMENT_ID}`,
{
headers: {
"Content-Type": "application/json",
"Authorization": OAuth
},
},
(response) => {
console.log("statusCode: ", response.statusCode);
console.log("headers: ", response.headers);
response.setEncoding('utf8');
response.on('data', chunk => {
responsePayload.push(chunk);
});
response.on('end', () => {
try {
resolve(JSON.parse(responsePayload.join()));
} catch (error) {
resolve(responsePayload);
}
});
}
);
request.on('error', error => {
reject(error);
});
request.end();
});
request
.then((response => console.log("OK", response)))
.catch(e => console.error("Error", e));
答案 0 :(得分:2)
INVALID_LOGIN_ATTEMPT
此错误表示OAuth标头中存在问题。当OAuth标头中的随机数,使用者密钥,令牌或签名无效时,可以返回该值。
我相信您的签名不正确。它在可变有效负载上应具有与在xhr请求上相同的url /参数以生成签名:
const payload = '${HTTP_METHOD}&${BASE_URL}?script=${SCRIPT_ID}&deploy=${SCRIPT_DEPLOYMENT_ID}&${encodeURIComponent(data)}';
const request = new Promise((resolve, reject) => {
const responsePayload = [];
const request = https.get(
'${BASE_URL}?script=${SCRIPT_ID}&deploy=${SCRIPT_DEPLOYMENT_ID}&${encodeURIComponent(data)}',
{
headers: {
"Content-Type": "application/json",
"Authorization": OAuth
},
},
...
答案 1 :(得分:-1)
我使用了以下软件包:https://www.npmjs.com/package/oauth-1.0a
var oauth = new OAuth({
"hash_function" : function(base_string, key) {
return crypto.createHmac('sha1', key).update(base_string).digest('base64');
},
"consumer" : { "key" : CONSUMER_KEY, "secret" : CONSUMER_SECRET },
"signature_method" : "HMAC-SHA1"
});
const oauthToken = { "key" : OAUTH_TOKEN, "secret" : OAUTH_TOKEN_SECRET },
request = { "url" : url, "method' : method };
let headers = oauth.toHeader(oauth.authorize(request, oauthToken));
headers.Authorization += `,realm=${REALM}`;