Magento Rest Oauth API(签名无效)401

时间:2013-02-01 09:28:59

标签: java magento oauth

当我尝试从Java中使用Magento获取数据时,我收到了Signature无效问题。我的代码有什么问题:

public class MagentoFacade {

final String MAGENTO_API_KEY = "apikey";
final String MAGENTO_API_SECRET = "apisecret";
final String MAGENTO_REST_API_URL = "urlmagento/api/rest";

public void testMethod() {

    OAuthService service = new ServiceBuilder()
    .provider(MagentoThreeLeggedOAuth.class)
    .apiKey(MAGENTO_API_KEY)
    .apiSecret(MAGENTO_API_SECRET)
    .debug()
    .build();




    System.out.println("" + service.getVersion());

    // start
            Scanner in = new Scanner(System.in);
            System.out.println("Magento's OAuth Workflow");
            System.out.println();
            // Obtain the Request Token
            System.out.println("Fetching the Request Token...");
            Token requestToken = service.getRequestToken();
            System.out.println("Got the Request Token!");
            System.out.println();

             // Obtain the Authorization URL
            System.out.println("Fetching the Authorization URL...");
            String authorizationUrl = service.getAuthorizationUrl(requestToken);
            System.out.println("Got the Authorization URL!");
            System.out.println("Now go and authorize Main here:");
            System.out.println(authorizationUrl);
            System.out.println("And paste the authorization code here");
            System.out.print(">>");
            Verifier verifier = new Verifier(in.nextLine());
            System.out.println();

            System.out.println("Trading the Request Token for an Access Token...");
            Token accessToken = service.getAccessToken(requestToken, verifier);
            System.out.println("Got the Access Token!");
            System.out.println("(if your curious it looks like this: "
                    + accessToken + " )");
            System.out.println();

             OAuthRequest request = new OAuthRequest(Verb.GET, MAGENTO_REST_API_URL+ "/products?limit=2");
                service.signRequest(accessToken, request);
                Response response = request.send();
                System.out.println();
                System.out.println(response.getCode());
                System.out.println(response.getBody());
                        System.out.println();
}


public static void main(String[] args) {
    MagentoFacade mf = new MagentoFacade();
    mf.testMethod();
}

}

public final class MagentoThreeLeggedOAuth extends DefaultApi10a {
private static final String BASE_URL = "urltoMagento/";

@Override
public String getRequestTokenEndpoint() {
    return BASE_URL + "oauth/initiate";
}

@Override
public String getAccessTokenEndpoint() {
    return BASE_URL + "oauth/token";
}

@Override
public String getAuthorizationUrl(Token requestToken) {
    return BASE_URL + "richard/oauth_authorize?oauth_token="
            + requestToken.getToken(); //this implementation is for admin roles only...
}

}

签名是:NnRaB73FqCcFAAVB4evZtGkWE3k = 附加额外的OAuth参数:{oauth_callback - > oob,oauth_signature - > NnRaB73FqCcFAAVB4evZtGkWE3k =,oauth_version - > 1.0,oauth_nonce - > 753236685,oauth_signature_method - > HMAC-SHA1,oauth_consumer_key - > ptrij1xt8tjisjb6kmdqed2v4rpla8av,oauth_timestamp - > 1359710704} 使用Http Header签名 发送请求... 响应状态码:401 响应正文:oauth_problem = signature_invalid& debug_sbs = MCe / RB8 / GNuqV0qku00ubepc / Sc = 线程“main”中的异常org.scribe.exceptions.OAuthException:响应正文不正确。无法从中提取令牌和秘密:'oauth_problem = signature_invalid& debug_sbs = MCe / RB8 / GNuqV0qku00ubepc / Sc ='     at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:41)     at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:27)     at org.scribe.oauth.OAuth10aServiceImpl.getRequestToken(OAuth10aServiceImpl.java:52)     at magento.MagentoFacade.testMethod(MagentoFacade.java:39)     在magento.MagentoFacade.main(MagentoFacade.java:73)

2 个答案:

答案 0 :(得分:6)

我可能会为您找到答案,但在您的情况下可能不起作用。 我很难找到为什么我的本地机器上的签名无效。

事实证明,在Mage_Oauth_Model_Server :: _ validateSignature()中计算签名时,Magento会构建请求URI部分并修剪URL端口路径$this->_request->getHttpHost()

在我的情况下,本地网络服务器在端口81上运行,因此我的签名和Magento无法匹配。 通过将false参数传递给getHttpHost方法,您可以防止端口修剪。

我知道这是非常具体的,但我失去了所有的头发,弄清楚为什么所以我需要分享它。谁知道,也许这可能有所帮助。

干杯 Bouni

答案 1 :(得分:2)

我想在Postman中添加一个,我只需添加另一个getHttpHost的urlparameter,其值为false,并且也可以。我和他一起战斗了一整天。我希望这能节省别人的时间。