使用rauth从fatsecret API无效签名

时间:2014-01-18 04:02:57

标签: python oauth rauth

我已经成功地遵循了rauth OAuth1示例来获取访问权限,从而从fatsecret API检索数据。我将access_token和access_token_secret存储在搁置数据库中。我的问题是,当我尝试使用我存储的令牌以后检索更多数据时,我收到“无效签名”错误。

以下是获取令牌并检索exercise_entries.get方法的原始脚本:

from rauth.service import OAuth1Service
import shelve

api_url = 'http://platform.fatsecret.com/rest/server.api'
shelf = shelve.open('token_shelf.db')

fatsecret = OAuth1Service(
    consumer_key = 'xxxxxxxxxxxxx',
    consumer_secret = 'xxxxxxxxxxxxx',
    name = 'fatsecret',
    request_token_url = 'http://www.fatsecret.com/oauth/request_token',
    access_token_url = 'http://www.fatsecret.com/oauth/access_token',
    authorize_url = 'http://www.fatsecret.com/oauth/authorize')

request_token, request_token_secret = fatsecret.get_request_token(
                        method = 'GET',
                        params = {'oauth_callback':'oob'})

authorize_url = fatsecret.get_authorize_url(request_token)

print 'Visit this URL in your browser: ' + authorize_url
pin = raw_input('Enter PIN from browser: ')
shelf['fatsecret_request_token'] = request_token
shelf['fatsecret_request_token_secret'] = request_token_secret
shelf['fatsecret_pin'] = pin

session = fatsecret.get_auth_session(
                                     request_token, 
                                     request_token_secret, 
                                     params={'oauth_verifier': pin}
                                     )
shelf['fatsecret_access_token'] = session.access_token
shelf['fatsecret_access_token_secret'] = session.access_token_secret

my_params = {'method': 'exercise_entries.get', 'format': 'json'}
r = session.get(api_url, params=my_params)

print r.json()
print r.content
shelf.close()

然后我尝试从架子上恢复我的access_token和access_token_secret并打开一个新会话,但我被告知我签名无效。

from rauth.service import OAuth1Service
import shelve
api_url = 'http://platform.fatsecret.com/rest/server.api'
shelf = shelve.open('token_shelf.db')
fs_access_token = shelf['fatsecret_access_token']
fs_access_token_secret = shelf['fatsecret_access_token']

fatsecret = OAuth1Service(
    consumer_key = 'xxxxxxxxxxxxx',
    consumer_secret = 'xxxxxxxxxxxxx',
    name = 'fatsecret',
    request_token_url = 'http://www.fatsecret.com/oauth/request_token',
    access_token_url = 'http://www.fatsecret.com/oauth/access_token',
    authorize_url = 'http://www.fatsecret.com/oauth/authorize')

session = fatsecret.get_session((fs_access_token,fs_access_token_secret))

my_params = {'method': 'exercise_entries.get', 'format': 'json'}
r = session.get(api_url,params=my_params)
print r.content
print r.url
shelf.close()

这会将r.content返回为:

{ "error": {"code": 8, "message": "Invalid signature: oauth_signature 'ccZpSYAPSn+umkTxcAVH7EChVvw='" }}

r.url是:

http://platform.fatsecret.com/rest/server.api?oauth_nonce=604416f368159818e3ad8252a0da323be16319a3&format=json&oauth_consumer_key=xxxxxxxxxxxxx&oauth_timestamp=1390015877&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_token=xxxxxxxxxxxxx&oauth_signature=l4Ricqpbbwl%2BHPS2ItLLnvXQo%2FA%3D&method=exercise_entries.get

唯一引起我注意的是r.url参数似乎没有按字母顺序排序,但我不知道这是否准确反映了发送给fatsecret的内容,无论如何它在第一个脚本中工作正常

我尝试了类似using OAuth1Session而不是OAuth1Service的内容,但收到了完全相同的结果。

我很感激能帮到你的工作。

1 个答案:

答案 0 :(得分:0)

我无数次检查了这段代码,发现没有错。当我在额外的打印中添加调试时,我注意到我在重用会话的第6行检索了两次access_token。毕竟这只是一个错字。

变化:

fs_access_token = shelf['fatsecret_access_token']
fs_access_token_secret = shelf['fatsecret_access_token']

要:

fs_access_token = shelf['fatsecret_access_token']
fs_access_token_secret = shelf['fatsecret_access_token_secret']

所以上面的代码实际上是使用python的fatsecret api进行身份验证的一个很好的演示。

相关问题
最新问题