我们正在尝试与另一家公司的自定义API建立联系,该API使用两条腿OAuth来验证请求并向我们发送回复。
目前我们的代码正在发送请求,但未在另一端进行身份验证,因此发送了一个UNAUTHORIZED响应。
正如其他公司所说,认证包括以下步骤。
"使用两条腿OAuth身份验证处理身份验证:
All requests must include both an oauth_consumer_key and an oauth_signature attribute submitted via the HTTP GET method.
The oauth_consumer_key attribute will be the user name that the user uses to access our web site.
The oauth_signature attribute is obtained by signing the request with the OAuth signature method for HMAC-SHA1 encryption. The signature is generated using both the oauth_consumer_key attribute and the consumer secret. A single consumer secret is required per franchise and can be obtained upon request from test@examplerelationships.com.
OAuth libraries are available for many languages here: http://oauth.net/code/."
我们在最后使用Scribe java库尝试的是
public static void main(String[] args){
String oauth_consumer_key = "test@example.com";
String oauth_signature = "keyprovided";
OAuthService service = new ServiceBuilder()
.provider(Dummy.class)
.apiKey(oauth_consumer_key)
.apiSecret(oauth_signature)
.build();
OAuthRequest request = new OAuthRequest(Verb.GET,"https://example.com/api/users");
Token accessToken = new Token("","");
service.signRequest(accessToken, request);
Response response = request.send();
System.out.println(response.getHeaders());
System.out.println(response.getBody());
}
目前的回复是401-Unauthorized。还有什么可以遗漏?那么HMAC-SHA1加密呢?我对oauth有点了解。