保证OAuth 1.0a如何在请求中插入Header和Query参数

时间:2016-08-23 18:40:32

标签: rest magento oauth rest-assured

Magento的1.9 REST API需要Authorization Header和oauth查询参数,但是oauth()只允许OAuthSignature.HEADER或QUERY_STRING 

given().auth().oauth(CONSUMER_KEY, CONSUMER_SECRET, ACCESS_TOKEN, 
            SECRET_TOKEN,OAuthSignature.HEADER)

我将代码跟踪到com.jayway.restassured.internal.httpAuthConfig.process(..),但我不知道该怎么做。

问:是否有过滤器或某种方法可以让我强制两者?

TL; DR 我首先提到这个:How to use POSTMAN rest client with magento REST api with Oauth. How to get Token and Token Secret? 最后一句话

  

注意,您必须检查"将参数添加到标题"复选框,以便Magento REST调用正常工作。

使用Postman,当我勾选框并失败时,OAuth 1.0 GET正常工作 当我没有,403访问被拒绝。这与我在放心使用OAuthSignature.QUERY_STRING时得到的响应相同。 

WORKS: Sent from Postman (add params to header)

GET /api/rest/products?oauth_consumer_key=<my-consumer-key>&oauth_token=<my-oauth-token>&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1471929347&oauth_nonce=LJ3o2K&oauth_version=1.0&oauth_signature=0Any8rQ+XjbnWcdXmpHFujg1V7o= HTTP/1.1
Host: dockerized-magento.local
Connection: keep-alive
Authorization: OAuth oauth_consumer_key="<my-consumer-key>",oauth_token="<my-oauth-token>",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1471996573",oauth_nonce="ElK9Fx",oauth_version="1.0",oauth_signature="SvDfMxrWj1O0P2%2FWPOomEVEb93c%3D"
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36
Postman-Token: 9348e805-3c6f-54d7-082f-a1458164725d
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

有保证的OAuthSignature.QUERY_STRING 

Doesn't Work: OAuthSignature.QUERY_STRING

GET /api/rest/products?oauth_nonce=-316324336&oauth_signature=TlANZu5ogxowYJCpr2V7W448tjw%3D&oauth_token=<my-oauth-token>&oauth_consumer_key=<my-consumer-key>&oauth_timestamp=1471996938&oauth_signature_method=HMAC-SHA1&oauth_version=1.0 HTTP/1.1
Accept: */*
Content-Length: 0
Host: dockerized-magento.local
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.1 (Java/1.8.0_77)
Accept-Encoding: gzip,deflate

RESP: {"messages":{"error":[{"code":403,"message":"Access denied"}]}}

同样失败的回复使用Postman with out&#34;将params添加到标题&#34;)

Doesn'T WORK: Sent from Postman (NO - add params to header)

GET /api/rest/products?oauth_consumer_key=<my-consumer-key>&oauth_token=<my-oauth-token>&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1471976516&oauth_nonce=OTWTNW&oauth_version=1.0&oauth_signature=Dsh5TEErEC9rMbKakta1v2E7ZTw= HTTP/1.1
Host: dockerized-magento.local
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36
Postman-Token: f9800e1c-b259-f025-cf48-68e483283869
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

Response: {"messages":{"error":[{"code":403,"message":"Access denied"}]}}

1 个答案:

答案 0 :(得分:0)

错误,HEADER选项正常。 上面的邮递员链接,工作正常,是一个很大的帮助,让我相信我需要url参数和标题。我回到邮递员并在将标题添加到标题后删除了url params。这很好。 我回去后发现我的消费者钥匙错了。

提示:Magento Consumer Keys and Secret不是“可复制的”,请使用firebug!

相关问题
最新问题