oauth令牌授权是否需要付费帐户?我尝试使用免费帐户和试用帐户进行以下操作。
发送/令牌POST as documented会导致:
{
"errorCode": 1004,
"message": "You are not authorized to perform this action.",
"refId": "cd9hgzwmdduh"
}
我使用这些参数:
grant_type: authorization_code
code: <acquired from step 1. in oauth flow>
hash: <see below>
我使用以下命令行操作获取了hash参数:
export app_secret=<acquired from developer app profile.>
export code=<code acquired from step 1 in oauth flow.>
echo -n "$app_secret$code" | openssl dgst -sha256
答案 0 :(得分:1)
这些是我在成功实现Get Access Token端点之前纠正的错误:
创建SHA256哈希时,我忘记在|和app_secret之间连接code。要发送的正确sha256哈希值应为:
echo -n "$app_secret|$code" | openssl dgst -sha256
标题应为:
Content-Type:application/x-www-form-urlencoded
我应该发送x-www-form-urlencoded参数,而不是作为url查询参数发送。
以下是HTML协议的全文:
POST /2.0/token HTTP/1.1
Host: api.smartsheet.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&client_id=<client_id>&code=<code from step 1 of oauth flow>&hash=<see above>
```