雅虎BOSS V2授权麻烦

时间:2011-07-22 22:24:02

标签: python oauth yahoo

我对雅虎的身份验证/授权非常困难。我在我的帐户中启用了BOSS,设置了付款方式,现在我正在尝试使用一些python代码运行搜索:

import urllib2
import oauth2 as oauth
import time

OAUTH_CONSUMER_KEY = "blahblahblah"
OAUTH_CONSUMER_SECRET = "blah"

def oauth_request(url, params, method="GET"):
    params['oauth_version'] = "1.0",
    params['oauth_nonce'] = oauth.generate_nonce(),
    params['oauth_timestamp'] = int(time.time())

    consumer = oauth.Consumer(key=OAUTH_CONSUMER_KEY,
                              secret=OAUTH_CONSUMER_SECRET)
    params['oauth_consumer_key'] = consumer.key
    req = oauth.Request(method=method, url=url, parameters=params)
    req.sign_request(oauth.SignatureMethod_HMAC_SHA1(), consumer, None)

    return req


if __name__ == "__main__":
    url = "http://yboss.yahooapis.com/ysearch/web"

    req = oauth_request(url, params={"q": "cats dogs"})
    req_url = req.to_url()
    print req_url
    result = urllib2.urlopen(req_url)

我一直收到urllib2.HTTPError: HTTP Error 401: Unauthorized个例外。我无法弄清楚我的密钥或签名方法是否有问题,或者我是否在签署后以某种方式篡改我的数据,或者交易是什么。有人有建议吗?

6 个答案:

答案 0 :(得分:7)

我做了一些小改动让你的例子工作。请参阅代码以供评论。

import urllib2
import oauth2 as oauth
import time

OAUTH_CONSUMER_KEY = "blahblahblah"
OAUTH_CONSUMER_SECRET = "blah"

def oauth_request(url, params, method="GET"):
    # Removed trailing commas here - they make a difference.
    params['oauth_version'] = "1.0" #,
    params['oauth_nonce'] = oauth.generate_nonce() #,
    params['oauth_timestamp'] = int(time.time())

    consumer = oauth.Consumer(key=OAUTH_CONSUMER_KEY,
                              secret=OAUTH_CONSUMER_SECRET)
    params['oauth_consumer_key'] = consumer.key
    req = oauth.Request(method=method, url=url, parameters=params)
    req.sign_request(oauth.SignatureMethod_HMAC_SHA1(), consumer, None)

    return req


if __name__ == "__main__":
    url = "http://yboss.yahooapis.com/ysearch/web"

    req = oauth_request(url, params={"q": "cats dogs"})
    # This one is a bit nasty. Apparently the BOSS API does not like
    # "+" in its URLs so you have to replace "%20" manually.
    # Not sure if the API should be expected to accept either.
    # Not sure why to_url does not just return %20 instead...
    # Also, oauth2.Request seems to store parameters as unicode and forget
    # to encode to utf8 prior to percentage encoding them in its to_url
    # method. However, it's handled correctly for generating signatures.
    # to_url fails when query parameters contain non-ASCII characters. To
    # work around, manually utf8 encode the request parameters.
    req['q'] = req['q'].encode('utf8')
    req_url = req.to_url().replace('+', '%20')
    print req_url
    result = urllib2.urlopen(req_url)

答案 1 :(得分:4)

这是一个Python代码片段,适用于我对抗Yahoo! BOSS:

import httplib2
import oauth2
import time

OAUTH_CONSUMER_KEY = "Blah"
OAUTH_CONSUMER_SECRET = "Blah"

if __name__ == "__main__":
    url = "http://yboss.yahooapis.com/ysearch/web?q=cats%20dogs"
    consumer = oauth2.Consumer(key=OAUTH_CONSUMER_KEY,secret=OAUTH_CONSUMER_SECRET)
    params = {
        'oauth_version': '1.0',
        'oauth_nonce': oauth2.generate_nonce(),
        'oauth_timestamp': int(time.time()),
    }

    oauth_request = oauth2.Request(method='GET', url=url, parameters=params)
    oauth_request.sign_request(oauth2.SignatureMethod_HMAC_SHA1(), consumer, None)
    oauth_header=oauth_request.to_header(realm='yahooapis.com')

    # Get search results
    http = httplib2.Http()
    resp, content = http.request(url, 'GET', headers=oauth_header)
    print resp
    print content

我使用Authenticate Header提交OAuth签名。

答案 2 :(得分:1)

所以我决定抛弃Python并尝试Perl,并且Just Justed。这是一个最小的代码示例:

use strict;
use Net::OAuth;
use LWP::UserAgent;

my $CC_KEY = "blahblahblah";
my $CC_SECRET = "blah";

my $url = 'http://yboss.yahooapis.com/ysearch/web';
print make_request($url, {q => "cat dog", format => "xml", count => 5});

sub make_request {
    my ($url, $args) = @_;

    my $request = Net::OAuth->request("request token")
      ->new(
            consumer_key => $CC_KEY,
            consumer_secret => $CC_SECRET,
            request_url => $url,
            request_method => 'GET',
            signature_method => 'HMAC-SHA1',
            timestamp => time,
            nonce => int(rand 10**6),
            callback => 'oob',
            extra_params => $args,
            protocol_version => Net::OAuth::PROTOCOL_VERSION_1_0A,
            );
    $request->sign;

    my $res = LWP::UserAgent->new(env_proxy=>1)->get($request->to_url); 
    return $res->content if $res->is_success;
    die $res->status_line;
}

答案 3 :(得分:1)

这是另一个解决方案,这次是在python-land中。这是由Pattern网络挖掘工具包的作者Tom De Smedt撰写的。

我会与python-oauth2的作者联系,看看是否可以修复。

OAUTH_CONSUMER_KEY = "blahblahblah"
OAUTH_CONSUMER_SECRET = "blah"

import urllib
import hmac
import time
import random
import base64

try:
     from hashlib import sha1
     from hashlib import md5
except:
     import sha as sha1
     import md5; md5=md5.new

def hmac_sha1(key, text):
     return hmac.new(key, text, sha1).digest()

def oauth_nonce(length=40):
     h = "".join([str(random.randint(0, 9)) for i in range(length)])
     h = md5(str(time.time()) + h).hexdigest()
     return h

def oauth_timestamp():
     return str(int(time.time()))

def oauth_encode(s):
     return urllib.quote(s, "~")

def oauth_signature(url, data={}, method="get", secret="", token=""):
     # Signature base string: http://tools.ietf.org/html/rfc5849#section-3.4.1
     base  = oauth_encode(method.upper()) + "&"
     base += oauth_encode(url.rstrip("?")) + "&"
     base += oauth_encode("&".join(["%s=%s" % (k, v) for k, v in sorted(data.items())]))
     # HMAC-SHA1 signature algorithm: http://tools.ietf.org/html/rfc5849#section-3.4.2
     signature = hmac_sha1(oauth_encode(secret) + "&" + token, base)
     signature = base64.b64encode(signature)
     return signature

q = "cat"
url = "http://yboss.yahooapis.com/ysearch/" + "web" # web | images | news
data = {
     "q": q,
     "start": 0,
     "count": 50, # 35 for images
     "format": "xml",
     "oauth_version": "1.0",
     "oauth_nonce" : oauth_nonce(),
     "oauth_timestamp" : oauth_timestamp(),
     "oauth_consumer_key" : OAUTH_CONSUMER_KEY,
     "oauth_signature_method" : "HMAC-SHA1",
}
data["oauth_signature"] = oauth_signature(url, data, secret=OAUTH_CONSUMER_SECRET)


complete_url = url + "?" + urllib.urlencode(data)
response = urllib.urlopen(complete_url)
print response.read()

答案 4 :(得分:1)

以下是访问Yahoo!的示例代码BOSS API v2使用python-oauth作为oauth liberary。

OAUTH_CONSUMER_KEY    = "<oauth consumer key>"
OAUTH_CONSUMER_SECRET = "<oauth consumer secret>"
URL                   = "http://yboss.yahooapis.com/ysearch/web"

import urllib
import oauth.oauth as oauth

data = {
    "q": "yahoo boss search",
    "start":0,
    "count":2,
    "format":"json"
}
consumer = oauth.OAuthConsumer(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET)
signature_method_plaintext = oauth.OAuthSignatureMethod_PLAINTEXT()
signature_method_hmac_sha1 = oauth.OAuthSignatureMethod_HMAC_SHA1()
oauth_request = oauth.OAuthRequest.from_consumer_and_token(consumer, token=None, http_method='GET', http_url=URL, parameters=data)
oauth_request.sign_request(signature_method_hmac_sha1, consumer, "")
complete_url = oauth_request.to_url()
response = urllib.urlopen(complete_url)
print "REQUEST URL => %s" % complete_url
print ""
print "RESPONSE =>"
print response.read()

答案 5 :(得分:0)

我使用调试器进入urllib2.open代码,发现响应有这个标题:

WWW-Authenticate: OAuth oauth_problem="version_rejected", realm="yahooapis.com"

所以我猜我的OAuth版本不匹配。