如何从 Web 应用程序访问仅限身份验证的 Twitter API 方法
我有一个 iPhone 网络应用程序,它最终将在 PhoneGap 应用程序中运行 - 但现在我在 Safari 中运行它。
该应用程序需要访问 Twitter 好友的推文,包括私人推文。所以我使用 Scribe 库实现了 OAuth。我成功地将用户弹回 Twitter,让他们进行身份验证,然后弹回。
此时,Web 应用程序具有在本地保留的 oAuth 凭据(密钥和令牌)。从这里开始,我希望它使用 Twitter statuses/user_timeline.json 方法来抓取特定用户的推文。我的应用程序使用 JSONP 请求成功地对未受保护的推文执行此操作;当它访问私人 Twitter 源的时间线时,应用程序中会出现一个 HTTP 基本身份验证对话框。
我相信我需要向 Twitter 提供 OAuth 凭据,以便我的 Web 应用程序可以识别和验证自身。 Twitter 建议通过添加 HTTP 授权标头来实现此目的,但由于我使用 JSONP 进行请求,因此我认为这不适合我。我的假设正确吗?
因此,我的选择似乎是要么将 oAuth 凭据作为查询字符串参数(Twitter 建议不要这样做,但文档表明仍然支持);或通过中间服务器代理所有推文。我宁愿避免后者。
我使用以下形式的 URL 访问 Twitter API
当 user_id 是公共用户时,这可以正常工作。当 user_id 是私人用户时,我会看到 HTTP 基本身份验证对话框。知道我做错了什么吗?我希望这是一些令人尴尬的简单事情,比如“忘记一个重要的参数”......
I have a web application for iPhone, which will ultimately run within a PhoneGap application - but for now I'm running it in Safari.
The application needs to access tweets from Twitter friends, including private tweets. So I've implemented OAuth using the Scribe library. I successfully bounce users to Twitter, have them authenticate, then bounce back.
At this point the web app has oAuth credentials (key and token) which it persists locally. From here on I'd like it to user the Twitter statuses/user_timeline.json method to grab tweets for a particular user. I have the application using JSONP requests to do this with unprotected tweets successfully; when it accesses the timeline of a private Twitter feed, an HTTP basic authentication dialog appears in the app.
I believe that I need to provide the OAuth credentials to Twitter, so that my web application can identify and authenticate itself. Twitter recommends doing so through the addition of an HTTP Authorization header, but as I'm using JSONP for the request I don't think this is an option for me. Am I right in assuming this?
My options therefore appear to either be putting the oAuth credentials as query-string parameters (which Twitter recommends against, but documentation suggests still supports); or proxying all the Tweets through an intermediate server. I'd rather avoid the latter.
I access the Twitter API using URLs of the form
When user_id is a public user, this works fine. When user_id is a private user, I get that HTTP Basic Auth dialog. Any idea what I'm doing wrong? I'm hoping it's something embarrassingly simple like "forgetting an important parameter"...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
oAuth 节需要准确,按照 http://dev.twitter.com/ pages/auth#auth-request - 我最终构建了一个 Authorization: 标头,我可以首先使用curl 检查该标头。
我使用 http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
这是受保护用户的好友 API 请求:
值得重申一下正如您尝试做的那样,对于跨域 JSONP 请求(无法添加 HTTP 标头),您可以通过放置所有相关的键/值对来发出 oAuth 请求,而不是通过 jquery 的 beforeSend 函数设置授权标头在 GET 请求中。这有望帮助其他各种提问者,例如
您的请求看起来有一个几个问题;它缺少用户的 oauth_token 加上 oauth_signature 看起来不像是经过 Base64 编码的(因为它分别缺少十六进制编码的 = 或 ==、%3 或 %3D%3D)。
这是使用 oAuth 编码的查询字符串参数的 GET 等效项,您可以在跨域 JSONP 调用中使用它:
The oAuth stanza needs to be exact, as per http://dev.twitter.com/pages/auth#auth-request - I ended up building an Authorization: header that I could first check with curl.
I built it using the really helpful interactive request checker at http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
Here's a friends API request for a protected user:
It's worth re-iterating that as you've tried to do, instead of setting the Authorization header via e.g. jquery's beforeSend function, that for cross-domain JSONP requests (which can't add HTTP headers) you can make oAuth requests by putting all the relevant key/value pairs in the GET request. This should hopefully help out various other questioners, e.g
Your request looks like it has a couple of problems; it's missing the user's oauth_token plus the oauth_signature doesn't look like it has been base64 encoded (because it's missing a hex encoded = or ==, %3 or %3D%3D respectively).
Here's my GET equivalent using oAuth encoded querystring params, which you can use in a cross-domain JSONP call:
我正在努力解决从 Jquery 发出 JSONP 请求的类似问题,上面的答案只是帮助添加我为实现解决方案所做的事情。
我正在执行服务器到服务器的 oauth,然后发送 oauth 令牌、秘密、消费者密钥和秘密(这是我们放置代理来保护消费者秘密时的临时解决方案)。您可以将其替换为客户端的令牌获取代码。
Oauth.js 和 Sha1.js 下载链接!
一旦生成签名。
现在有 2 个问题:
正如上面的答案所说,1 无法完成。
另外,回调=?不起作用,因为参数列表必须进行签名,并且在将请求发送到远程服务器 Jquery 时替换callback=?某些名称,如callback=Jquery1232453234。因此必须使用命名处理程序。
并且 getJSON 不适用于命名函数处理程序,因此我使用
Create url with base url 和来自parameterMap的键值对
I was struggling with similar problem of making JSONP requests from Jquery, the above answer helped just to add what I did to achieve my solution.
I am doing server to server oauth and then I send oauth token, secret, consumer key and secret (this is temporary solution by the time we put a proxy to protect consumer secret). You can replace this to token acquiring code at client.
Oauth.js and Sha1.js download link!
Once signature is generated.
Now there are 2 problems:
As above answer says 1 cannot be done.
Also, callback=? won't work as the parameter list has to be signed and while sending the request to remote server Jquery replace callback=? to some name like callback=Jquery1232453234. So a named handler has to be used.
and getJSON did not work with named function handler, so I used
Create url with base url and key value pairs from parameterMap