使用基于sign-post api的grails-oauth插件刷新Yahoo Oauth访问令牌
我正在使用 grails oauth 插件。这成功地向我提供了雅虎的access_token。但问题是——这个令牌(来自 yahoo)的有效期只有 1 小时。之后我们需要刷新它。浏览他们的文档,似乎他们有刷新它的过程(以防令牌过期)。并且这个调用绕过了第三条腿(用户的手动接受过程)。太好了!
现在,如果我尝试使用方法 oauthService.fetchAccessToken ——我猜这是命中 get_access_token url(在提供商一侧)的方法。但我遇到了例外:
oauth.signpost.exception.OAuthNotAuthorizedException:授权 失败(服务器回复 401)。如果消费者 密钥不正确或签名不匹配。在 oauth.signpost.AbstractOAuthProvider.handleUnexpectedResponse(AbstractOAuthProvider.java:239) 在 oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:189) 在 oauth.signpost.AbstractOAuthProvider.retrieveAccessToken(AbstractOAuthProvider.java:99) 在 oauth.signpost.OAuthProvider$retrieveAccessToken.call(未知 来源)位于 org.grails.plugins.oauth.OauthService.fetchAccessToken(OauthService.groovy:286) 在 org.grails.plugins.oauth.OauthService$fetchAccessToken.call(未知 来源)
我已经进一步调试了插件和路标代码。我认为我们应该研究一下路标(现在),插件可以在以后轻松修改。
供您参考,我正在将路标(jar - 1.2.1.1)与 commonshttp4 客户端一起使用,
这是用于刷新 accessToken 的雅虎文档页面的链接。 http://developer.yahoo.com/oauth/guide/oauth-refreshaccesstoken.html
Yahoo 在 yahoo 使用 accessToken 发送的请求中需要 oauth_session_handle 参数。 Signpost 确实提供了一种获取此信息的方法 - provider.getResponseParameters()。
接下来,我使用以下方法将这些参数放回到刷新令牌请求中—— consumer.setAdditionalParameters(httpParams)
但这不起作用!以下是堆栈跟踪的部分。当我尝试获取刷新的AccessToken时
oauth.signpost.exception.OAuthNotAuthorizedException:授权 失败(服务器回复 401)。如果消费者 密钥不正确或签名不匹配。在 oauth.signpost.AbstractOAuthProvider.handleUnexpectedResponse(AbstractOAuthProvider.java:239) 在 oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:189) 在 oauth.signpost.AbstractOAuthProvider.retrieveAccessToken(AbstractOAuthProvider.java:99)
期待很快收到一些伟大/慷慨的人的消息:-)
谢谢, 萨利尔
I am using grails oauth plugin. Which is providing me yahoo's access_token successfully. But the problem is -- this token (from yahoo) has validity of 1 hr only. And after that we need to refresh it. And going through their documentation it seems like they have process to refresh it (in case token expires). And this call bypasses the thrid leg (user's manual acceptance process). that's very good!
Now, if I am trying to use method oauthService.fetchAccessToken -- I guess this is the method which hits get_access_token url (at provider's side). But I am getting exception:
oauth.signpost.exception.OAuthNotAuthorizedException: Authorization
failed (server replied with a 401). This can happen if the consumer
key was not correct or the signatures did not match. at
oauth.signpost.AbstractOAuthProvider.handleUnexpectedResponse(AbstractOAuthProvider.java:239)
at
oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:189)
at
oauth.signpost.AbstractOAuthProvider.retrieveAccessToken(AbstractOAuthProvider.java:99)
at oauth.signpost.OAuthProvider$retrieveAccessToken.call(Unknown
Source) at
org.grails.plugins.oauth.OauthService.fetchAccessToken(OauthService.groovy:286)
at
org.grails.plugins.oauth.OauthService$fetchAccessToken.call(Unknown
Source)
I have debugged further into plugin and signpost code. And I think we should look into signpost (for now), plugin can be modified easily later.
For your information, I am using signpost (jar - 1.2.1.1) with commonshttp4 client
here's the link of Yahoo documentation page for refreshing the accessToken.
http://developer.yahoo.com/oauth/guide/oauth-refreshaccesstoken.html
Yahoo needs oauth_session_handle parameter in the request which is sent by yahoo with accessToken. Signpost does provides a way to fetch this -- provider.getResponseParameters().
Now next is, I am using following way to put these parameters back into the refreshToken request --
consumer.setAdditionalParameters(httpParams)
But it doesn't work! Following is the part of stacktrace. When I try to get the refreshedAccessToken
oauth.signpost.exception.OAuthNotAuthorizedException: Authorization
failed (server replied with a 401). This can happen if the consumer
key was not correct or the signatures did not match. at
oauth.signpost.AbstractOAuthProvider.handleUnexpectedResponse(AbstractOAuthProvider.java:239)
at
oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:189)
at
oauth.signpost.AbstractOAuthProvider.retrieveAccessToken(AbstractOAuthProvider.java:99)
looking forward to hear soon from some great/generous guy(s) :-)
Thanks,
Salil
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我找到了答案并想与其他人分享(可能会遇到类似情况的人)。
首先,如果您正在使用路标库进行 oauth,我建议您停止使用它。因为,自 2011 年 1 月以来,开发已停止。请阅读以下内容:
http://brainflush.wordpress.com/2011/01/27/stepping -back-from-signpost-development/
我为此使用了“scribe-java”。这是 github 上的链接。您可以使用 Maven 或下载 jar 或只是 fork 代码。
https://github.com/fernandezpablo85/scribe-java/
它非常容易使用,甚至是(顶部)服务提供商 URL 是预先配置的。
这是如何使用 scribe-java 库刷新它的代码。
I have found the answer and want to share it others (who might trap with similar situation).
First of all, if you are using signpost library for oauth, I would recommend you to stop using it. Because, the development has been stopped since jan 2011. Read this:
http://brainflush.wordpress.com/2011/01/27/stepping-back-from-signpost-development/
I used 'scribe-java' for this. here's the link on github. You can either use maven or download jar or just fork the code.
https://github.com/fernandezpablo85/scribe-java/
It's very easy to use, even the (top) service providers URLs are configured beforehand.
here's the code how to refresh it using scribe-java library.