使用 Python-oauth2 在 python 中为 tumblr API 初始化 Oauth 客户端
我是 Oauth 的新手。过去,对于用 Python 编写的 twitter 应用程序,我使用 python-oauth2 库来初始化客户端,如下所示:
consumer = oauth.Consumer(key = CONSUMER_KEY, secret = CONSUMER_SECRET)
token = oauth.Token(key = ACCESS_KEY, secret = ACCESS_SECRET)
client = oauth.Client(consumer, token)
这很容易,因为 twitter 提供了 CONSUMER 和 ACCESS 密钥和秘密。但现在我需要对 tumblr 做同样的事情。问题是 tumblr 仅提供 CONSUMER_KEY、CONSUMER_SECRET 和这些 url:
Request-token URL http://www.tumblr.com/oauth/request_token
Authorize URL http://www.tumblr.com/oauth/authorize
Access-token URL http://www.tumblr.com/oauth/access_token
Using this data how can iinitialize client to access tumblr API?
UPD
jterrace 建议了我之前尝试使用的代码。问题在于oauth_callback。如果我没有指定任何内容,api 会返回错误“未指定 oauth_callback”,但如果我指定了一些 url,例如“http://example.com/oauthcb/”并按照链接 http://www.tumblr.com/oauth/authorize?oauth_token=9ygTF...,然后按“允许”按钮,tumblr 不会显示任何 PIN 代码页面,它会立即重定向到该回调 url,这是无用的,因为它是桌面应用程序。为什么不显示 PIN 码?
UPD 2
Tumblr API 不支持 PIN 码授权。使用 xAuth 代替 - https://groups.google.com/group/tumblr-api/browse_thread/thread/857285e6a2b4268/15060607dc306c1d?lnk=gst&q=pin#15060607dc306c1d
I'm new to Oauth. In the past for twitter applications written in Python i used python-oauth2 library to initialize client like this:
consumer = oauth.Consumer(key = CONSUMER_KEY, secret = CONSUMER_SECRET)
token = oauth.Token(key = ACCESS_KEY, secret = ACCESS_SECRET)
client = oauth.Client(consumer, token)
That was easy because twitter provides both CONSUMER and ACCESS keys and secrets. But now i need to do the same for tumblr. The problem is that tumblr provides only CONSUMER_KEY, CONSUMER_SECRET and these urls:
Request-token URL http://www.tumblr.com/oauth/request_token
Authorize URL http://www.tumblr.com/oauth/authorize
Access-token URL http://www.tumblr.com/oauth/access_token
Using this data how can i initialize client to access tumblr API?
UPD
jterrace suggested a code i tried to use before. The problem with it is oauth_callback. If i don't specify any, api returns error "No oauth_callback specified", but if i do specify some url like "http://example.com/oauthcb/" and follow the link http://www.tumblr.com/oauth/authorize?oauth_token=9ygTF..., then press Allow button, tumblr doesn't show any PIN code page, it immediately redirects to that callback url, which is useless since it's desktop application. Why PIN code isn't shown?
UPD 2
Tumblr API doesn't support PIN code authorization. Use xAuth instead - https://groups.google.com/group/tumblr-api/browse_thread/thread/857285e6a2b4268/15060607dc306c1d?lnk=gst&q=pin#15060607dc306c1d
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
首先,导入oauth2模块并设置服务的URL和消费者信息:
第1步:获取请求令牌。这是一个临时令牌,用于
让用户授权访问令牌并签署请求以获取
说访问令牌。
第 2 步:重定向到提供商。由于这是一个 CLI 脚本,我们不
重定向。在 Web 应用程序中,您会将用户重定向到 URL
以下。
第 3 步:消费者将用户重定向回 oauth_callback 后
您可以请求用户已批准的访问令牌的 URL。您使用
请求令牌来签署此请求。完成此操作后,您扔掉
请求令牌并使用返回的访问令牌。你应该存储这个
访问令牌在安全的地方,例如数据库,以供将来使用。
现在您有了访问令牌,您可以用它调用受保护的方法。
编辑: 事实证明,tumblr 不支持 PIN 授权方法。相关帖子此处。
First, import the oauth2 module and set up the service's URL and consumer information:
Step 1: Get a request token. This is a temporary token that is used for
having the user authorize an access token and to sign the request to obtain
said access token.
Step 2: Redirect to the provider. Since this is a CLI script we do not
redirect. In a web application you would redirect the user to the URL
below.
Step 3: Once the consumer has redirected the user back to the oauth_callback
URL you can request the access token the user has approved. You use the
request token to sign this request. After this is done you throw away the
request token and use the access token returned. You should store this
access token somewhere safe, like a database, for future use.
Now that you have an access token, you can call protected methods with it.
EDIT: Turns out that tumblr does not support the PIN authorization method. Relevant post here.
如果您只想获得访问令牌/秘密进行签名,您可以将回调 URL 设置为: http://localhost/blah
http://localhost/blah?oauth_token=xxxxxxxxxxxxxxxxxxxxxxxxxx0123456789ABCDEFGHIJKLMN&oauth_verifier=XXXXXXXXXXXXXXXXXXXXXXXXX0123456789abcdefghijklmn
使用查询参数“oauth_verifier”的值作为您的 PIN:
XXXXXXXXXXXXXXXXXXXXXXXXX0123456789abcdefghijklmn
CLI 应该打印出您的 oauth-token 和 oauth-token-secret。
哈!以这种方式让这个在 tumblr 上工作:)
If you just want to gain an access-token/secret to sign, you could just setup your callback URL as: http://localhost/blah
http://localhost/blah?oauth_token=xxxxxxxxxxxxxxxxxxxxxxxxxx0123456789ABCDEFGHIJKLMN&oauth_verifier=XXXXXXXXXXXXXXXXXXXXXXXXX0123456789abcdefghijklmn
Use the value of the query-parameter 'oauth_verifier' as your PIN:
XXXXXXXXXXXXXXXXXXXXXXXXX0123456789abcdefghijklmn
The CLI should print out your oauth-token and oauth-token-secret.
HTH! Got this working for tumblr in this way :)
看一下 https://github.com/ToQoz/Pyblr
它使用 oauth2 和 urllib 来提供很好的包装,正是您想要做的事情。
Have a look at https://github.com/ToQoz/Pyblr
It uses oauth2 and urllib to provide a nice wrapper for exactly what you're trying to do.
您想要做的似乎是使用 OAuth 2 客户端访问 OAuth 1 API。请参阅 https://github.com/simplegeo/python-oauth2 并查找“三足 OAuth 示例”。
It seems that what you're trying to do is access an OAuth 1 API with an OAuth 2 client.See https://github.com/simplegeo/python-oauth2 and look for “three-legged OAuth example”.
oauth2 和 facebook 遇到这个问题。
@deepvanbinnen 的回答引导我走向正确的方向。
facebook 实际上重定向到类似于此
“http://localhost/blah?code=AQAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX#_=_”
的页面,然后使用“AQAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX#_=_”,因为 PIN 实际上使我能够访问所请求的 facebook 帐户。
had this problem with oauth2 and facebook.
@deepvanbinnen's answer lead me into the right direction.
facebook actually redirected to a page similar to this
'http://localhost/blah?code=AQAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX#_=_'
using then the ' AQAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX#_=_ as the PIN actually got me the access to the requested facebook account.
@jterrance 的回答很好。然而,要意识到获取访问令牌只需一次_time_手动过程。访问令牌是您用于所有后续 API 调用的密钥。 (这就是为什么他建议将访问令牌保存在数据库中。)称为“PIN”(也称为验证密钥)的字符串不一定是数字。它可以是任何形式的可打印字符串。该验证密钥显示在授权页面上步骤 2 中打印的 URL 处,然后粘贴到“PIN”提示中。
@jterrance's answer is good. However, realize it is a one _time_ manual procedure to get the access token. The access token is the key that you use for all subsequent API calls. (That's why he recommends saving the access token in a database.) The string referred to as 'PIN' (aka the verification key) is not necessarily a number. It can be a printable string in any form. That verification key is displayed on the authorization page at the URL printed in step 2 then pasted into the prompt for a the 'PIN'.