使用 files_put 上传 DropBox 返回身份验证失败
我正在尝试使用 libCurl 与我的 C/C++ 应用程序一起上传一个文件(其中包含一行文本的简单文本文件)。
我注意到了一些事情。
首先...
DropBox API 似乎需要一个“&”而不是“?”在参数列表之前。
其次...
尚不清楚请求正文是否需要包含在计算 oauth_signature 中。
最终,我从 DropBox API 收到“身份验证失败”响应。
我已包含来自 libCurl 的调试跟踪以获取更多信息...
SSLv3, TLS alert, Client hello (1):
About to connect() to api-content.dropbox.com port 443 (#0)
Trying 107.22.243.22... Connected to api-content.dropbox.com (107.22.243.22) port 443 (#0)
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
Server certificate:
subject: C=US; ST=California; L=San Francisco; O=Dropbox, Inc.; OU=IT; CN=*.dropbox.com
start date: 2010-01-06 00:00:00 GMT
expire date: 2012-01-06 23:59:59 GMT
common name: *.dropbox.com (matched)
issuer: C=ZA; ST=Western Cape; L=Cape Town; O=Thawte Consulting cc; OU=Certification Services Division; CN=Thawte Premium Server CA; [email protected]
SSL certificate verify ok.
PUT /1/files_put/dropbox/1&file=test%2Etxt&overwrite=true&oauth_consumer_key=asfewasdfas&oauth_nonce=1323293220d0&oauth_signature=asmoa4YE2c%2FuwjDKJRKFILpcn8%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1323293220&oauth_token=fafsesnj13iguxnh&oauth_version=1.0 HTTP/1.1
Host: api-content.dropbox.com
Accept: */*
Content-type: application/json
Content-Length: 24
Expect: 100-continue
HTTP/1.1 100 Continue
Test upload to DropBox.
HTTP/1.1 401 Unauthorized
Server: dbws
Date: Wed, 07 Dec 2011 21:27:00 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
22
{"error": "Authentication failed"}
0
I'm trying to upload a file (simple text file with one line of text in it) using with my C/C++ application using libCurl.
There are a few things that I have noticed.
First...
The DropBox API appears to want a '&' instead of a '?' before the list of arguments.
Second...
It is unclear if the body of the request needs to be included in computing the oauth_signature.
Ultimately, I get an "Authentication failed" response from the DropBox API.
I've included the debug trace from libCurl for more information...
SSLv3, TLS alert, Client hello (1):
About to connect() to api-content.dropbox.com port 443 (#0)
Trying 107.22.243.22... Connected to api-content.dropbox.com (107.22.243.22) port 443 (#0)
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
Server certificate:
subject: C=US; ST=California; L=San Francisco; O=Dropbox, Inc.; OU=IT; CN=*.dropbox.com
start date: 2010-01-06 00:00:00 GMT
expire date: 2012-01-06 23:59:59 GMT
common name: *.dropbox.com (matched)
issuer: C=ZA; ST=Western Cape; L=Cape Town; O=Thawte Consulting cc; OU=Certification Services Division; CN=Thawte Premium Server CA; [email protected]
SSL certificate verify ok.
PUT /1/files_put/dropbox/1&file=test%2Etxt&overwrite=true&oauth_consumer_key=asfewasdfas&oauth_nonce=1323293220d0&oauth_signature=asmoa4YE2c%2FuwjDKJRKFILpcn8%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1323293220&oauth_token=fafsesnj13iguxnh&oauth_version=1.0 HTTP/1.1
Host: api-content.dropbox.com
Accept: */*
Content-type: application/json
Content-Length: 24
Expect: 100-continue
HTTP/1.1 100 Continue
Test upload to DropBox.
HTTP/1.1 401 Unauthorized
Server: dbws
Date: Wed, 07 Dec 2011 21:27:00 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
22
{"error": "Authentication failed"}
0
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试使用 OAuth "PLAINTEXT" 身份验证模式,使用 HTTP“授权”标头。
PLAINTEXT OAuth 更不易出错(因为没有规范化或散列)。
Try using the OAuth "PLAINTEXT" authentication mode using the HTTP "Authorization" header.
PLAINTEXT OAuth is much less error prone (since there's no canonicalizattion or hashing).