/1/statuses/update.json 的 Twitter oauth 问题返回 401
Posted
技术标签:
【中文标题】/1/statuses/update.json 的 Twitter oauth 问题返回 401【英文标题】:Issues with Twitter oauth for /1/statuses/update.json returning 401 【发布时间】:2014-07-04 13:12:53 【问题描述】:好的,
我已经搞定了 Twitter 的 OAuth 并且几乎完成了。基本上,我无法通过 web 应用程序代表用户发布推文。据我所知,webapp 是通过 twitter web gui 正确配置的。
我正在执行 3-legged 授权,因此用户可以登录 twitter 并授权我的应用程序:https://dev.twitter.com/docs/auth/3-legged-authorization。
这似乎有效,我正在重定向、登录和授权我的应用程序。然而,麻烦的是,在授权时,推特说的其中一条消息是我的应用程序不能代表用户发布推文。我很确定这是我需要做的,也是我对所有这些授权的印象。这是来自https://api.twitter.com/oauth/authorize 的 twitter 重定向的复制/粘贴消息:
此应用程序将无法:
Follow new people.
Update your profile.
Post Tweets for you.
Access your direct messages.
See your Twitter password.
无论如何,这给了我一个 oauth_verifier,然后我使用验证器来获取 oauth_token 和 oauth_token_secret,以便我可以正确签署最终调用 update.json 的请求。最终失败了。
我使用相同的方法来签署和发送其他请求,所以到目前为止我对代码相当有信心。就像我说的那样,授权中的信息让我相信我遵循了错误的流程。
关于我哪里出错了有什么想法吗?
为了完整起见,这里是整个流程的完整 http 日志,从请求令牌到最终的 update.json 调用:
已选择 CookieSpec:最佳匹配 未在上下文中设置身份验证缓存 连接请求:[路由:s->//api.twitter.com:443][总存活:0;分配的路线:2 条中的 0 条;已分配总数:20 个中的 0 个] 连接租用:[id:3][路由:s->//api.twitter.com:443][总保持活动:0;分配的路线:2 条中的 1 条;总分配:20 个中的 1 个] 打开连接 s->//api.twitter.com:443 连接到 api.twitter.com/199.16.156.231:443 已建立连接 192.168.0.149:40378xxx.xxx.xxx 执行请求 POST /oauth/request_token HTTP/1.1 代理身份验证状态:UNCHALLENGED http-outgoing-3 >> POST /oauth/request_token HTTP/1.1 http-outgoing-3 >> 授权:OAuth oauth_callback="http%3A%2F%2Flocalhost%3A8080%2Ftwitter%2Fmanager%2F%3Faction%3Dsend%26guid%3D6e3dc68deeeae665e8d723a4f9cbf542", oauth_signature="vC9M476C%2FQW9kYvNZX,q"q oauth_version="1.0", oauth_nonce="USXiSoKlNYQS8NTcbCCA3bnnFXYRd9kfBJVjSB6Q", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="xxxxxxxx", oauth_timestamp="1400189104" http-outgoing-3 >> 内容长度:0 http-outgoing-3 >> 主机:api.twitter.com http-outgoing-3 >> 连接:保持活动 http-outgoing-3 >> 用户代理:Apache-HttpClient/4.3.3 (java 1.5) http-outgoing-3 >> 接受编码:gzip,deflate http-outgoing-3 >> "POST /oauth/request_token HTTP/1.1[\r][\n]" http-outgoing-3 >> "授权:OAuth oauth_callback="http%3A%2F%2Flocalhost%3A8080%2Ftwitter%2Fmanager%2F%3Faction%3Dsend%26guid%3D6e3dc68deeeae665e8d723a4f9cbf542", oauth_signature="vC9M476C%2FQyZCAYvNZ" , oauth_version="1.0", oauth_nonce="USXiSoKlNYQS8NTcbCCA3bnnFXYRd9kfBJVjSB6Q", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="xxxxxxxxx", oauth_timestamp="1400189104"[\r][\n]" http-outgoing-3 >> "内容长度:0[\r][\n]" http-outgoing-3 >> "主机:api.twitter.com[\r][\n]" http-outgoing-3 >> "连接:保持活动状态[\r][\n]" http-outgoing-3 >> “用户代理:Apache-HttpClient/4.3.3 (java 1.5)[\r][\n]” http-outgoing-3 >> "接受编码:gzip,deflate[\r][\n]" http-outgoing-3 >> "[\r][\n]" http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 HTTP出射-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 http-outgoing-3 连接可以无限期地保持活动状态 Cookie 已接受 [_twitter_sess="BAh7BzoHaWQiJTg5NmM2MzVhY2JjNmU1NjBkNzQ5NTU2N2FiNTU1MzAwOg9j%250AcmVhdGVkX2F0bCsIJjTGAUYB--e8e44591c...",版本:0,域:.twitter.com,路径:/,到期:null] Cookie 已接受 [guest_id="v1%3A140018910503922354",版本:0,域:.twitter.com,路径:/,到期:2016 年 5 月 14 日星期六 14:25:05 PDT] http-outgoing-3 .[0xa2 ][0x94][0x16]K[0x11][0xf9][0x17][0x13][0xcf]~,[0x9f][0xd7]x[0xdb][0x83]!z8[0xfa][0x13]^i [0xbd][0xa5][0xb4][0xcb]G[0x9c][0x8d]Q[0xc0][0xcb]wq)[0xd8][0x12]X[0xc8][0xd6][0xb9]R"[0x80][ \n]" http-outgoing-3 http-outgoing-3 [0xdc][0x0][0x8a]x7[0xc3][0x17][0x9a]hY[0x91][0x93][0x0][0x0][0x0]" 已选择 CookieSpec:最佳匹配 未在上下文中设置身份验证缓存 连接请求:[路由:s->//api.twitter.com:443][总存活:0;分配的路线:2 条中的 0 条;已分配总数:20 个中的 0 个] 连接租用:[id: 4][route: s->//api.twitter.com:443][保持活跃的总数:0;分配的路线:2 条中的 1 条;总分配:20 个中的 1 个] 打开连接 s->//api.twitter.com:443 连接到 api.twitter.com/199.16.156.231:443 已建立连接 192.168.0.149:40384xxx.xxx.xxx 执行请求 POST /oauth/access_token HTTP/1.1 代理身份验证状态:UNCHALLENGED http-outgoing-4 >> POST /oauth/access_token HTTP/1.1 HTTP出射-4 >>授权:OAuth的oauth_signature = “TD1ygCGhYe50EYpqZt59IdVj7M4%3D”,oauth_version = “1.0”,oauth_nonce = “9vxojbiKhddmVa6HQ4fPCwuxR34GJQA4rDoZ9bjQ4”,oauth_signature_method = “HMAC-SHA1”,oauth_consumer_key = “XXXXXXXXX”,组oauth_token = “XXXXXXXXX”, oauth_timestamp="1400189107" http-outgoing-4 >> 内容类型:application/x-www-form-urlencoded http-outgoing-4 >> 内容长度:58 http-outgoing-4 >> 主机:api.twitter.com http-outgoing-4 >> 连接:保持活动 http-outgoing-4 >> 用户代理:Apache-HttpClient/4.3.3 (java 1.5) http-outgoing-4 >> 接受编码:gzip、deflate http-outgoing-4 >> "POST /oauth/access_token HTTP/1.1[\r][\n]" HTTP出射-4 >> “授权:OAuth的oauth_signature =” TD1ygCGhYe50EYpqZt59IdVj7M4%3D”,oauth_version = “1.0”,oauth_nonce = “9vxojbiKhddmVa6HQ4fPCwuxR34GJQA4rDoZ9bjQ4”,oauth_signature_method = “HMAC-SHA1”,oauth_consumer_key = “XXXXXXXXX”,组oauth_token = “XXXXXXXX” , oauth_timestamp="1400189107"[\r][\n]" http-outgoing-4 >> “内容类型:应用程序/x-www-form-urlencoded[\r][\n]” http-outgoing-4 >> “内容长度:58[\r][\n]” http-outgoing-4 >> "主机:api.twitter.com[\r][\n]" http-outgoing-4 >> "连接:保持活动状态[\r][\n]" http-outgoing-4 >> “用户代理:Apache-HttpClient/4.3.3 (java 1.5)[\r][\n]” http-outgoing-4 >> "接受编码:gzip,deflate[\r][\n]" http-outgoing-4 >> "[\r][\n]" http-outgoing-4 >> "oauth_verifier=EiKvjzZoJs8wpPPYAH9HfH4AzaJww9rpPaVaGNTfIGU" http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 HTTP出射-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 http-outgoing-4 连接可以无限期地保持活动状态 Cookie 接受 [_twitter_sess="BAh7BzoHaWQiJWU5OTQxMDBlZjY3NWFkYjJkOGU2MzgyODliMzAyNTU0Og9j%250AcmVhdGVkX2F0bCsIOkDGAUYB--6b849fed6...",版本:0,域:.twitter.com,路径:/,到期:null] Cookie 已接受 [guest_id="v1%3A140018910816287961",版本:0,域:.twitter.com,路径:/,到期:2016 年 5 月 14 日星期六 14:25:08 PDT] http-outgoing-4 http-outgoing-4 已选择 CookieSpec:最佳匹配 未在上下文中设置身份验证缓存 连接请求:[路由:s->//api.twitter.com:443][总存活:0;分配的路线:2 条中的 0 条;已分配总数:20 个中的 0 个] 连接租用:[id: 5][route: s->//api.twitter.com:443][保持活跃的总数:0;分配的路线:2 条中的 1 条;总分配:20 个中的 1 个] 打开连接 s->//api.twitter.com:443 连接到 api.twitter.com/199.16.156.231:443 已建立连接 192.168.0.149:40386xxx.xxx.xxx 执行请求 POST /1/statuses/update.json?include_entities=true HTTP/1.1 代理身份验证状态:UNCHALLENGED http-outgoing-5 >> POST /1/statuses/update.json?include_entities=true HTTP/1.1 HTTP出射-5 >>授权:OAuth的oauth_signature = “tqWPdEKoZ7WJjP46O3m%2FHX8x%2FkU%3D”,oauth_version = “1.0”,oauth_nonce = “fyf8gNTKRcb40A2VfiFzdoxtAbH1jvvWoTX1LBXU12E”,oauth_signature_method = “HMAC-SHA1”,oauth_consumer_key = “XXXXXXXXX”,组oauth_token = "xxxxxxxx", oauth_timestamp="1400189108" http-outgoing-5 >> 接受:/ http-outgoing-5 >> 连接:关闭 http-outgoing-5 >> 内容类型:application/x-www-form-urlencoded http-outgoing-5 >> 内容长度:20 http-outgoing-5 >> 主机:api.twitter.com http-outgoing-5 >> 用户代理:Apache-HttpClient/4.3.3 (java 1.5) http-outgoing-5 >> 接受编码:gzip,deflate http-outgoing-5 >> "POST /1/statuses/update.json?include_entities=true HTTP/1.1[\r][\n]" HTTP出射-5 >> “授权:OAuth的oauth_signature =” tqWPdEKoZ7WJjP46O3m%2FHX8x%2FkU%3D”,oauth_version = “1.0”,oauth_nonce = “fyf8gNTKRcb40A2VfiFzdoxtAbH1jvvWoTX1LBXU12E”,oauth_signature_method = “HMAC-SHA1”,oauth_consumer_key = “XXXXXXXXX”,组oauth_token ="xxxxxxx", oauth_timestamp="1400189108"[\r][\n]" http-outgoing-5 >> "接受:/[\r][\n]" http-outgoing-5 >> "连接:关闭[\r][\n]" http-outgoing-5 >> “内容类型:应用程序/x-www-form-urlencoded[\r][\n]” http-outgoing-5 >> "内容长度:20[\r][\n]" http-outgoing-5 >> "主机:api.twitter.com[\r][\n]" http-outgoing-5 >> “用户代理:Apache-HttpClient/4.3.3 (java 1.5)[\r][\n]” http-outgoing-5 >> "接受编码:gzip,deflate[\r][\n]" http-outgoing-5 >> "[\r][\n]" http-outgoing-5 >> “状态=推文+测试” http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 http-outgoing-5 需要身份验证 api.twitter.com:443 请求身份验证 响应不包含身份验证质询 接受 Cookie [guest_id="v1%3A140018910877288554",版本:0,域:.twitter.com,路径:/,到期:2016 年 5 月 14 日星期六 14:25:08 PDT] Twitter 回复 401,预计 200
【问题讨论】:
【参考方案1】:我解决了我的问题。如果有人觉得它有用,我会在这里发帖。
body 有一个参数,status。然后身体看起来像:
状态=A%20 消息
在生成签名时,需要将编码体传递给签名再次编码。
【讨论】:
以上是关于/1/statuses/update.json 的 Twitter oauth 问题返回 401的主要内容,如果未能解决你的问题,请参考以下文章