如何获取 Magento 的 REST API 的 OAuth 访问令牌？

Question

我正在尝试访问我的 Magento 商店的 REST API，但我似乎无法获取访问令牌。我不断收到400 Bad Request (OAuth::Unauthorized) 错误。

这是我正在使用的代码：

require 'oauth'
require 'mechanize'

@m = Mechanize.new

@title = @m.get('http://178.62.173.99/').title

@callback_url = 'http://178.62.173.99/'
@consumer = OAuth::Consumer.new(
  'b3ba0db944d1ad0d416329844734db54',
  '38fedbc5cdeed7803547b24a0980c834',
  :request_token_path => '/oauth/initiate',
  :authorize_path=>'/admin/oauth_authorize',
  :access_token_path=>'/oauth/token',
  :site => 'http://178.62.173.99'
)

@session = {}

@request_token = @consumer.get_request_token(:oauth_callback => @callback_url)
@session[:request_token] = @request_token
@session[:authorize_url] = @request_token.authorize_url(:oauth_callback => @callback_url)

@m.get(@session[:authorize_url]) do |login_page|
  auth_page = login_page.form_with(:action => 'http://178.62.173.99/index.php/admin/oauth_authorize/index/') do |form|
    form.elements[1].value = 'admin'
    form.elements[2].value  = 'goodfood88'
  end.submit

  authorize_form = auth_page.forms[0]

  callback_page = authorize_form.submit

  puts 'Successfully authorized application' unless callback_page.title != @title
end

@access_token = @request_token.get_access_token

它返回以下内容：

    Successfully authorized application
/Users/narzero/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/oauth-0.4.7/lib/oauth/consumer.rb:216:in `token_request': 400 Bad Request (OAuth::Unauthorized)
        from /Users/narzero/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/oauth-0.4.7/lib/oauth/tokens/request_token.rb:18:in `get_access_token'
        from six.rb:37:in `<main>'

我已将重要数据存储到哈希中，这是它返回的内容：

@session
# => {:request_token=>
  #<OAuth::RequestToken:0x007fe923161c00
   @consumer=
    #<OAuth::Consumer:0x007fe924083350
     @http=#<Net::HTTP 178.62.173.99:80 open=false>,
     @http_method=:post,
     @key="b3ba0db944d1ad0d416329844734db54",
     @options=
      {:signature_method=>"HMAC-SHA1",
       :request_token_path=>"/oauth/initiate",
       :authorize_path=>"/admin/oauth_authorize",
       :access_token_path=>"/oauth/token",
       :proxy=>nil,
       :scheme=>:header,
       :http_method=>:post,
       :oauth_version=>"1.0",
       :site=>"http://178.62.173.99"},
     @secret="38fedbc5cdeed7803547b24a0980c834">,
   @params=
    {:oauth_token=>"1bae7ce87f68d2090f131e7f3b98b26c",
     "oauth_token"=>"1bae7ce87f68d2090f131e7f3b98b26c",
     :oauth_token_secret=>"78921fcd23f6fa41356d56afadd8b1af",
     "oauth_token_secret"=>"78921fcd23f6fa41356d56afadd8b1af",
     :oauth_callback_confirmed=>"true",
     "oauth_callback_confirmed"=>"true"},
   @secret="78921fcd23f6fa41356d56afadd8b1af",
   @token="1bae7ce87f68d2090f131e7f3b98b26c">,
 :authorize_url=>
  "http://178.62.173.99/admin/oauth_authorize?oauth_callback=http%3A%2F%2F178.62.173.99%2F&oauth_token=1bae7ce87f68d2090f131e7f3b98b26c"}

我可以尝试什么来获取访问令牌？

Answer 1

立即重新生成您的 API 令牌/机密，并且不再公开发布它们。问题是您正在向自己的站点发出 OAuth 请求，而不是 Magneto 的服务器。看看你的代码。没有对外部 URL 的单一引用。 OAuth::Consumer 构造函数调用中的站点参数设置为您自己的站点。这应该设置为 Magneto API OAuth 提供者的主机。

Answer 2

这是我编写的一个 Ruby 模块，用于为 Magento REST API 创建访问令牌：

module Token
  def create_consumer
    OAuth::Consumer.new(
      CONSUMER_KEY,
      CONSUMER_SECRET,
      :request_token_path => '/oauth/initiate',
      :authorize_path=>'/admin/oauth_authorize',
      :access_token_path=>'/oauth/token',
      :site => URL
    )
  end

  def request_token(args = {})
    args[:consumer].get_request_token(:oauth_callback => URL)
  end

  def get_authorize_url(args = {})
    args[:request_token].authorize_url(:oauth_callback => URL)
  end

  def authorize_application(args = {})
    m = Mechanize.new

    m.get(args[:authorize_url]) do |login_page|
      auth_page = login_page.form_with(:action => "#{URL}/index.php/admin/oauth_authorize/index/") do |form|
        form.elements[1].value = ADMIN_USERNAME
        form.elements[2].value = ADMIN_PASSWORD
      end.submit

      authorize_form = auth_page.forms[0]

      @callback_page = authorize_form.submit
    end

    @callback_page.uri.to_s
  end

  def extract_oauth_verifier(args = {})
    callback_page = "#{args[:callback_page]}".gsub!("#{URL}/?", '')

    callback_page_query_string = CGI::parse(callback_page)

    callback_page_query_string['oauth_verifier'][0]
  end

  def get_access_token(args = {})
    args[:request_token].get_access_token(:oauth_verifier => args[:oauth_verifier])
  end

  def save_tokens_to_json(args = {})
    auth = {}

    auth[:time] = Time.now
    auth[:token] = args[:access_token].token
    auth[:secret] = args[:access_token].secret

    File.open("#{args[:path]}#{args[:filename]}.json", 'w') {|f| f.write(auth.to_json)}

    auth
  end

  def get_new_access_tokens
    new_consumer = self.create_consumer
    new_request_token = self.request_token(consumer: new_consumer)
    new_authorize_url = self.get_authorize_url(request_token: new_request_token)
    authorize_new_application = self.authorize_application(authorize_url: new_authorize_url)
    extract_new_oauth_verifier = self.extract_oauth_verifier(callback_page: authorize_new_application)
    new_access_token = self.get_access_token(request_token: new_request_token, oauth_verifier: extract_new_oauth_verifier)
    save_tokens_to_json(filename: 'magento_oauth_access_tokens', path: '/', access_token: new_access_token)

    return 'Successfully obtained new access tokens.'
  end
end

运行#get_new_access_tokens 以获取访问令牌。

别忘了定义以下变量：

• CONSUMER_KEY
• CONSUMER_SECRET
• 网址
• ADMIN_USERNAME
• 管理员密码