gpt4 book ai didi

javascript - Fitbit API 的 OAuth2 隐式与授权代码授予

转载 作者:行者123 更新时间:2023-12-02 23:03:53 27 4
gpt4 key购买 nike

这个问题的答案是我在客户端使用授权代码授予流..这似乎会导致阻止错误..

检查下方是否有功能验证 OAUTH2 隐式授予 FITBIT API..

我正在针对 Fitbit API 执行 OAuth2 身份验证。这一切都使用授权代码授予流程。因此,首先获取身份验证代码,重定向到我的应用程序,然后将其交换为访问 token 并使用此 token 获取数据。

从主页的“post_request.html”页面开始,按下“fitbit”按钮,用户将被重定向到 Fitbit 的授权端点。我正在使用 Node.js 构建本地服务器来托管应用程序并能够毫无问题地重定向..

重定向后,我检索授权代码并发出 AJAX POST 请求以用授权代码换取访问 token 。然后我发出这个 POST 请求,但出现以下错误..

{"errors":[{"errorType":"invalid_client","message":"Invalid authorization header format. The header was not recognized to be a valid header for any of known implementations or a client_id was not specified in case of a public client Received header = BasicdW5kZWZpbmVk. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

我认为我的 url 编码 client_id 和 client_secret 可能有错误。或者我设置标题。但我无法发现它。谁能帮我吗?

我的 HTML 文件如下..

<body>

<button onclick="fitbitAuth()">Fitbit</button>

<!-- action = route, method = method -->
<form action="/" method="POST" id="form">
<h3>Email Address:</h3>
<input type="email">
<br>
<h3>Password:</h3>
<input type="password">
<br>
<br>
<button type="submit">Send Request</button>
</form>

</body>
</html>

我的脚本如下,它由 3 个函数组成。- base64编码功能- 用于启动 OAuth2 进程的 onclick 函数- 用授权代码交换访问 token 的函数

// run this script upon landing back on the page with the authorization code 
// specify and/ or calculate parameters
var url_terug = window.location.search;
var auth_code = url_terug.substr(6);
var granttype = "authorization_code";
var redirect_uri = "http://localhost:3000/fitbit";
var client_id = "xxxxx";
var client_secret = "xxxxxxxxxxxx";
var stringto_encode = client_id + ":" + client_secret;
var encoded_string = "";
console.log("auth code = " + auth_code);

function baseEncode(stringto_encode){

encoded_string = btoa(stringto_encode);
console.log(encoded_string);

}

function getTokenFitBit(){

baseEncode();

// execute a POST request with the right parameters
var request = new XMLHttpRequest();
request.open('POST', "https://api.fitbit.com/oauth2/token?client_id=" + client_id + "&grant_type=" + granttype + "&redirect_uri=" + redirect_uri + "&code=" + auth_code);

request.setRequestHeader('Authorization', 'Basic'+ encoded_string);
request.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');

// Setup our listener to process completed requests
request.onload = function () {

// Process our return data
// status code between 200 and 300 indicates success
if (request.status >= 200 && request.status < 300) {

console.log('success!', request);
console.log(request.responseText);

// continue with API calls..


// you could set up a broader response handling if there is a use case for it
} else {

console.log('The current token request failed!');

}
};

request.send();

}

getTokenFitBit();




// get the access token out of the JSON response
// execute a GET request on the API endpoint
// handle the data

// upon clicking fitbit button, starting off the oauth2 authentication
function fitbitAuth() {

window.location.href = 'https://www.fitbit.com/oauth2/authorize?client_id=xxxxx&response_type=code&scope=activity&redirect_uri=http://localhost:3000/fitbit&prompt=consent';

}

最佳答案

在上面的示例中,您似乎在“Basic” header 与其在此行中的值之间缺少分隔符:

  request.setRequestHeader('Authorization', 'Basic'+ encoded_string);

如果您正在构建基于 Web 的应用程序,您可能也想考虑使用“隐式”流程:https://oauth.net/2/grant-types/implicit/

关于javascript - Fitbit API 的 OAuth2 隐式与授权代码授予,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57676525/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com