問題描述
我正在構建一個使用 Caspio 的應用程序API.我在針對他們的 API 進行身份驗證時遇到了一些問題.我花了 2-3 天試圖弄清楚這一點,但這可能是由于我的一些理解.我已經閱讀了無數關于stackoverflow帖子的文章,但還沒有解決這個問題.下面是我的解決方案的代碼示例,基于我所查看的內容,我收到了 400 狀態代碼消息;我在這里做錯了什么?(請提供注釋良好的代碼示例,我希望不在此處發布引用其他材料的鏈接,因為我已經廣泛查看了這些材料.謝謝!):
我看過的一些參考資料:
1) 用于 HTTP 基本身份驗證的純 JavaScript 代碼?
2) 如何在從 javascript 調用 REST API 中進行 http 身份驗證
我想使用下面 caspio 描述的這種身份驗證方法:
作為在請求正文中包含憑據的替代方法,客戶端可以使用 HTTP 基本身份驗證方案.在這種情況下,將通過以下方式設置身份驗證請求:
方法: POST
網址:您的令牌端點
正文:grant_type=client_credentials
標頭參數:
授權:基本基本身份驗證領域
以下是我的 Javascript 和 HTML 代碼.
JavaScript:
var userName = "clientID";var passWord = "secretKey";功能驗證用戶(用戶,密碼){var token = 用戶 + ":" + 密碼;//我應該編碼這個值嗎??????有關系嗎???//Base64 編碼 ->BTOAvar hash = btoa(token);返回基本"+哈希;}函數 CallWebAPI() {//新的 XMLHTTPRequestvar request = new XMLHttpRequest();request.open("POST", "https://xxx123.casio.com/oauth/token", false);request.setRequestHeader("授權", authenticateUser(userName, passWord));請求.發送();//查看請求狀態警報(請求.狀態);response.innerHTML = request.responseText;}HTML:
<div id="響應"></div> 解決方案 在花了相當多的時間研究這個之后,我想出了解決方案;在這個解決方案中,我沒有使用基本身份驗證,而是使用 oAuth 身份驗證協議.但是要使用基本身份驗證,您應該能夠在setHeaderRequest"中指定這一點,只需對代碼示例的其余部分進行最少的更改.我希望這將能夠在未來對其他人有所幫助:
var token_//變量將存儲令牌var userName = "clientID";//應用客戶端IDvar passWord = "secretKey";//應用程序客戶端秘密var caspioTokenUrl = "https://xxx123.caspio.com/oauth/token";//您的應用程序令牌端點var request = new XMLHttpRequest();函數 getToken(url, clientID, clientSecret) {變量鍵;request.open("POST", url, true);request.setRequestHeader("內容類型", "應用程序/json");request.send("grant_type=client_credentials&client_id="+clientID+"&"+"client_secret="+clientSecret);//指定憑據以在請求時接收令牌request.onreadystatechange = function () {如果(request.readyState == request.DONE){var response = request.responseText;var obj = JSON.parse(response);鍵 = obj.access_token;//存儲accesstoken的值令牌_ =鍵;//將令牌存儲在全局變量token_"中,或者您可以簡單地從函數中返回訪問令牌的值}}}//獲取令牌getToken(casioTokenUrl, 用戶名, 密碼);
如果您在某些請求上使用 Caspio REST API,您可能必須為對端點的某些請求編碼參數;請參閱有關此問題的 Caspio 文檔;
注意:encodedParams 未在此示例中使用,但在我的解決方案中使用.
現在您已經從令牌端點存儲了令牌,您應該能夠成功地對來自應用程序的 caspio 資源端點的后續請求進行身份驗證
function CallWebAPI() {var request_ = new XMLHttpRequest();var encodedParams = encodeURIComponent(params);request_.open("GET", "https://xxx123.casio.com/rest/v1/tables/", true);request_.setRequestHeader("授權", "承載"+ token_);request_.send();request_.onreadystatechange = function () {if (request_.readyState == 4 && request_.status == 200) {var response = request_.responseText;var obj = JSON.parse(response);//根據需要處理數據...}}}
此解決方案只考慮如何在純 javascript 中使用 Caspio API 成功發出經過身份驗證的請求.我敢肯定還有很多缺陷......
I am building an application that consumes the Caspio API. I am having some trouble authenticating against their API. I have spent 2-3 days trying to figure this out but it may be due to some understanding on my end. I have read countless articles on stackoverflow post and otherwise but have not solved the issue. Below is a code example of my solution based on what i have looked at and i am getting a 400 Status code message; What am i doing wrong here? (Please provide well commented code example and i would prefer to NOT have links posted here referencing other material as i have looked at these extensively. Thanks!):
Some references i have looked at:
1) Pure JavaScript code for HTTP Basic Authentication?
2) How to make http authentication in REST API call from javascript
I would like to use this authentication method as described by caspio below:
As an alternative to including credentials in the request body, a client can use the HTTP Basic authentication scheme. In this case, authentication request will be setup in the following way:
Method: POST
URL: Your token endpoint
Body: grant_type=client_credentials
Header parameter:
Authorization: Basic Basic authentication realm
Below are my Javascript and HTML code.
JavaScript:
var userName = "clientID";
var passWord = "secretKey";
function authenticateUser(user, password)
{
var token = user + ":" + password;
// Should i be encoding this value????? does it matter???
// Base64 Encoding -> btoa
var hash = btoa(token);
return "Basic " + hash;
}
function CallWebAPI() {
// New XMLHTTPRequest
var request = new XMLHttpRequest();
request.open("POST", "https://xxx123.caspio.com/oauth/token", false);
request.setRequestHeader("Authorization", authenticateUser(userName, passWord));
request.send();
// view request status
alert(request.status);
response.innerHTML = request.responseText;
}
HTML:
<div>
<div id="response">
</div>
<input type="button" class="btn btn-primary" value="Call Web API" onclick="javascript:CallWebAPI();" />
解決方案 After Spending quite a bit of time looking into this, i came up with the solution for this; In this solution i am not using the Basic authentication but instead went with the oAuth authentication protocol. But to use Basic authentication you should be able to specify this in the "setHeaderRequest" with minimal changes to the rest of the code example. I hope this will be able to help someone else in the future:
var token_ // variable will store the token
var userName = "clientID"; // app clientID
var passWord = "secretKey"; // app clientSecret
var caspioTokenUrl = "https://xxx123.caspio.com/oauth/token"; // Your application token endpoint
var request = new XMLHttpRequest();
function getToken(url, clientID, clientSecret) {
var key;
request.open("POST", url, true);
request.setRequestHeader("Content-type", "application/json");
request.send("grant_type=client_credentials&client_id="+clientID+"&"+"client_secret="+clientSecret); // specify the credentials to receive the token on request
request.onreadystatechange = function () {
if (request.readyState == request.DONE) {
var response = request.responseText;
var obj = JSON.parse(response);
key = obj.access_token; //store the value of the accesstoken
token_ = key; // store token in your global variable "token_" or you could simply return the value of the access token from the function
}
}
}
// Get the token
getToken(caspioTokenUrl, userName, passWord);
If you are using the Caspio REST API on some request it may be imperative that you to encode the paramaters for certain request to your endpoint; see the Caspio documentation on this issue;
NOTE: encodedParams is NOT used in this example but was used in my solution.
Now that you have the token stored from the token endpoint you should be able to successfully authenticate for subsequent request from the caspio resource endpoint for your application
function CallWebAPI() {
var request_ = new XMLHttpRequest();
var encodedParams = encodeURIComponent(params);
request_.open("GET", "https://xxx123.caspio.com/rest/v1/tables/", true);
request_.setRequestHeader("Authorization", "Bearer "+ token_);
request_.send();
request_.onreadystatechange = function () {
if (request_.readyState == 4 && request_.status == 200) {
var response = request_.responseText;
var obj = JSON.parse(response);
// handle data as needed...
}
}
}
This solution does only considers how to successfully make the authenticated request using the Caspio API in pure javascript. There are still many flaws i am sure...
這篇關于使用 JavaScript 的基本身份驗證的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!
【網站聲明】本站部分內容來源于互聯網,旨在幫助大家更快的解決問題,如果有圖片或者內容侵犯了您的權益,請聯系我們刪除處理,感謝您的支持!