我已经能够成功地查询Twitter广告API与GET请求,但我试图张贴(以生成报告)和那些不断失败与UNAUTHROIZED_ACCESS“此请求是不正确的身份验证”错误从Twitter。
我已经成功地运行了来自Postman的查询,所以我的凭据是正确的。我已经尝试了几个oAuth库(来自npm的oauth和oauth-1.0a库),我相信根本原因可能是它们在头中生成oAuth签名的方式。
下面的一些测试代码显示了这个问题:
let key = TWITTER_CONSUMER_API_KEY;
let secret = TWITTER_CONSUMER_API_SECRET_KEY;
let urlPost = 'https://ads-api.twitter.com/11/stats/jobs/accounts/<<accountid>>?entity=CAMPAIGN&entity_ids=i8be1&granularity=DAY&metric_groups=BILLING,ENGAGEMENT,MEDIA,WEB_CONVERSION&start_time=2022-06-12T00:00:00+10:00&end_time=2022-07-27T00:00:00+10:00&placement=ALL_ON_TWITTER';
let urlGet = 'https://ads-api.twitter.com/11/stats/jobs/accounts/<<accountid>>';
let oauth_token = <<OAUTH TOKEN>>;
let oauth_token_secret = <<OAUTH TOKEN SECRET>>;
// METHOD 1
const OAuth = require('oauth-1.0a')
const oauthConsumer = OAuth({
consumer: {
key: key,
secret: secret
},
signature_method: 'HMAC-SHA1',
hash_function(base_string, key) {
return crypto
.createHmac('sha1', key)
.update(base_string)
.digest('base64')
}
});
const authHeaderPost = oauthConsumer.toHeader(oauthConsumer.authorize({
url: urlPost,
method: 'POST',
}, {key: oauth_token, secret: oauth_token_secret}));
const authHeaderGet = oauthConsumer.toHeader(oauthConsumer.authorize({
url: urlGet,
method: 'GET',
}, {key: oauth_token, secret: oauth_token_secret}));
let initialResponse = await fetch(urlGet, {
method: 'GET',
headers: new Headers({
Authorization: authHeaderGet["Authorization"]
})
});
console.log(`[TEST] Method 1 GET Received Successful?`, initialResponse.status >= 200 && initialResponse.status <= 299);
initialResponse = await fetch(urlPost, {
method: 'POST',
headers: new Headers({
Authorization: authHeaderPost["Authorization"]
})
});
console.log(`[TEST] Method 1 POST Received Successful?`, initialResponse.status >= 200 && initialResponse.status <= 299);
// METHOD 2
import oauth from 'oauth'; // This is the npm library "oauth"
let extra_params = {};
const oAuthConsumer2 = new oauth.OAuth(
'https://api.twitter.com/oauth/request_token', 'https://api.twitter.com/oauth/access_token',
key,
secret,
'1.0', ``, 'HMAC-SHA1'
);
let orderedParametersPost= oAuthConsumer2._prepareParameters(oauth_token, oauth_token_secret, "POST", urlPost, extra_params);
let headerPost = oAuthConsumer2._buildAuthorizationHeaders(orderedParametersPost);
let orderedParametersGet= oAuthConsumer2._prepareParameters(oauth_token, oauth_token_secret, "GET", urlGet, extra_params);
let headerGet = oAuthConsumer2._buildAuthorizationHeaders(orderedParametersGet);
initialResponse = await fetch(urlGet, {
method: 'GET',
headers: new Headers({
Authorization: headerGet
})
});
console.log(`[TEST] Method 2 GET Received Successful?`, initialResponse.status >= 200 && initialResponse.status <= 299);
initialResponse = await fetch(urlPost, {
method: 'POST',
headers: new Headers({
Authorization: headerPost
})
});
console.log(`[TEST] Method 2 POST Received Successful?`, initialResponse.status >= 200 && initialResponse.status <= 299);
console.log(`[TEST************************************************************************************************************************************************************]`);
}结果是两个GET请求都成功工作,但两个POST请求都失败。
我是不是做错了什么?
1条答案
按热度按时间xxe27gdn1#
我认为这似乎是一个用户身份验证的问题。
您正在操纵标识以欺骗系统,从而在系统上产生所需的结果,但接口会根据自己的数据库验证标识。
这类似于非司法听证官员试图输入需要通过司法听证官员的个人用户配置文件进行验证的判决。
您的解决方法不会避开POST功能的验证标准。您可以从数据库提取数据,因为数据库对该功能的加密要求较低,甚至没有加密要求,但是如果您的ID不符合该功能的要求,则无法发布。这可以防止未经授权的用户向验证的帐户发布。
https://www.okta.com/identity-101/what-is-federated-identity/