Python禁止的API请求

2ledvvac  于 2023-02-07  发布在  Python
关注(0)|答案(1)|浏览(151)

我尝试使用Python 3.10从使用OAUTH2的API端点检索数据。授权调用工作正常,我正在接收令牌。但是,当我尝试检索所需的数据时,我收到了一条403消息,该消息指出

{"code":-1,
"message":"Forbidden Request",
"allowedScopes":{"oauthSystem":{"scopes":["read"]},"oauthCode":{"scopes":["read"]}},
"requestScopes":[]}

我的调用可以在Postman中工作。我已经将作用域添加到调用中,但仍然收到相同的消息。调用中我遗漏了什么?下面是我的代码:

# import client libraries
import json
import mysql.connector
import requests
import sys
import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

# create database connection
con = mysql.connector.connect(
    host='servername',
    user='username',
    password='password',
    database='db_name',
    auth_plugin='mysql_native_password')

cursor = con.cursor()

# authentication stuff
def get_new_token():
    auth_server_url = "https://URL_here"
    client_id = "the client ID"
    client_secret = "the client secret"

    token_req_payload = {'grant_type': 'client_credentials'}

    token_response = requests.post(auth_server_url,
                                   data=token_req_payload, verify=False, allow_redirects=False,
                                    auth=(client_id, client_secret))

    if token_response.status_code !=200:
        print("Failed to get token", file=sys.stderr)
        sys.exit(1)
    else:
        print("Obtained Token")
        tokens = json.loads(token_response.text)
        return tokens['access_token']
# use the function above to get the token before calling the API
token = get_new_token()
print("The token is ", token)

# call the API using the token

api_headers = {'Authorization': 'Bearer ' + token, 'Host_name)': 'host','Scope': 'read',  'User-Agent': 'PostmanRuntime/7/30.0', 'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate, br',
               'Connection': 'keep-alive'}
api_response = requests.get('https://api_endpoint_url', headers=api_headers, verify=False)

if api_response.status_code == 401:
    print("Failed to get token.")
    token = get_new_token()

else:
    print(api_response.text)
    print(api_response.status_code)

我试过将作用域添加到标头中,但它仍然返回相同的禁止状态。我试过在Google上搜索错误消息,但没有结果。MySQL连接的东西是我稍后添加的附加功能。

ecbunoof

ecbunoof1#

我通过将作用域添加到身份验证请求而不是数据请求来解决此问题,因此现在身份验证请求为:

def get_new_token():
    auth_server_url = "https://URL_here"
    client_id = "the client ID"
    client_secret = "the client secret"

    token_req_payload = {'grant_type': 'client_credentials', 'scope': 'read'}

    token_response = requests.post(auth_server_url,
                                   data=token_req_payload, verify=False, allow_redirects=False,
                                    auth=(client_id, client_secret))

    if token_response.status_code !=200:
        print("Failed to get token", file=sys.stderr)
        sys.exit(1)
    else:
        print("Obtained Token")
        tokens = json.loads(token_response.text)
        return tokens['access_token']
# use the function above to get the token before calling the API
token = get_new_token()
print("The token is ", token)

相关问题