Ruby 如何为Magento的RESTAPI获取OAuth访问令牌？

我正在尝试访问我的Magento商店的REST API，但我似乎无法获取访问令牌。我一直收到400个错误的请求OAuth:：Unauthorized error

以下是我使用的代码：

require 'oauth'
require 'mechanize'

@m = Mechanize.new

@title = @m.get('http://178.62.173.99/').title

@callback_url = 'http://178.62.173.99/'
@consumer = OAuth::Consumer.new(
  'b3ba0db944d1ad0d416329844734db54',
  '38fedbc5cdeed7803547b24a0980c834',
  :request_token_path => '/oauth/initiate',
  :authorize_path=>'/admin/oauth_authorize',
  :access_token_path=>'/oauth/token',
  :site => 'http://178.62.173.99'
)

@session = {}

@request_token = @consumer.get_request_token(:oauth_callback => @callback_url)
@session[:request_token] = @request_token
@session[:authorize_url] = @request_token.authorize_url(:oauth_callback => @callback_url)

@m.get(@session[:authorize_url]) do |login_page|
  auth_page = login_page.form_with(:action => 'http://178.62.173.99/index.php/admin/oauth_authorize/index/') do |form|
    form.elements[1].value = 'admin'
    form.elements[2].value  = 'goodfood88'
  end.submit

  authorize_form = auth_page.forms[0]

  callback_page = authorize_form.submit

  puts 'Successfully authorized application' unless callback_page.title != @title
end

@access_token = @request_token.get_access_token

它返回以下内容：

    Successfully authorized application
/Users/narzero/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/oauth-0.4.7/lib/oauth/consumer.rb:216:in `token_request': 400 Bad Request (OAuth::Unauthorized)
        from /Users/narzero/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/oauth-0.4.7/lib/oauth/tokens/request_token.rb:18:in `get_access_token'
        from six.rb:37:in `<main>'

我已将重要数据存储到哈希中，下面是它返回的内容：

@session
# => {:request_token=>
  #<OAuth::RequestToken:0x007fe923161c00
   @consumer=
    #<OAuth::Consumer:0x007fe924083350
     @http=#<Net::HTTP 178.62.173.99:80 open=false>,
     @http_method=:post,
     @key="b3ba0db944d1ad0d416329844734db54",
     @options=
      {:signature_method=>"HMAC-SHA1",
       :request_token_path=>"/oauth/initiate",
       :authorize_path=>"/admin/oauth_authorize",
       :access_token_path=>"/oauth/token",
       :proxy=>nil,
       :scheme=>:header,
       :http_method=>:post,
       :oauth_version=>"1.0",
       :site=>"http://178.62.173.99"},
     @secret="38fedbc5cdeed7803547b24a0980c834">,
   @params=
    {:oauth_token=>"1bae7ce87f68d2090f131e7f3b98b26c",
     "oauth_token"=>"1bae7ce87f68d2090f131e7f3b98b26c",
     :oauth_token_secret=>"78921fcd23f6fa41356d56afadd8b1af",
     "oauth_token_secret"=>"78921fcd23f6fa41356d56afadd8b1af",
     :oauth_callback_confirmed=>"true",
     "oauth_callback_confirmed"=>"true"},
   @secret="78921fcd23f6fa41356d56afadd8b1af",
   @token="1bae7ce87f68d2090f131e7f3b98b26c">,
 :authorize_url=>
  "http://178.62.173.99/admin/oauth_authorize?oauth_callback=http%3A%2F%2F178.62.173.99%2F&oauth_token=1bae7ce87f68d2090f131e7f3b98b26c"}

---

我可以尝试获取什么访问令牌？

立即重新生成API令牌/secret，并且不再公开发布它们。问题是您正在针对自己的站点而不是磁电机的服务器发出OAuth请求。看看你的代码。没有对外部URL的单一引用。OAuth:：Consumer构造函数调用中的site参数设置为您自己的站点。这应该设置为Magneto API OAuth提供程序的主机。

我编写了一个Ruby模块，用于为Magento REST API创建访问令牌：

module Token
  def create_consumer
    OAuth::Consumer.new(
      CONSUMER_KEY,
      CONSUMER_SECRET,
      :request_token_path => '/oauth/initiate',
      :authorize_path=>'/admin/oauth_authorize',
      :access_token_path=>'/oauth/token',
      :site => URL
    )
  end

  def request_token(args = {})
    args[:consumer].get_request_token(:oauth_callback => URL)
  end

  def get_authorize_url(args = {})
    args[:request_token].authorize_url(:oauth_callback => URL)
  end

  def authorize_application(args = {})
    m = Mechanize.new

    m.get(args[:authorize_url]) do |login_page|
      auth_page = login_page.form_with(:action => "#{URL}/index.php/admin/oauth_authorize/index/") do |form|
        form.elements[1].value = ADMIN_USERNAME
        form.elements[2].value = ADMIN_PASSWORD
      end.submit

      authorize_form = auth_page.forms[0]

      @callback_page = authorize_form.submit
    end

    @callback_page.uri.to_s
  end

  def extract_oauth_verifier(args = {})
    callback_page = "#{args[:callback_page]}".gsub!("#{URL}/?", '')

    callback_page_query_string = CGI::parse(callback_page)

    callback_page_query_string['oauth_verifier'][0]
  end

  def get_access_token(args = {})
    args[:request_token].get_access_token(:oauth_verifier => args[:oauth_verifier])
  end

  def save_tokens_to_json(args = {})
    auth = {}

    auth[:time] = Time.now
    auth[:token] = args[:access_token].token
    auth[:secret] = args[:access_token].secret

    File.open("#{args[:path]}#{args[:filename]}.json", 'w') {|f| f.write(auth.to_json)}

    auth
  end

  def get_new_access_tokens
    new_consumer = self.create_consumer
    new_request_token = self.request_token(consumer: new_consumer)
    new_authorize_url = self.get_authorize_url(request_token: new_request_token)
    authorize_new_application = self.authorize_application(authorize_url: new_authorize_url)
    extract_new_oauth_verifier = self.extract_oauth_verifier(callback_page: authorize_new_application)
    new_access_token = self.get_access_token(request_token: new_request_token, oauth_verifier: extract_new_oauth_verifier)
    save_tokens_to_json(filename: 'magento_oauth_access_tokens', path: '/', access_token: new_access_token)

    return 'Successfully obtained new access tokens.'
  end
end

运行get_new_access_tokens以获取访问令牌

不要忘记定义以下变量：

用户密钥 消费者的秘密 统一资源定位地址 管理员用户名 管理员密码

---

RESTAPI文档声明OAuth请求应该针对您自己的站点进行。您自己的Magento站点就是API。请查看此处的文档：。此外，我还创建了一个演示商店并解释了这个问题。一旦知道答案，我将删除它。您是否尝试对/api/rest发出请求？另外，您联系过万磁电机的支持团队吗？我尝试过/api/rest，它不起作用。不，我还没有联系Magento的支持团队，因为我使用的是社区版，他们帮不了我多少忙。另外，这很可能是Ruby代码实现问题，而不是Magento问题。@ClintonBlackburn我在API中有一个小错误，我在localhost magenbto中工作，产品API类似：->返回产品列表，如果我尝试类似于客户的返回错误，错误->加载资源失败：服务器以403禁止的状态响应。如何解决此错误？我在API中有一个小错误，我在本地主机magenbto中工作，产品API类似：->退货产品列表，如果我尝试类似退货错误的客户，错误->加载资源失败：服务器响应状态为403禁止。如何解决此错误@纳泽罗