【问题标题】:What does 400 Bad Request invalid_request mean when creating a Sonos API oauth Token创建Sonos API oauth Token时400 Bad Request invalid_request是什么意思
【发布时间】:2018-09-11 18:51:28
【问题描述】:

当我发布到 https://api.sonos.com/login/v3/oauth/access 时,我收到一条 400 错误消息 invalid_request

  1. 添加到门户的端点:
  2. 我向/login/v3/oauth 发送GET1 并在完成Sonos 登录过程后获得授权码。
  3. 我 POST 到 login/v3/oauth/access2,此时我收到错误 400 Bad Request 和消息 invalid_request。根据文档,这不是有效的响应,因为这些是可以返回的响应:

    • 401 未经授权:invalid_request
    • 400 错误请求:invalid_client
    • 400 错误请求:invalid_redirect_uri
    • 400 错误请求:invalid_code
    • 405 方法不允许:invalid_method

这个响应是什么意思?希望通过一些额外的信息我可以找出我做错了什么,但你可以看到代码here。我正在使用simple-oauth2 库,但我尝试了几种不同的方法,结果相同,所以我想我做错了什么!

这是卷曲:

curl -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
-H "Authorization: Basic MThhYjU4MjYtOTYzNy00YjFiLTlmXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXtNGUzOC1iMGUwLTZiMDA4N2ZiMDM0Yw==" \
"https://api.sonos.com/login/v3/oauth/access" \
-d "grant_type=authorization_code&code=aba2cc0c-XXXXXXXXXXXXXXXXXXXXX998d599&redirect_uri=https%3A%2F%2Fsapphire-tadpole.glitch.me%2Ffinally" -v
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 2.22.97.140...
* TCP_NODELAY set
* Connected to api.sonos.com (2.22.97.140) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=Santa Barbara; O=Sonos, Inc.; OU=IT; CN=*.sonos.com
*  start date: Mar  9 00:00:00 2018 GMT
*  expire date: Mar 12 12:00:00 2020 GMT
*  subjectAltName: host "api.sonos.com" matched cert's "*.sonos.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
> POST /login/v3/oauth/access HTTP/1.1
> Host: api.sonos.com
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded;charset=utf-8
> Authorization: Basic MThhYjU4MjYtOTYzNy00YjFiLTlmXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXtNGUzOC1iMGUwLTZiMDA4N2ZiMDM0Yw==
> Content-Length: 135
>
* upload completely sent off: 135 out of 135 bytes
< HTTP/1.1 400 Bad Request
< Content-Type: application/json;charset=UTF-8
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< X-Application-Context: login-service:prod
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Length: 27
< Expires: Tue, 11 Sep 2018 19:50:00 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Tue, 11 Sep 2018 19:50:00 GMT
< Connection: close
< Set-Cookie: JSESSIONID=DB3B48F621A41F0A24E2D6FC2DDE020B; Path=/login/v3; Secure; HttpOnly
< Set-Cookie: AWSELB=69BFEFC914A689BF6DC8E4652748D7B501ED60290D9A5E5030A81F5A29357C8E67353A664FEE6C6D907213C0B2ECB35914CC85B8E047283F4361C4FC809EB10CE87CE95377;PATH=/;MAX-AGE=1800
<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
{"error":"invalid_request"}%

1This page 说应该是POST 但我认为这是一个错字?

2This page 说应该发送到/auth/oauth/v2/access,但我认为这是贬值了。

【问题讨论】:

  • 您能否将完整的 POST 请求发布到访问端点以便我们查看?并感谢您指出文档拼写错误。我们会纠正这些。当然,屏蔽所有敏感键。
  • @MattWelch 完成,谢谢。是否有其他渠道可以报告拼写错误等?
  • 这一切看起来都是正确的。您能否确认您在该 POST 中提供给 /access 端点的重定向 uri 与您在我们的开发人员门户上创建控件集成时提供的完全匹配。如果这是问题所在,您可能希望我们返回一个 invalid_redirect_url,但让我们从那里开始。
  • @MattWelch 我已经将重定向 uri 添加到门户。看起来正确吗?我已在问题中添加了屏幕截图。
  • 太棒了。我会提供一个答案。请将其标记为正确,以供将来搜索的开发人员使用。谢谢

标签: node.js oauth-2.0 sonos


【解决方案1】:

确认您的重定向 uri 是正确的,并且对于身份验证代码 GET 和访问令牌 POST 都是相同的。

【讨论】:

    猜你喜欢
    • 2013-11-09
    • 2011-12-17
    • 2016-09-03
    • 2015-04-28
    • 1970-01-01
    • 2016-03-01
    • 1970-01-01
    相关资源
    最近更新 更多