我試圖讓安裝的應用程序與Reddit的api上的Oauth2一起工作。我使用Windows運行時api的httpclient發出請求,並使用webauthenticationbroker獲取代碼以執行GET請求以接收令牌。我請求令牌通過使用這樣的:Reddit API Oauth2「用戶需要」
https://www.reddit.com/api/v1/authorize?client_id=" + client_id + "&response_type=code&state=" + "testing" + "&redirect_uri=http://abcd.com&duration=" + "permanent" + "&scope=" + "vote,identity"
,並得到了代碼發回,所以就用POST在此(用內容類型爲:應用/ X WWW的窗體-urlencoded):
https://www.reddit.com/api/v1/access_token
與主體是這樣的:
grant_type=https://oauth.reddit.com/grants/installed_client&\
device_id="+id + "&code=" + code
(代碼和ID是在所述第一步驟和id接收的代碼所產生的UUID)
然後我得到了這樣的回:
{"access_token": "--5e65dP1dI_1vgLbqvi7zRB6cnU", "token_type": "bearer", "expires_in": 3600, "scope": "*"}
所以我提取的令牌,並得到這個:
--5e65dP1dI_1vgLbqvi7zRB6cnU
然後我試圖做一個GET請求上https://oauth.reddit.com/api/v1/me這些標題:
{
User-Agent: (testUWP client by /u/bored_reddit_user)
Authorization: bearer --5e65dP1dI_1vgLbqvi7zRB6cnU
}
我將這些標題返回給狀態碼403禁止的原因短語:
{
Connection: keep-alive
Server: cloudflare-nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Transfer-Encoding: chunked
cache-control: max-age=0, must-revalidate
x-ua-compatible: IE=edge
CF-RAY: 23f5127a6a2911a1-SJC
Date: Tue, 03 Nov 2015 03:42:58 GMT
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
X-Moose: majestic
x-reddit-tracking: https://pixel.redditmedia.com/pixel/of_destiny.png?v=BZoi0ikdGrSYn9U9xM6GWeYcRRb0W50fSQuGYb1Q8Oe7E5WVB6qTA4hRqlx9vDfpLOKzpE3Z5Wo%3D
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-expose-headers: X-Reddit-Tracking, X-Moose
}{
Content-Type: application/json; charset=UTF-8
}
與此內容:
{"explanation": "Please log in to do that.", "reason": "USER_REQUIRED"}
我很茫然,什麼我做錯了,誰能幫幫我嗎?
使用'installed_client'授權類型的原因是什麼?它僅用於在沒有用戶上下文的情況下發出請求 - 它似乎需要[https://oauth.reddit.com/api/v1/me](https://www.reddit.com/dev/api#GET_api_v1_me)一個用戶上下文以返回當前認證的用戶。你有沒有嘗試使用授權類型'authorization_code'? –
感謝@ZanyCadence工作。有沒有解釋每種授權類型的頁面?我會認爲'installed_client'類型對於將安裝在用戶計算機上的客戶端有意義... – justanotherxl