在浏览器中调用 oAuth2 api 时出现 404 错误
Getting 404 error while call oAuth2 api in the browser
我在rails上使用了ruby来制作RESTfulapi并且还使用了doorkeeper来处理认证和授权。如您所知,门卫生成了一些 OAuth2 api,我需要使用的其中两个是 /users,即 post 请求和 /oauth/token 为我制作令牌。我制作的 api post、get、put 在 postman 和 android studio 和网络浏览器中效果很好。
但是由门卫生成的 post api /users 和 /oauth/token 在网络浏览器中不起作用,但在 android studio 和 postman 上效果很好。
这让我很困惑。我在调用此 api 时遇到的错误是 404,我检查了服务器上的 ruby 生产日志,它说没有路由匹配。这里的字符串是方法和路由的类型是正确的。
这是我在 reactjs 中使用的代码。我使用了 axios:
var url="http://x.x.x.x/oauth/token";
axios.post(url,{
"username":"1",
"password":"password",
"grant_type":"password"
},{headers:{"Content-Type":"application/json"}}).then( (response) => {
console.log(response.data);
})
.catch( (error) => {
console.log(JSON.stringify(error));
});
并且还使用原始 jQuery 发出请求并得到相同的错误。我所有的 api 都很好,除了这两个 api:
var firstname = document.forms["registerForm"]["first_name"].value;
var lastname = document.forms["registerForm"]["last_name"].value;
var pass = document.forms["registerForm"]["password"].value;
var passconfirm = document.forms["registerForm"]["password_confirmation"].value;
var json_data = {
"async": true,
"crossDomain": true,
"url": send,
"method": "POST",
"headers": {
"content-type": "application/json",
},
"processData": false,
"data":
{
"user": {
"user_name": username,
"password": pass,
"password_confirmation": passconfirm,
"user_type": "admin"
},
"profile": {
"first_name": firstname,
"last_name": lastname
}
}
}
$.ajax(json_data).done(function (response) {
console.log(response);
});
console.log(json_data['data']);
console.log(username);
这段代码的输出console.log(JSON.stringify(error));这是:
{"config":{"transformRequest":{},"transformResponse":{},"timeout":0,"xsrfCookieName":"XSRF-TOKEN","xsrfHeaderName":"X-XSRF-TOKEN","maxContentLength":-1,"headers":{"Accept":"application/json, text/plain, */*","Content-Type":"application/json;charset=utf-8"},"method":"post","url":"http://x.x.x.x/oauth/token.json","data":"{\"username\":\"1\",\"password\":\"password\",\"grant_type\":\"password\"}"},"request":{}}
我在浏览器中找到请求头和响应头:
Response Header:
Content-Type
application/json; charset=UTF-8
Content-Length
34
Connection
keep-alive
Status
404 Not Found
X-Request-Id
d593b73f-eec8-41cd-95cd-e4459663358c
X-Runtime
0.002108
Date
Mon, 13 Nov 2017 11:19:26 GMT
X-Powered-By
Phusion Passenger 5.1.11
Server
nginx/1.12.1 + Phusion Passenger 5.1.11
Request headers (427 B)
Host
x.x.x.x
User-Agent
Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/56.0
Accept
text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Language
en-US,en;q=0.5
Accept-Encoding
gzip, deflate
Access-Control-Request-Method
POST
Access-Control-Request-Headers
Origin
http://localhost:3000
Connection
keep-alive
在检查了他们的 docs 之后,您似乎需要将 Content-Type header 更改为 application/x-www-form-urlencoded 并将数据更改为 key=value 对:
const data = 'username=1&password=password&grant_type=password'
或者简单地说:
const formData = {
username: '1',
password: 'password',
grant_type: 'password',
}
const data = Object.keys(formData)
.map(prop => `${prop}=${formData[prop]}`)
.join('&')
最终结果为:
var url="http://x.x.x.x/oauth/token";
axios.post(url, data, {
headers: {
"Content-Type": "application/x-www-form-urlencoded"
}
}).then( (response) => {
console.log(response.data);
})
.catch( (error) => {
console.log(JSON.stringify(error));
});
您需要在 OAuth 设置中进行配置以允许访问客户端 Web 应用程序。检查您在 api 响应中获得的日志或错误消息。
好像是因为CORS政策。你可以rack-cores。
它是一个机架中间件,您将能够向受门卫保护的应用程序发出跨域请求
function login(username, password, returnUrl) {
const formData = {
grant_type:"password",
client_id:"xxxxxxxx",
client_secret: "xxxxxxxxx",
redirect_uri:"xxxxxxxx.com/api/v1/accounts/profile/",
username:username,
password:password
}
const d = Object.keys(formData)
.map(prop => `${prop}=${formData[prop]}`)
.join('&')
const requestOptions = {
method: 'POST',
headers: {
"Content-Type": "application/x-www-form-urlencoded",
'Accept': 'application/json'
},
body: d
};
return fetch('xxx.com/o/token/', requestOptions)
.then(handlePostResponse)
.then(token => {
// login successful if there's a user in the response
if (token) {
token.token = token
}
console.log(token)
return token;
});
}
我在rails上使用了ruby来制作RESTfulapi并且还使用了doorkeeper来处理认证和授权。如您所知,门卫生成了一些 OAuth2 api,我需要使用的其中两个是 /users,即 post 请求和 /oauth/token 为我制作令牌。我制作的 api post、get、put 在 postman 和 android studio 和网络浏览器中效果很好。 但是由门卫生成的 post api /users 和 /oauth/token 在网络浏览器中不起作用,但在 android studio 和 postman 上效果很好。 这让我很困惑。我在调用此 api 时遇到的错误是 404,我检查了服务器上的 ruby 生产日志,它说没有路由匹配。这里的字符串是方法和路由的类型是正确的。
这是我在 reactjs 中使用的代码。我使用了 axios:
var url="http://x.x.x.x/oauth/token";
axios.post(url,{
"username":"1",
"password":"password",
"grant_type":"password"
},{headers:{"Content-Type":"application/json"}}).then( (response) => {
console.log(response.data);
})
.catch( (error) => {
console.log(JSON.stringify(error));
});
并且还使用原始 jQuery 发出请求并得到相同的错误。我所有的 api 都很好,除了这两个 api:
var firstname = document.forms["registerForm"]["first_name"].value;
var lastname = document.forms["registerForm"]["last_name"].value;
var pass = document.forms["registerForm"]["password"].value;
var passconfirm = document.forms["registerForm"]["password_confirmation"].value;
var json_data = {
"async": true,
"crossDomain": true,
"url": send,
"method": "POST",
"headers": {
"content-type": "application/json",
},
"processData": false,
"data":
{
"user": {
"user_name": username,
"password": pass,
"password_confirmation": passconfirm,
"user_type": "admin"
},
"profile": {
"first_name": firstname,
"last_name": lastname
}
}
}
$.ajax(json_data).done(function (response) {
console.log(response);
});
console.log(json_data['data']);
console.log(username);
这段代码的输出console.log(JSON.stringify(error));这是:
{"config":{"transformRequest":{},"transformResponse":{},"timeout":0,"xsrfCookieName":"XSRF-TOKEN","xsrfHeaderName":"X-XSRF-TOKEN","maxContentLength":-1,"headers":{"Accept":"application/json, text/plain, */*","Content-Type":"application/json;charset=utf-8"},"method":"post","url":"http://x.x.x.x/oauth/token.json","data":"{\"username\":\"1\",\"password\":\"password\",\"grant_type\":\"password\"}"},"request":{}}
我在浏览器中找到请求头和响应头:
Response Header:
Content-Type
application/json; charset=UTF-8
Content-Length
34
Connection
keep-alive
Status
404 Not Found
X-Request-Id
d593b73f-eec8-41cd-95cd-e4459663358c
X-Runtime
0.002108
Date
Mon, 13 Nov 2017 11:19:26 GMT
X-Powered-By
Phusion Passenger 5.1.11
Server
nginx/1.12.1 + Phusion Passenger 5.1.11
Request headers (427 B)
Host
x.x.x.x
User-Agent
Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/56.0
Accept
text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Language
en-US,en;q=0.5
Accept-Encoding
gzip, deflate
Access-Control-Request-Method
POST
Access-Control-Request-Headers
Origin
http://localhost:3000
Connection
keep-alive
在检查了他们的 docs 之后,您似乎需要将 Content-Type header 更改为 application/x-www-form-urlencoded 并将数据更改为 key=value 对:
const data = 'username=1&password=password&grant_type=password'
或者简单地说:
const formData = {
username: '1',
password: 'password',
grant_type: 'password',
}
const data = Object.keys(formData)
.map(prop => `${prop}=${formData[prop]}`)
.join('&')
最终结果为:
var url="http://x.x.x.x/oauth/token";
axios.post(url, data, {
headers: {
"Content-Type": "application/x-www-form-urlencoded"
}
}).then( (response) => {
console.log(response.data);
})
.catch( (error) => {
console.log(JSON.stringify(error));
});
您需要在 OAuth 设置中进行配置以允许访问客户端 Web 应用程序。检查您在 api 响应中获得的日志或错误消息。
好像是因为CORS政策。你可以rack-cores。 它是一个机架中间件,您将能够向受门卫保护的应用程序发出跨域请求
function login(username, password, returnUrl) {
const formData = {
grant_type:"password",
client_id:"xxxxxxxx",
client_secret: "xxxxxxxxx",
redirect_uri:"xxxxxxxx.com/api/v1/accounts/profile/",
username:username,
password:password
}
const d = Object.keys(formData)
.map(prop => `${prop}=${formData[prop]}`)
.join('&')
const requestOptions = {
method: 'POST',
headers: {
"Content-Type": "application/x-www-form-urlencoded",
'Accept': 'application/json'
},
body: d
};
return fetch('xxx.com/o/token/', requestOptions)
.then(handlePostResponse)
.then(token => {
// login successful if there's a user in the response
if (token) {
token.token = token
}
console.log(token)
return token;
});
}