创建 Sonos API oauth 令牌时,400 Bad Request invalid_request 是什么意思
What does 400 Bad Request invalid_request mean when creating a Sonos API oauth Token
当我 post 到 https://api.sonos.com/login/v3/oauth/access 时,我收到 400 错误消息 invalid_request
- 添加到门户的端点:
- 我发送
GET1 到 /login/v3/oauth 并在完成 Sonos 登录过程后获得授权码。
I POST 到 login/v3/oauth/access2 然后我收到错误 400 Bad Request 消息 invalid_request .根据文档,这不是有效的响应,因为这些是可以返回的响应:
- 401 未经授权:invalid_request
- 400 错误请求:invalid_client
- 400 错误请求:invalid_redirect_uri
- 400 错误请求:invalid_code
- 405 方法不允许:invalid_method
这个回复是什么意思?希望通过一些额外的信息我可以弄清楚我做错了什么,但是你可以看到代码 here。我正在使用 simple-oauth2 库,但我尝试了几种不同的方法但结果相同,所以我想我做的事情根本上是错误的!
这是卷曲:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
-H "Authorization: Basic MThhYjU4MjYtOTYzNy00YjFiLTlmXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXtNGUzOC1iMGUwLTZiMDA4N2ZiMDM0Yw==" \
"https://api.sonos.com/login/v3/oauth/access" \
-d "grant_type=authorization_code&code=aba2cc0c-XXXXXXXXXXXXXXXXXXXXX998d599&redirect_uri=https%3A%2F%2Fsapphire-tadpole.glitch.me%2Ffinally" -v
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 2.22.97.140...
* TCP_NODELAY set
* Connected to api.sonos.com (2.22.97.140) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=Santa Barbara; O=Sonos, Inc.; OU=IT; CN=*.sonos.com
* start date: Mar 9 00:00:00 2018 GMT
* expire date: Mar 12 12:00:00 2020 GMT
* subjectAltName: host "api.sonos.com" matched cert's "*.sonos.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> POST /login/v3/oauth/access HTTP/1.1
> Host: api.sonos.com
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded;charset=utf-8
> Authorization: Basic MThhYjU4MjYtOTYzNy00YjFiLTlmXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXtNGUzOC1iMGUwLTZiMDA4N2ZiMDM0Yw==
> Content-Length: 135
>
* upload completely sent off: 135 out of 135 bytes
< HTTP/1.1 400 Bad Request
< Content-Type: application/json;charset=UTF-8
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< X-Application-Context: login-service:prod
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Length: 27
< Expires: Tue, 11 Sep 2018 19:50:00 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Tue, 11 Sep 2018 19:50:00 GMT
< Connection: close
< Set-Cookie: JSESSIONID=DB3B48F621A41F0A24E2D6FC2DDE020B; Path=/login/v3; Secure; HttpOnly
< Set-Cookie: AWSELB=69BFEFC914A689BF6DC8E4652748D7B501ED60290D9A5E5030A81F5A29357C8E67353A664FEE6C6D907213C0B2ECB35914CC85B8E047283F4361C4FC809EB10CE87CE95377;PATH=/;MAX-AGE=1800
<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
{"error":"invalid_request"}%
1 This page 说应该是 POST 但我认为这是一个错字?
2 This page 说它应该发送到 /auth/oauth/v2/access 但我认为它已经贬值了。
确认您的重定向 uri 正确,并且授权码 GET 和访问令牌都相同 POST。
当我 post 到 https://api.sonos.com/login/v3/oauth/access 时,我收到 400 错误消息 invalid_request
- 添加到门户的端点:
- 我发送
GET1 到/login/v3/oauth并在完成 Sonos 登录过程后获得授权码。 I POST 到
login/v3/oauth/access2 然后我收到错误 400 Bad Request 消息 invalid_request .根据文档,这不是有效的响应,因为这些是可以返回的响应:- 401 未经授权:invalid_request
- 400 错误请求:invalid_client
- 400 错误请求:invalid_redirect_uri
- 400 错误请求:invalid_code
- 405 方法不允许:invalid_method
这个回复是什么意思?希望通过一些额外的信息我可以弄清楚我做错了什么,但是你可以看到代码 here。我正在使用 simple-oauth2 库,但我尝试了几种不同的方法但结果相同,所以我想我做的事情根本上是错误的!
这是卷曲:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
-H "Authorization: Basic MThhYjU4MjYtOTYzNy00YjFiLTlmXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXtNGUzOC1iMGUwLTZiMDA4N2ZiMDM0Yw==" \
"https://api.sonos.com/login/v3/oauth/access" \
-d "grant_type=authorization_code&code=aba2cc0c-XXXXXXXXXXXXXXXXXXXXX998d599&redirect_uri=https%3A%2F%2Fsapphire-tadpole.glitch.me%2Ffinally" -v
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 2.22.97.140...
* TCP_NODELAY set
* Connected to api.sonos.com (2.22.97.140) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=Santa Barbara; O=Sonos, Inc.; OU=IT; CN=*.sonos.com
* start date: Mar 9 00:00:00 2018 GMT
* expire date: Mar 12 12:00:00 2020 GMT
* subjectAltName: host "api.sonos.com" matched cert's "*.sonos.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> POST /login/v3/oauth/access HTTP/1.1
> Host: api.sonos.com
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded;charset=utf-8
> Authorization: Basic MThhYjU4MjYtOTYzNy00YjFiLTlmXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXtNGUzOC1iMGUwLTZiMDA4N2ZiMDM0Yw==
> Content-Length: 135
>
* upload completely sent off: 135 out of 135 bytes
< HTTP/1.1 400 Bad Request
< Content-Type: application/json;charset=UTF-8
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< X-Application-Context: login-service:prod
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Length: 27
< Expires: Tue, 11 Sep 2018 19:50:00 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Tue, 11 Sep 2018 19:50:00 GMT
< Connection: close
< Set-Cookie: JSESSIONID=DB3B48F621A41F0A24E2D6FC2DDE020B; Path=/login/v3; Secure; HttpOnly
< Set-Cookie: AWSELB=69BFEFC914A689BF6DC8E4652748D7B501ED60290D9A5E5030A81F5A29357C8E67353A664FEE6C6D907213C0B2ECB35914CC85B8E047283F4361C4FC809EB10CE87CE95377;PATH=/;MAX-AGE=1800
<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
{"error":"invalid_request"}%
1 This page 说应该是 POST 但我认为这是一个错字?
2 This page 说它应该发送到 /auth/oauth/v2/access 但我认为它已经贬值了。
确认您的重定向 uri 正确,并且授权码 GET 和访问令牌都相同 POST。