摘要:背景本人去年在打醬油的時(shí)候曾經(jīng)要求抓過新浪微博的有關(guān)數(shù)據(jù)。然而要讀寫這些微博信息和朋友關(guān)系,必須要在新浪圍脖平臺(tái)上注冊(cè)應(yīng)用。
背景
本人去年在UCLA打醬油的時(shí)候曾經(jīng)要求抓過新浪微博的有關(guān)數(shù)據(jù)。然而要讀寫這些微博信息和朋友關(guān)系,必須要在新浪圍脖平臺(tái)上注冊(cè)應(yīng)用。也就是要接觸 OAuth 2.0 這個(gè)東西。當(dāng)時(shí)基本不懂,今天看到了阮一峰博客上的這篇文章,決定自己動(dòng)手一試。
準(zhǔn)備首先,你要把阮一峰博客上的這篇文章 粗略的讀一遍。
然后你要上 新浪開發(fā)平臺(tái) 注冊(cè)一個(gè)應(yīng)用,我注冊(cè)的是微連接 - 網(wǎng)頁應(yīng)用
打開界面你可以看到App Key和App Secret,這是要用的東西
好,接下來下載新浪微博python SDK,我們用Python進(jìn)行分析
分析首先,我們先根據(jù)微博API上面的HOW-TO 文檔上來做
from weibo import APIClient APP_KEY = "1234567" # app key APP_SECRET = "abcdefghijklmn" # app secret CALLBACK_URL = "http://www.example.com/callback" client = APIClient(app_key=APP_KEY, app_secret=APP_SECRET, redirect_uri=CALLBACK_URL) url = client.get_authorize_url()
這樣就拿到了URL了,你打開這個(gè)URL一看,正是提示你要授權(quán)應(yīng)用(出現(xiàn)error:redirect_uri_mismatch 同學(xué)請(qǐng)到新浪微博開發(fā)界面填好redirect_uri)
好,我們看看源碼
class APIClient(object): """ API client using synchronized invocation. """ def __init__(self, app_key, app_secret, redirect_uri=None, response_type="code", domain="api.weibo.com", version="2"): self.client_id = str(app_key) self.client_secret = str(app_secret) self.redirect_uri = redirect_uri self.response_type = response_type self.auth_url = "https://%s/oauth2/" % domain self.api_url = "https://%s/%s/" % (domain, version) self.access_token = None self.expires = 0.0 self.get = HttpObject(self, _HTTP_GET) self.post = HttpObject(self, _HTTP_POST) self.upload = HttpObject(self, _HTTP_UPLOAD) def get_authorize_url(self, redirect_uri=None, **kw): """ return the authorization url that the user should be redirected to. """ redirect = redirect_uri if redirect_uri else self.redirect_uri if not redirect: raise APIError("21305", "Parameter absent: redirect_uri", "OAuth2 request") response_type = kw.pop("response_type", "code") return "%s%s?%s" % (self.auth_url, "authorize", _encode_params(client_id = self.client_id, response_type = response_type, redirect_uri = redirect, **kw))
client_id,redirect_url,app_key,好熟悉啊,仔細(xì)一看,原來是授權(quán)碼模式的第一步
The client constructs the request URI by adding the following
parameters to the query component of the authorization endpoint URI
using the "application/x-www-form-urlencoded" format, per Appendix B:response_type
REQUIRED. Value MUST be set to "code".client_id
REQUIRED. The client identifier as described in Section 2.2.redirect_uri
OPTIONAL. As described in Section 3.1.2.scope
OPTIONAL. The scope of the access request as described by
Section 3.3.state
RECOMMENDED. An opaque value used by the client to maintain
state between the request and callback. The authorization
server includes this value when redirecting the user-agent back
to the client. The parameter SHOULD be used for preventing
cross-site request forgery as described in Section 10.12.
好了,當(dāng)我們把賬號(hào)密碼填寫好了之后驗(yàn)證成功后,你發(fā)現(xiàn)你的瀏覽器上面的URL發(fā)生了變化,到底是這么回事呢,請(qǐng)看第二步Authorization Response
If the resource owner grants the access request, the authorization
server issues an authorization code and delivers it to the client by
adding the following parameters to the query component of the
redirection URI using the "application/x-www-form-urlencoded" format,
per Appendix B:code
REQUIRED. The authorization code generated by the
authorization server. The authorization code MUST expire
shortly after it is issued to mitigate the risk of leaks. A
maximum authorization code lifetime of 10 minutes is
RECOMMENDED. The client MUST NOT use the authorization code more than once. If an authorization code is used more than
once, the authorization server MUST deny the request and SHOULD
revoke (when possible) all tokens previously issued based on
that authorization code. The authorization code is bound to
the client identifier and redirection URI.state
REQUIRED if the "state" parameter was present in the client
authorization request. The exact value received from the
client.For example, the authorization server redirects the user-agent by
sending the following HTTP response:
HTTP/1.1 302 Found Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA &state=xyz
然后我們繼續(xù)按照API的指示做
# 獲取URL參數(shù)code: code = your.web.framework.request.get("code") r = client.request_access_token(code) def request_access_token(self, code, redirect_uri=None): redirect = redirect_uri if redirect_uri else self.redirect_uri if not redirect: raise APIError("21305", "Parameter absent: redirect_uri", "OAuth2 request") r = _http_post("%s%s" % (self.auth_url, "access_token"), client_id = self.client_id, client_secret = self.client_secret, redirect_uri = redirect, code = code, grant_type = "authorization_code") return self._parse_access_token(r)
這個(gè)獲得code 方法通常可以有很多,但是我們既然是實(shí)驗(yàn),就手動(dòng)復(fù)制code 吧。
哈哈,很明顯request_access_token 這個(gè)方法就是發(fā)一個(gè)HTTP POST 包嘛
第三步Access Token Request
The client makes a request to the token endpoint by sending the
following parameters using the "application/x-www-form-urlencoded"
format per Appendix B with a character encoding of UTF-8 in the HTTP
request entity-body:grant_type
REQUIRED. Value MUST be set to "authorization_code".code
REQUIRED. The authorization code received from the
authorization server.redirect_uri
REQUIRED, if the "redirect_uri" parameter was included in the
authorization request as described in Section 4.1.1, and their
values MUST be identical.client_id
REQUIRED, if the client is not authenticating with the
authorization server as described in Section 3.2.1.If the client type is confidential or the client was issued client
credentials (or assigned other authentication requirements), the
client MUST authenticate with the authorization server as described
in Section 3.2.1.For example, the client makes the following HTTP request using TLS
(with extra line breaks for display purposes only):POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
最后一步
access_token = r.access_token # 新浪返回的token,類似abc123xyz456 expires_in = r.expires_in # token過期的UNIX時(shí)間:http://zh.wikipedia.org/wiki/UNIX%E6%97%B6%E9%97%B4 # TODO: 在此可保存access token client.set_access_token(access_token, expires_in)
就是從服務(wù)器返回的HTTP 包中解析access_token 和 expire_in 數(shù)據(jù)
同樣來看RFC 文檔中寫的
If the access token request is valid and authorized, the
authorization server issues an access token and optional refresh
token as described in Section 5.1. If the request client
authentication failed or is invalid, the authorization server returns
an error response as described in Section 5.2.An example successful response:
HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter":"example_value" }
接下來就可以調(diào)用API啦~
對(duì)于最后兩步看的很累的話,可以自己嘗試寫一個(gè)
import urllib, urllib2 APP_KEY = "2613134348" APP_SECRET = "5a14f41598a7444c7e0dc0422519b091" # app secret ACCESS_TOKEN = "9cd1b3869e62491331caf444456953e8" data = { "grant_type" : "authorization_code", "code" :ACCESS_TOKEN, "redirect_uri":"http://www.ceclinux.org", "client_id":APP_KEY, "client_secret":APP_SECRET } headers = {"host":"api.weibo.com","Authorization":"OAuth2 %s" % ACCESS_TOKEN} data = urllib.urlencode(data) request = urllib2.Request("https://api.weibo.com/oauth2/access_token", data, headers) response = urllib2.urlopen(request) print response.read()
運(yùn)行這個(gè)文件
最后也能得到一個(gè)包含access_token和expire_date的JSON文件
沒了~
參考http://github.liaoxuefeng.com/sinaweibopy/
https://github.com/michaelliao/sinaweibopy/wiki/OAuth2-HOWTO
http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html
文章版權(quán)歸作者所有,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請(qǐng)注明本文地址:http://specialneedsforspecialkids.com/yun/37402.html
摘要:阮一峰老師曾經(jīng)在他的博文理解里對(duì)這個(gè)概念有了深入淺出的闡述。注這是阮一峰老師文章里提到的中的認(rèn)證模式之一簡(jiǎn)化模式客戶聽起來不錯(cuò)這樣我就不需要把我們公司的用戶的密碼提供給您了。這下您放心了吧注這種方式即阮一峰文章里介紹的授權(quán)碼模式。 阮一峰老師曾經(jīng)在他的博文理解OAuth 2.0里對(duì)這個(gè)概念有了深入淺出的闡述。 http://www.ruanyifeng.com/blo... 本文會(huì)結(jié)合...
摘要:阮一峰老師曾經(jīng)在他的博文理解里對(duì)這個(gè)概念有了深入淺出的闡述。注這是阮一峰老師文章里提到的中的認(rèn)證模式之一簡(jiǎn)化模式客戶聽起來不錯(cuò)這樣我就不需要把我們公司的用戶的密碼提供給您了。這下您放心了吧注這種方式即阮一峰文章里介紹的授權(quán)碼模式。 阮一峰老師曾經(jīng)在他的博文理解OAuth 2.0里對(duì)這個(gè)概念有了深入淺出的闡述。 http://www.ruanyifeng.com/blo... 本文會(huì)結(jié)合...
摘要:本人長(zhǎng)期出售超大量微博數(shù)據(jù)旅游網(wǎng)站評(píng)論數(shù)據(jù),并提供各種指定數(shù)據(jù)爬取服務(wù),。如果用戶傳入偽造的,則新浪微博會(huì)返回一個(gè)錯(cuò)誤。 PS:(本人長(zhǎng)期出售超大量微博數(shù)據(jù)、旅游網(wǎng)站評(píng)論數(shù)據(jù),并提供各種指定數(shù)據(jù)爬取服務(wù),Message to YuboonaZhang@Yahoo.com。由于微博接口更新后限制增大,這個(gè)代碼已經(jīng)不能用來爬數(shù)據(jù)了。如果只是為了收集數(shù)據(jù)可以咨詢我的郵箱,如果是為了學(xué)習(xí)爬蟲,...
閱讀 2801·2023-04-25 22:51
閱讀 2026·2021-10-11 10:58
閱讀 3308·2019-08-30 10:49
閱讀 1870·2019-08-29 17:09
閱讀 3136·2019-08-29 10:55
閱讀 839·2019-08-26 10:34
閱讀 3467·2019-08-23 17:54
閱讀 980·2019-08-23 16:06