dqprf0976
dqprf0976
采纳率100%
2013-07-09 22:26 阅读 95
已采纳

使用2leg oauth令牌调用Bitbucket REST API

I am trying to call bitbucket's api using 2-legged oauth authentication.

I call

https://bitbucket.org/!api/1.0/oauth/request_token

with my oauth secret and key and get the following:

oauth_token_secret=<token_secret>&oauth_token=<token>&oauth_callback_confirmed=true

How can I use this to call an api function, such as

https://bitbucket.org/api/1.0/user 
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    douchun1900 douchun1900 2013-07-10 09:37

    After you have received accesstoken & secret, when you send the request add a (Authorization) Header as,

    Authorization: OAuth oauth_consumer_key="<YourKey>",oauth_signature_method="HMAC-SHA1",oauth_timestamp="<TIMESTAMP>",oauth_nonce="2694561796",oauth_version="1.0",oauth_signature="<Signature>"
    

    where,

    TIMESTAMP= current epoch (ms) oauth_nonce random number

    Important thing is oauth_signature

    Read through here on how to generate,

    Oauth 1.0 Signature

    Signature has to be precalculated before sending the request. And this will do it.

    To test it you can tryout it here, Apigee Bitbucket API Console

    PS: Its weird that Bit Bucket uses OAuth 1.0, well known for its vulnerabilities.

    Session Fixation Attack

    点赞 评论 复制链接分享

相关推荐