HTTP/1.1 401 Token invalid - AuthSub token has wrong scope

北战南征 提交于 2019-12-09 23:57:56

问题


I get this error when trying to get a feed from Google Analytics API. However, using the same token I get successful feeds from Google Calendar. The code between the two is exactly the same except for the feed url. So it must have something to do with Analytics being https and Calendar just http.

I have successfully created a non-secure, long-lived token. The scope parameter while requesting the initial token:

scope=http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds%2F%20https%3A%2F%2Fwww.google.com%2Fanalytics%2Ffeeds

My request for the long-lived token:

GET /accounts/AuthSubSessionToken HTTP/1.1
Authorization: AuthSub token="CP_AgsyLDxDCtpjg-f____8B"
Content-Type: application/x-www-form-urlencoded
Host: www.google.com:443
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)

Returns a long-lived token. Using it for Google Calendar:

GET /calendar/feeds/default/allcalendars/full HTTP/1.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="CP_AgsyLDxCh2tmj-P____8B"
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)

returns a temporary redirect (302):

HTTP/1.1 302 Moved Temporarily
Expires: Sun, 01 Nov 2009 03:00:01 GMT
Date: Sun, 01 Nov 2009 03:00:01 GMT
Set-Cookie: S=calendar=mta4-_BxxANrylcSnzUatg;Expires=Mon, 01-Nov-2010 03:00:01 GMT
Location: http://www.google.com/calendar/feeds/default/allcalendars/full?gsessionid=mta4-_BxxANrylcSnzUatg

which results in a successful Get to this:

GET /calendar/feeds/default/allcalendars/full?gsessionid=mta4-_BxxANrylcSnzUatg HTTP/1.1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="CP_AgsyLDxCh2tmj-P____8B"
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
Cookie: S=calendar=mta4-_BxxANrylcSnzUatg

But I get the error 401 when attempting to get the Google Analytics feed:

GET /analytics/feeds/accounts/default HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="CP_AgsyLDxCh2tmj-P____8B"
Host: www.google.com:443
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)

Do I need a valid SSL certificate for my domain? Been fighting with this for weeks!!!
using Indy10 with Delphi 2007 in Apache.

A request was made to provide some of the Delphi code. What I have provided here is the code for the GET to the feed. I don't provide code to get the tokens because I assume they are good (I am able to get calendar feeds).

var
  IdHTTP: TIdHTTP;
  IdSSLIOHandlerSocket1: TIdSSLIOHandlerSocketOpenSSL;

begin
  IdSSLIOHandlerSocket1 := TIdSSLIOHandlerSocketOpenSSL.create(nil);
  IdHTTP := TIdHTTP.create(nil);
  with IdSSLIOHandlerSocket1 do begin
    SSLOptions.Method := sslvSSLv3;
    SSLOptions.Mode :=  sslmUnassigned;
    SSLOptions.VerifyMode := [];
    SSLOptions.VerifyDepth := 2;
  end;
  with IdHTTP do begin
    IOHandler := IdSSLIOHandlerSocket1;
    ProxyParams.BasicAuthentication := False;
    Request.UserAgent := 'Mozilla/3.0 (compatible; Indy Library)';
    Request.ContentType := 'application/x-www-form-urlencoded';
    request.host := 'www.google.com/analytics';
    request.connection := 'keep-alive';
    Request.Accept := 'text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2';
  end;

  idhttp.Request.CustomHeaders.Add('Authorization: AuthSub token="'+mToken+'" ');

  IdHTTP.Get('https://www.google.com/analytics/feeds/accounts/default');  // results in the 401

回答1:


Took some time and required me to use Fiddler and the Curl php approach. Found this line:

Host: www.google.com:443

can't have the :443. Must be like this:

Host: www.google.com

The Indy TIdHTTP component was automatically appending this to the host when it saw https. The only way I could get around it was to publish my own "host" property.



来源:https://stackoverflow.com/questions/1656311/http-1-1-401-token-invalid-authsub-token-has-wrong-scope

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!