情況介紹:
這篇文章目的是解決OAuth2 授權(quán)驗(yàn)證方式, POST請(qǐng)求返回結(jié)果 40X,報(bào)錯(cuò),原因出在哪里呢,如何修改呢,現(xiàn)在將過(guò)程交代一下情況如下:
接口分析:
后臺(tái)使用OAuth2 授權(quán)驗(yàn)證方式,POST請(qǐng)求,接口類(lèi)型如下
功能描述: 獲取access_token
請(qǐng)求地址: http://domain/uaa/oauth/token
請(qǐng)求動(dòng)作: POST
請(qǐng)求示例: http://domain/uaa/oauth/token?grant_type=password&username=mayun&password=mayun
Authorization:
- Type:Base Auth
- Username:iosClient
- Password: iosClient
返回示例 { "access_token": "bdfc82c8-8020-4f50-8c69-125b34594a46", "token_type": "bearer", "refresh_token": "6fcec503-ead9-414c-87ee-9af13a855e03", "expires_in": 36464, "scope": "xx" }
首先需要身份驗(yàn)證,要傳入驗(yàn)證身份的
clientID和secret,分別是iosClient和iosSecret,這個(gè)是后臺(tái)授權(quán)的客戶(hù)端的key
grant_type ,這個(gè)值,可把我坑壞了,由于不了解OAuth2 ,所以在POST請(qǐng)求時(shí),老是以為問(wèn)題出在這(因?yàn)閕OS,NSDictionary,對(duì)于帶下劃線(xiàn)的參數(shù),會(huì)變成"grant_type"),打印傳入的參數(shù)一看,總是不對(duì),浪費(fèi)了很多不必要的時(shí)間, grant_type其實(shí)是OAuth2 規(guī)定的,
grant_type=password
該分析的都分析好了,下面講一下兩種解決方案
方案一:
看鏈接可以發(fā)現(xiàn),不就是讓我們通過(guò)POST,傳入幾個(gè)參數(shù),加上身份驗(yàn)證嗎,那我們就直接給后臺(tái)想要的東西,將grant_type password和phoneNum直接拼到鏈接后面,然后設(shè)置
// self 是繼承自AFHTTPSessionManager,這個(gè)方法AFHTTPRequestSerializer類(lèi)有提供,設(shè)置header
[ self.requestSerializer setAuthorizationHeaderFieldWithUsername:@"iosClient" password:@"iosClient"];
這一步相當(dāng)于傳入身份驗(yàn)證的key給驗(yàn)證服務(wù)器
整個(gè)方法代碼如下
+ (void)AuthenticationWithPhoneNum:(NSString *)phoneNum password:(NSString *)password callBack:(void (^)(NSDictionary * result))success{
[ [CBNetworkManager sharedManager].requestSerializer setAuthorizationHeaderFieldWithUsername:@"iosClient" password:@"iosClient"];
[CBNetworkManager post_requestWithURLString:[NSString stringWithFormat:@" http://domain/uaa/oauth/token?grant_type=password&password=%@phoneNum=%@",password,phoneNum] parameters:nil progressBlock:^(float progress) {
} callBack:^(NSURLSessionTask *task, id response, NSError *error) {
if (error) {
NSLog(@"error == %@",error);
}
else {
NSLog(@"response == %@", response);
if ([response isKindOfClass:[NSDictionary class]]) {
NSDictionary * result = response;
success(result);
}
}
}];
}
這種方式,簡(jiǎn)單粗暴,效果好,見(jiàn)效快,但是如果后端比較嚴(yán)格, 篩選參數(shù)傳遞方式,是拼接,還是body,這個(gè)方法就不好使了.因此引入第二種方案
方案二:
引入AFOAuth2Manager 類(lèi),一個(gè)依托于A(yíng)FNetworking框架的一個(gè)擴(kuò)展模塊,就是為了解決OAuth2認(rèn)證機(jī)制開(kāi)發(fā)的模塊
關(guān)于這個(gè)類(lèi)的詳細(xì)介紹,請(qǐng)看這篇文章Auth2認(rèn)證
首先引入
AFOAuth2Manager框架, 導(dǎo)入#import <AFOAuth2Manager.h>,調(diào)用AFOAuth2Manager的身份驗(yàn)證方法
NSURL *baseURL = [NSURL URLWithString:@"http://example.com/"];
AFOAuth2Manager *OAuth2Manager =
[[AFOAuth2Manager alloc] initWithBaseURL:baseURL
clientID:kClientID
secret:kClientSecret];
[OAuth2Manager authenticateUsingOAuthWithURLString:@"/oauth/token"
username:@"username"
password:@"password"
scope:@"email"
success:^(AFOAuthCredential *credential) {
NSLog(@"Token: %@", credential.accessToken);
}
failure:^(NSError *error) {
NSLog(@"Error: %@", error);
}];
然后將我們獲取到的參數(shù),傳遞到這個(gè)方法里,直接進(jìn)行調(diào)用
+ (void)AuthenticationWithPhoneNum:(NSString *)phoneNum password:(NSString *)password callBack:(void (^)(NSDictionary * result))success{
NSURL *baseURL = [NSURL URLWithString:@" http://domain"];
AFOAuth2Manager *OAuth2Manager =
[[AFOAuth2Manager alloc] initWithBaseURL:baseURL
clientID:@"iosClient"
secret:@"iosClient"];
[OAuth2Manager authenticateUsingOAuthWithURLString:@"/uaa/oauth/token"
username:@"185565xxxxx"
password:@"123456"
scope:@""
success:^(AFOAuthCredential *credential) {
// 存儲(chǔ)access_token
NSLog(@"Token: %@", credential.accessToken);
}
failure:^(NSError *error) {
NSLog(@"Error: %@", error);
}];
}
注意: 這個(gè)地方注意兩個(gè)鏈接,在拼接的時(shí)候,會(huì)出現(xiàn)錯(cuò)誤,請(qǐng)留意請(qǐng)求鏈接是否完整,要小心!
在success回調(diào)方法里,就可以獲得我們要的access_token了. AFOAuth2Manager具體的源碼如下:
- (NSURLSessionTask *)authenticateUsingOAuthWithURLString:(NSString *)URLString
username:(NSString *)username
password:(NSString *)password
scope:(NSString *)scope
success:(void (^)(AFOAuthCredential * _Nonnull))success
failure:(void (^)(NSError * _Nonnull))failure {
NSParameterAssert(username);
NSParameterAssert(password);
NSMutableDictionary *parameters = [NSMutableDictionary dictionary];
[parameters setValue:kAFOAuthPasswordCredentialsGrantType forKey:@"grant_type"];
[parameters setValue:username forKey:@"username"];
[parameters setValue:password forKey:@"password"];
if (scope) {
[parameters setValue:scope forKey:@"scope"];
}
return [self authenticateUsingOAuthWithURLString:URLString parameters:parameters success:success failure:failure];
}
前面一直糾結(jié)的grant_type,其實(shí)是OAuth2約定的,所以就不用在參數(shù)中自己進(jìn)行設(shè)置,返回的AFOAuthCredential,里面就包含了我們要的access_token和refresh_token了.
有問(wèn)題歡迎請(qǐng)留言!
