问题
I am trying to call bitbucket's api using 2-legged oauth authentication.
I call
https://bitbucket.org/!api/1.0/oauth/request_token
with my oauth secret and key and get the following:
oauth_token_secret=<token_secret>&oauth_token=<token>&oauth_callback_confirmed=true
How can I use this to call an api function, such as
https://bitbucket.org/api/1.0/user
回答1:
After you have received accesstoken & secret, when you send the request add a (Authorization) Header as,
Authorization: OAuth oauth_consumer_key="<YourKey>",oauth_signature_method="HMAC-SHA1",oauth_timestamp="<TIMESTAMP>",oauth_nonce="2694561796",oauth_version="1.0",oauth_signature="<Signature>"
where,
TIMESTAMP= current epoch (ms) oauth_nonce random number
Important thing is oauth_signature
Read through here on how to generate,
Oauth 1.0 Signature
Signature has to be precalculated before sending the request. And this will do it.
To test it you can tryout it here, Apigee Bitbucket API Console
PS: Its weird that Bit Bucket uses OAuth 1.0, well known for its vulnerabilities.
Session Fixation Attack
来源:https://stackoverflow.com/questions/17559351/call-bitbucket-rest-api-using-2leg-oauth-token