773 Star 1.5K Fork 351

开源中国 / Gitee Feedback

 / 详情

码云的第三方应用在获取Token时服务端响应状态403是什么情况?

结束任务
Task
创建于  
2017-05-27 10:07

现象描述

正常授权并重定向,获取到code后调用:

http://git.oschina.net/oauth/token?grant_type=authorization_code&code={code}....接口时状态为403

码云用户创建的第三方应用需要审核才能正常访问吗?

评论 (40)

有理想的鱼 创建了任务

@有理想的鱼

我这里是ok的,你把url信息贴完整看看

输入图片说明

@maxiaoqian

我已正确获取到code参数,但不论是GET还是POST方式去请求token都是403状态,截图如下:

输入图片说明

输入图片说明

@有理想的鱼

通过API页面,右边的申请授权可以拿到access_token吗?

  • 另外:可以把上面的完整url,复制黏贴出来吗,上面这样看不清楚 :smile:

输入图片说明

@maxiaoqian

在API页面申请授权可以拿到access_token。

  • POST /oauth/token?
"code=0c17e73d9981ad089605a8c5486610d515e6b8ebf9854836c5513ba869303561&grant_type=authorization_code&client_secret=7ad4df2bd7d934a0a0473f5bf218f49db9148df70f20d995bd42691163c69cfc&redirect_uri=http%3A%2F%2Fopen.ymate.net%2Foauth2%2Fconnect%2Fgitosc%2Fredirect%3Fredirect_url%3Dhttp%253A%252F%252Fopen.ymate.net%252Fdashboard&client_id=5560b64be03c1a7546b741529c3541fc61ff560a4f8ce1ef8c69c36294b496c5"

@有理想的鱼

同样的请求,显示是401,401的话你需要重新获取code(可以直接通过页面点击模拟请求获取code)然后post得到access_token, 你再试试看?

输入图片说明

@maxiaoqian

模拟请求也是一样响应403状态,以下是点击模拟请求后,我的服务端接收到的日志输出:

2017-05-27 10:36:28.639[DEBUG][35:net.ymate.platform.webmvc.WebMVC.processRequest:203] --> [35] Process request start: GET:/oauth2/connect/gitosc/redirect
2017-05-27 10:36:28.639[DEBUG][35:net.ymate.platform.webmvc.WebMVC.processRequest:204] --- [35] Parameters: {"code":["a842ea88a9649db740df80b15dd340a84340e8db8b0d7644fd1dc0d7cf1aea74"]}
2017-05-27 10:36:28.640[DEBUG][35:net.ymate.platform.webmvc.WebMVC.processRequest:211] --- [35] Request mode: controller
2017-05-27 10:36:28.655[DEBUG][35:org.apache.http.client.protocol.RequestAddCookies.process:122] CookieSpec selected: best-match
2017-05-27 10:36:28.655[DEBUG][35:org.apache.http.client.protocol.RequestAuthCache.process:75] Auth cache not set in the context
2017-05-27 10:36:28.656[DEBUG][35:org.apache.http.impl.conn.PoolingHttpClientConnectionManager.requestConnection:219] Connection request: [route: {}->http://git.oschina.net:80][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
2017-05-27 10:36:28.656[DEBUG][35:org.apache.http.impl.conn.PoolingHttpClientConnectionManager.leaseConnection:250] Connection leased: [id: 2][route: {}->http://git.oschina.net:80][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
2017-05-27 10:36:28.657[DEBUG][35:org.apache.http.impl.execchain.MainClientExec.execute:217] Opening connection {}->http://git.oschina.net:80
2017-05-27 10:36:28.658[DEBUG][35:org.apache.http.impl.conn.HttpClientConnectionOperator.connect:122] Connecting to git.oschina.net/116.211.167.14:80
2017-05-27 10:36:28.681[DEBUG][35:org.apache.http.impl.conn.HttpClientConnectionOperator.connect:129] Connection established 101.200.209.46:34956<->116.211.167.14:80
2017-05-27 10:36:28.682[DEBUG][35:org.apache.http.impl.execchain.MainClientExec.execute:238] Executing request POST /oauth/token? HTTP/1.1
2017-05-27 10:36:28.682[DEBUG][35:org.apache.http.impl.execchain.MainClientExec.execute:243] Target auth state: UNCHALLENGED
2017-05-27 10:36:28.683[DEBUG][35:org.apache.http.impl.execchain.MainClientExec.execute:249] Proxy auth state: UNCHALLENGED
2017-05-27 10:36:28.683[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onRequestSubmitted:124] http-outgoing-2 >> POST /oauth/token? HTTP/1.1
2017-05-27 10:36:28.683[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onRequestSubmitted:127] http-outgoing-2 >> Content-Length: 333
2017-05-27 10:36:28.684[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onRequestSubmitted:127] http-outgoing-2 >> Content-Type: application/x-www-form-urlencoded
2017-05-27 10:36:28.684[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onRequestSubmitted:127] http-outgoing-2 >> Content-Encoding: UTF-8
2017-05-27 10:36:28.685[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onRequestSubmitted:127] http-outgoing-2 >> Host: git.oschina.net
2017-05-27 10:36:28.685[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onRequestSubmitted:127] http-outgoing-2 >> Connection: Keep-Alive
2017-05-27 10:36:28.686[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onRequestSubmitted:127] http-outgoing-2 >> User-Agent: Apache-HttpClient/4.3.6 (java 1.5)
2017-05-27 10:36:28.686[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onRequestSubmitted:127] http-outgoing-2 >> Accept-Encoding: gzip,deflate
2017-05-27 10:36:28.687[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 >> "POST /oauth/token? HTTP/1.1[\r][\n]"
2017-05-27 10:36:28.687[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 >> "Content-Length: 333[\r][\n]"
2017-05-27 10:36:28.687[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
2017-05-27 10:36:28.688[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 >> "Content-Encoding: UTF-8[\r][\n]"
2017-05-27 10:36:28.688[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 >> "Host: git.oschina.net[\r][\n]"
2017-05-27 10:36:28.689[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 >> "Connection: Keep-Alive[\r][\n]"
2017-05-27 10:36:28.689[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 >> "User-Agent: Apache-HttpClient/4.3.6 (java 1.5)[\r][\n]"
2017-05-27 10:36:28.689[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 >> "Accept-Encoding: gzip,deflate[\r][\n]"
2017-05-27 10:36:28.689[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 >> "[\r][\n]"
2017-05-27 10:36:28.690[DEBUG][35:org.apache.http.impl.conn.Wire.wire:86] http-outgoing-2 >> "code=a842ea88a9649db740df80b15dd340a84340e8db8b0d7644fd1dc0d7cf1aea74&grant_type=authorization_code&client_secret=7ad4df2bd7d934a0a0473f5bf218f49db9148df70f20d995bd42691163c69cfc&redirect_uri=http%3A%2F%2Fopen.ymate.net%2Foauth2%2Fconnect%2Fgitosc%2Fredirect&client_id=5560b64be03c1a7546b741529c3541fc61ff560a4f8ce1ef8c69c36294b496c5"
2017-05-27 10:36:28.729[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "HTTP/1.1 403 Forbidden[\r][\n]"
2017-05-27 10:36:28.733[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "Date: Sat, 27 May 2017 03:01:32 GMT[\r][\n]"
2017-05-27 10:36:28.733[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "Content-Type: text/html[\r][\n]"
2017-05-27 10:36:28.735[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "Content-Length: 417[\r][\n]"
2017-05-27 10:36:28.735[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "Connection: keep-alive[\r][\n]"
2017-05-27 10:36:28.736[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "Set-Cookie: aliyungf_tc=AQAAAICrgS5Neg0ALtHIZa+7rotg8OT2; Path=/; HttpOnly[\r][\n]"
2017-05-27 10:36:28.736[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "Server: nginx[\r][\n]"
2017-05-27 10:36:28.740[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "ETag: "55b0a6c2-1a1"[\r][\n]"
2017-05-27 10:36:28.740[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "[\r][\n]"
2017-05-27 10:36:28.740[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "<!DOCTYPE html>[\n]"
2017-05-27 10:36:28.741[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "<html>[\n]"
2017-05-27 10:36:28.741[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "<head>[\n]"
2017-05-27 10:36:28.741[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>[\n]"
2017-05-27 10:36:28.742[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "    <title>[0xe6][0x82][0xa8][0xe7][0x9a][0x84][0xe8][0xae][0xbf][0xe9][0x97][0xae][0xe5][0x8f][0x97][0xe9][0x99][0x90] (403)</title>[\n]"
2017-05-27 10:36:28.742[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "    <link href="/static.css" media="screen" rel="stylesheet" type="text/css" />[\n]"
2017-05-27 10:36:28.742[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "</head>[\n]"
2017-05-27 10:36:28.743[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "[\n]"
2017-05-27 10:36:28.743[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "<body>[\n]"
2017-05-27 10:36:28.743[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "<h1>403</h1>[\n]"
2017-05-27 10:36:28.744[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "<h3>[0xe6][0x9c][0x8d][0xe5][0x8a][0xa1][0xe5][0x99][0xa8][0xe6][0x8b][0x92][0xe7][0xbb][0x9d][0xe5][0xa4][0x84][0xe7][0x90][0x86][0xe6][0x82][0xa8][0xe7][0x9a][0x84][0xe8][0xaf][0xb7][0xe6][0xb1][0x82][0xe3][0x80][0x82]</h3>[\n]"
2017-05-27 10:36:28.746[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "<hr/>[\n]"
2017-05-27 10:36:28.747[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "<p>[0xe6][0x82][0xa8][0xe5][0x8f][0xaf][0xe8][0x83][0xbd][0xe6][0xb2][0xa1][0xe6][0x9c][0x89][0xe8][0xae][0xbf][0xe9][0x97][0xae][0xe6][0xad][0xa4][0xe6][0x93][0x8d][0xe4][0xbd][0x9c][0xe7][0x9a][0x84][0xe6][0x9d][0x83][0xe9][0x99][0x90][0xef][0xbc][0x8c] <a href="/">[0xe7][0x82][0xb9][0xe5][0x87][0xbb][0xe8][0xbf][0x99][0xe9][0x87][0x8c]</a> [0xe5][0x9b][0x9e][0xe5][0x88][0xb0][0xe9][0xa6][0x96][0xe9][0xa1][0xb5].</p>[\n]"
2017-05-27 10:36:28.747[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "</body>[\n]"
2017-05-27 10:36:28.747[DEBUG][35:org.apache.http.impl.conn.Wire.wire:72] http-outgoing-2 << "</html>[\n]"
2017-05-27 10:36:28.748[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onResponseReceived:113] http-outgoing-2 << HTTP/1.1 403 Forbidden
2017-05-27 10:36:28.749[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onResponseReceived:116] http-outgoing-2 << Date: Sat, 27 May 2017 03:01:32 GMT
2017-05-27 10:36:28.750[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onResponseReceived:116] http-outgoing-2 << Content-Type: text/html
2017-05-27 10:36:28.750[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onResponseReceived:116] http-outgoing-2 << Content-Length: 417
2017-05-27 10:36:28.751[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onResponseReceived:116] http-outgoing-2 << Connection: keep-alive
2017-05-27 10:36:28.751[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onResponseReceived:116] http-outgoing-2 << Set-Cookie: aliyungf_tc=AQAAAICrgS5Neg0ALtHIZa+7rotg8OT2; Path=/; HttpOnly
2017-05-27 10:36:28.752[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onResponseReceived:116] http-outgoing-2 << Server: nginx
2017-05-27 10:36:28.753[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.onResponseReceived:116] http-outgoing-2 << ETag: "55b0a6c2-1a1"
2017-05-27 10:36:28.753[DEBUG][35:org.apache.http.impl.execchain.MainClientExec.execute:267] Connection can be kept alive indefinitely
2017-05-27 10:36:28.754[DEBUG][35:org.apache.http.client.protocol.ResponseProcessCookies.processCookies:117] Cookie accepted [aliyungf_tc="AQAAAICrgS5Neg0ALtHIZa+7rotg8OT2", version:0, domain:git.oschina.net, path:/, expiry:null]
2017-05-27 10:36:28.755[DEBUG][35:org.apache.http.impl.conn.PoolingHttpClientConnectionManager.releaseConnection:281] Connection [id: 2][route: {}->http://git.oschina.net:80] can be kept alive indefinitely
2017-05-27 10:36:28.756[DEBUG][35:org.apache.http.impl.conn.PoolingHttpClientConnectionManager.releaseConnection:287] Connection released: [id: 2][route: {}->http://git.oschina.net:80][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
2017-05-27 10:36:28.756[DEBUG][35:org.apache.http.impl.conn.PoolingHttpClientConnectionManager.shutdown:351] Connection manager is shutting down
2017-05-27 10:36:28.757[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.close:79] http-outgoing-2: Close connection
2017-05-27 10:36:28.757[DEBUG][35:org.apache.http.impl.conn.LoggingManagedHttpClientConnection.close:79] http-outgoing-2: Close connection
2017-05-27 10:36:28.758[DEBUG][35:org.apache.http.impl.conn.PoolingHttpClientConnectionManager.shutdown:357] Connection manager shut down
2017-05-27 10:36:28.759[DEBUG][35:net.ymate.platform.webmvc.WebMVC.processRequest:447] --- [35] Total execution time: 121ms

@有理想的鱼

不好意思啊,我这边没有重现,等我们开发看看吧

@maxiaoqian

好的,目前调用码云的授权服务就是403,另外开源中国的开放API授权接口也同样是403状态,不知道是什么原因,也请一并协助一下,3q!

@有理想的鱼

我们这边测试是没问题的。如果osc主站跟码云都403。是不是有可能是你程序的问题呢?

顺便能解释一下数组里面的是啥意思呢?

输入图片说明

@frech

下图是上面数组转换为字符串后的内容:服务器拒绝处理您的请求。

输入图片说明

我感觉你们封了我们域名

@Zoker

我用的是阿里云,防火墙是默认未进行任何设置,以下是ping结果:

输入图片说明

@frech @Zoker

请求API接口时,HTTP请求头有什么需要特别设置的吗?为什么这个回应不是JSON格式,而是HTML页面呢?另外会不会和我在osc主站申请的OAuth2应用未审核有关联呢?

@frech

403状态是我请求码云或OSC主站的API接口时得到的响应结果,若是我这边封了域名,应该无法访问到也接收不到任何响应才对。

不审核也可以使用啊

我这边看日志确实有请求

Apache-HttpClient/4.3.6 (java 1.5) 这个UA请求的返回403

PostmanRuntime/3.0.11-hotfix.2 这个UA请求的返回404

@Zoker

那是我的请求参数存在问题吗?

@有理想的鱼 你不带header试下?程序用的是啥框架?能获取code那跟网络应该是没问题的。

@frech

用的基于Java的YMP框架,使用Apache-HttpClient-4.3.6发启的API接口请求,没有添加其它请求头,以下是请求发送时的请求头信息:

Content-Length: 333
Content-Type: application/x-www-form-urlencoded
Content-Encoding: UTF-8
Host: git.oschina.net
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.3.6 (java 1.5)
Accept-Encoding: gzip,deflate

应该与框架无关,这个模块已经可以正常调用:百度、QQ、微博等的第三方授权,其API调用和处理方式基本相同,仅是URL地址的不同而已,现在就卡在了OSC和码云这里了 :joy:

模块项目URL地址:

https://git.oschina.net/suninformation/ymate-module-oauth-connector

@有理想的鱼 这就尴尬了~研究研究 :cry:

@有理想的鱼 你把User-Agent设置为: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 试试??

@maxiaoqian @frech @Zoker

感谢各位大力协助,通过重新设置User-Agent,现在码云和OSC主站的OAuth2服务均已成功访问。

代码已提交至码云,有兴趣的朋友可以瞧瞧~~!

https://git.oschina.net/suninformation/ymate-module-oauth-connector

maxiaoqian 关闭了任务

@马晓倩.git输入图片说明
请教一下这个401是 什么问题啊,是用的httpClient去请求access_token

@致自己 你再确认下参数,code,redirect_uri是否正确

我用postman是OK的

输入图片说明
输入图片说明

输入图片说明

返回 401,确定参数没错

知道原因了,redirect_url要与应用回调地址一致才行

厉害了 @独孤影 :smirk: 打算做啥应用呢?要不要给你推一波呀 :smirk:

@Yashin 随便搞得玩的,八字还没一撇呢 :satisfied:

@独孤影 我也出现401了,可以用localhost这样的回调地址吗?测试用

有没有人遇到,使用正常的token访问码云,获取仓库/分支列表总是时不时报403咋回事

@luomin207 403是没权限。具体什么问题请在 https://gitee.com/oschina/git-osc/issues 新建issue详细描述。

问下调用refresh_token的时候返回40是什么问题?

@demon-test-123

  1. 请确保post请求
  2. 请正确填写refresh_token,这个是在之前返回access_token的时候返回的。

输入图片说明

@frech 是post请求,也是之前的refresh_token

@子涵 你这个已经refresh过了。得用新的返回的refresh_token来refresh。如下图

输入图片说明

诺墨 任务状态已完成 修改为已验收
诺墨 将工作项从 任务 迁移到 Task
诺墨 任务类型任务 修改为Task
诺墨 任务状态已验收 修改为结束任务

登录 后才可以发表评论

状态
负责人
项目
Pull Requests
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
开始日期   -   截止日期
-
置顶选项
优先级
预计工期 (小时)
参与者(10)
341631 maxiaoqian 1578920636 10397 suninformation 1578914701 905323 frech 1578935509 62561 kesin 1578916009 832 duguying2008 1578913886 58426 yashin 1578915792 2042758 cangjingge 1578964923
Ruby
1
https://gitee.com/oschina/git-osc.git
git@gitee.com:oschina/git-osc.git
oschina
git-osc
Gitee Feedback

搜索帮助

14c37bed 8189591 565d56ea 8189591