尝试使用 Delphi RESTClient 通过基于 token 的身份验证来使用/调用 NetSuite ReSTLet。我有一个有效的 Postman 请求,用于验证所需的所有授权参数。缺少一个参数 -realm - 当添加到代码中时,确实会更改从 NetSuite 端返回的错误消息,但仍然不会导致成功调用。
procedure TForm1.OAuth1Authenticator1Authenticate(ARequest: TCustomRESTRequest;
var ADone: Boolean);
begin
// XXXXXXX_RP is a NetSuite account number and environment
ARequest.AddAuthParameter('realm','XXXXXX_RP',pkQUERY);
end;
如果不添加realm(上面代码被注释掉)则返回的剩余内容为:
error code: USER_ERROR
error message: header is not NLAuth scheme [ OAuth oauth_consumer_key="fe8da7b31dccbd47e90e5dd5e641fe7b0cbff032a951b4058618c207caf569f8", oauth_nonce="c98fa9de2c601f45bdc8d5c640f1b3cf", oauth_signature_method="HMAC-SHA1", oauth_signature="PfCQE3A4DicTtCfpBEPmbSOmqNg%3D", oauth_timestamp="1568639138", oauth_token="a8190ba34e223f25b32cdb4837d9e1973b8fd6208804e93306f4618ccdb6d648", oauth_version="1.0" ]
添加领域后我仍然得到:
error code: INVALID_LOGIN_ATTEMPT
error message: Invalid login attempt.
有人使用 Delphi RESTClient 成功调用 NetSuite ReSTLet 吗?
更新:看起来它不支持使用可选的领域参数。手动添加它会将其添加到规范化参数列表中,以便在不应该进行签名时进行签名。我修改了TOAuth1SignatureMethod_HMAC_SHA1.BuildSignature在REST.Authenticator.OAuth跳过此参数(只是在一些代码周围添加了 if Lparam.Name <> 'realm' then begin .. end; block ),但仍然没有成功向 NetSuite 发出请求。阅读 https://oauth.net/core/1.0/ 后这样做了第 9.1.1 节。规范化请求参数:
The request parameters are collected, sorted and concatenated into a normalized string:
- Parameters in the OAuth HTTP Authorization header excluding the realm parameter.
- Parameters in the HTTP POST request body (with a content-type of application/x-www-form-urlencoded).
- HTTP GET parameters added to the URLs in the query part (as defined by [RFC3986] section 3).
最佳答案
最终通过 Indy 手动组装请求。下面是组装 AUTH header 的部分的副本,以及使用 Indy 的 IdHTTP 执行测试请求的代码。注意:Netsuite 帐号和 ID/ secret 仅供展示。
procedure TForm1.Button1Click(Sender: TObject);
Const
NETSUITE_ACCOUNT_ID = '4000000_RP';
BASE_URL = 'https://4000000-rp.restlets.api.netsuite.com/app/site/hosting/restlet.nl';
HTTP_METHOD = 'POST';
SCRIPT_ID = '331';
SCRIPT_DEPLOYMENT_ID = 'customdeploy_salesorderimport';
OAUTH_VERSION = '1.0';
TOKEN_ID = 'a8190ba34e223f25b3267843437d9e1973b8fd6208804e93306f4618ccdb6d648';
TOKEN_SECRET = 'ecb5321eaf832714828ede7f920320b942ad6b2d4221da3b12496f389d68e1c4';
CONSUMER_KEY = 'fe8da7c2cbd47e90e5dd5e6415fe7b0cbff2032a5951b4058618c07c7af569f8';
CONSUMER_SECRET = '848cae6150a651ecbc6975656f4b92ca08d7c27c829185cf98e7a0a30c24dbc2';
Var
OAUTH_NONCE,TIME_STAMP,STRING2SIGN : string;
oauth_signature, oauth, BaseURL : string;
JSONValue : TJsonValue;
begin
OAUTH_NONCE := THashMD5.GetHashString(IntToStr(DateTimeToUnix(TTimeZone.Local.ToUniversalTime(Now))) + IntToStr(Random(MAXINT)));
TIME_STAMP := IntToStr(DateTimeToUnix(TTimeZone.Local.ToUniversalTime(Now)));
// These are in alphabetical order - required by signing
STRING2SIGN := '';
STRING2SIGN := STRING2SIGN + 'deploy=' + SCRIPT_DEPLOYMENT_ID + '&';
STRING2SIGN := STRING2SIGN + 'oauth_consumer_key=' + CONSUMER_KEY + '&';
STRING2SIGN := STRING2SIGN + 'oauth_nonce=' + OAUTH_NONCE + '&';
STRING2SIGN := STRING2SIGN + 'oauth_signature_method=' + 'HMAC-SHA256' + '&';
STRING2SIGN := STRING2SIGN + 'oauth_timestamp=' + TIME_STAMP + '&';
STRING2SIGN := STRING2SIGN + 'oauth_token=' + TOKEN_ID + '&';
STRING2SIGN := STRING2SIGN + 'oauth_version=' + OAUTH_VERSION + '&';
STRING2SIGN := STRING2SIGN + 'script=' + SCRIPT_ID;
STRING2SIGN := URIEncode(STRING2SIGN);
STRING2SIGN := HTTP_METHOD + '&' + URIEncode(BASE_URL) + '&' + STRING2SIGN;
oauth_signature := URIEncode(TNetEncoding.Base64.EncodeBytesToString(THashSHA2.GetHMACAsBytes(STRING2SIGN, CONSUMER_SECRET + '&' + TOKEN_SECRET)));
oauth :='OAuth oauth_signature="' + oauth_signature + '",';
oauth := oauth + 'oauth_version="' + OAUTH_VERSION + '",';
oauth := oauth + 'oauth_nonce="' + OAUTH_NONCE + '",';
oauth := oauth + 'oauth_signature_method="HMAC-SHA256",';
oauth := oauth + 'oauth_consumer_key="' + CONSUMER_KEY + '",';
oauth := oauth + 'oauth_token="' + TOKEN_ID + '",';
oauth := oauth + 'oauth_timestamp="' + TIME_STAMP + '",';
oauth := oauth + 'realm="' + NETSUITE_ACCOUNT_ID + '"';
BaseURL := BASE_URL + '?script=' + SCRIPT_ID + '&deploy=' + SCRIPT_DEPLOYMENT_ID;
IdHTTP1.Request.CustomHeaders.FoldLines := false;
IdHTTP1.Request.Accept := 'application/json, text/javascript, */*; q=0.01';
IdHTTP1.Request.ContentType := 'application/json';
IdHTTP1.Request.CustomHeaders.Values['Authorization'] := oauth;
try
memo1.Text := idhttp1.Post(BaseURL,'C:\Users\bevans\Documents\Json.txt');
JSONValue := TJSonObject.ParseJSONValue(memo1.Text);
SynEdit1.Text := JSonValue.Format;
finally
JSonValue.Free;
end;
注意:代码已更新为使用 SHA256 而不是 SHA1 进行 OAUTH 签名。 NetSuite 已发出通知,他们将在 NetSuite 版本 2021.2 中要求这样做。
关于Delphi TOAuth1Authenticator如何设置Realm,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57957730/