我通过测试API跟随https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Resource-Owner-Password-Credentials-flow页面
curl -F grant_type=password \
-F [email protected] \
-F password=mypass \
-X POST http://localhost:3000/oauth/token
我得到了回应:
{“access_token”:“6d4398b75d94835631a453af770161a6f58618b101b58ccf62a5a8492bce3440”,“token_type”:“bearer”,“expires_in”:600,“refresh_token”:“” c1445d0a27a8278268c1187c2138d3160d3d3d3d3d3d3d3d3d3f3d3df3e3e3e3e3d0f0e3d3d8c3d3dfdfd3d
但是当我用/ oauth / author调用时:
curl -F response_type=6d4398b75d94835631a453af770161a6f58618b101b58ccf62a5a8492bce3440 \-F client_id=9c291dc4aa87bfafd6c6a4cf6930d225c106f8fe88e1d0769832047f1ee011c4 \-F client_secret=decba5aca425095978d33653ef03d654f0b74427bcec0596bdde518016708c35 \-F redirect_uri=urn:ietf:wg:oauth:2.0:oob \-F [email protected] \-X POST http://localhost:3000/oauth/authorize
但是我得到了:
在2015-04-25 00:30:05 -0300开始为127.0.0.1发布POST“/ oauth / authorize”
由Doorkeeper::AuthorizationsController#create处理为/
参数:{“response_type” =>“6d4398b75d94835631a453af770161a6f58618b101b58ccf62a5a8492bce3440”,“client_id” =>“9c291dc4aa87bfafd6c6a4cf6930d225c225f106c8f88e1d076” t“” =“ur” _n“”“,“username” =>“[email protected]”}
无法验证CSRF令牌的真实性
1毫秒内完成422个不可处理实体
ActionController::InvalidAuthenticityToken(ActionController::InvalidAuthenticityToken):
...
我究竟做错了什么?
最佳答案
如果您仅使用API,我想您可以通过添加以下代码,在环境文件(test / developpement / production.rb)中将其关闭:config.action_controller.allow_forgery_protection = false'
干杯!