Ebay OAuth客户端凭证令牌请求遇invalid_scope错误,无scope获取令牌后调用Browse API报403权限不足的问题求助
我严格按照Ebay文档操作,卡在这个问题上好长时间了。客户端凭证模式的访问令牌只列了一个scope,我确认已经做了正确的URL编码,但每次请求都会报错:"scope invalid, unknown, malformed, or exceeds the scope granted to the client."
如果我去掉scope参数,确实能拿到访问令牌(但和我在API Explorer手动获取的令牌不一样)。有人说这么做不行,因为没有附加scope,Ebay AI一开始也这么说,但后来又改口了。我查了Ebay文档,发现只有用户授权模式才会在省略scope时使用预设列表,客户端凭证模式并不适用。我只需要调用Browse API获取全局公开数据,而文档里针对这个场景只列了一个scope。
Base64编码的客户端凭证应该是没问题的,不然根本拿不到令牌。我实在搞不懂,为什么用文档里唯一指定的、URL编码后的scope会报错。
后来从Ebay AI和其他渠道看到,因为我要获取的是全局非个人数据,不属于敏感数据,有提到“应用访问令牌本身就内置了调用Ebay接口的权限”。AI说客户端凭证模式请求令牌时不需要加scope,而且就算加了也不该报错,但实际情况是一加就失败。
现在更头疼的是:不加scope能拿到令牌,但用这个令牌调用Browse API的item_summary/search接口时,会返回403错误,错误ID 1100:"insufficient permission to fulfill request"。
现在我陷入了死循环:加scope,令牌请求失败;不加scope,令牌拿到了但调用接口权限不足。有没有人能帮我分析下问题出在哪?
我的代码如下:
import urllib.parse import requests import json import base64 client_id = 'St.......98c' client_secret = 'PRD..........c565' credentials = f"{client_id}:{client_secret}" encoded_credentials = base64.b64encode(credentials.encode('utf-8')).decode('utf-8') authorisation = f'Basic {encoded_credentials}' url = f"https://api.ebay.com/identity/v1/oauth2/token" headers_list = { "Content-Type":"application/x-www-form-urlencoded", "Authorization":authorisation } # Ebay AI says scope is not needed for global data due to it not being personal. This is also mentioned in documentation. #url_scope = urllib.parse.quote(scope,safe="") #url_scope = 'https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope' payload_data = { 'grant_type' : 'client_credentials', #'scope':url_scope } response = requests.post(url, headers=headers_list, data=payload_data) if response.status_code == 200: access_token = response.json()["access_token"] print("Access Token:", access_token) else: print("Error fetching access token:", response.text) get_url = "https://api.ebay.com/buy/browse/v1/item_summary/search?q=drone&limit=3" #Keep it simple to test get_authorisation = f"Bearer {access_token}" print(get_authorisation) #quit() get_headers = { "Authorization" : get_authorisation, "Content-Type" : "application/json", "X-EBAY-C-MARKETPLACE-ID": "EBAY_GB" } get_response = requests.get(get_url,headers=get_headers) #,params=get_params if get_response.status_code == 200: return_data = get_response.json() print("Return Data:", return_data) else: print("Error fetching data:", get_response.text) print(get_response)
备注:内容来源于stack exchange,提问作者Steve Holding
