使用 API Bearer Token 进行 HTTPS GET:使用 cURL,但不能使用 Python requests.get

问题描述 投票:0回答:1

当我使用 API 令牌在 https URL 上启动以下 cURL 命令时,我得到了预期的响应(存储中的文件列表):

curl -H "Authorization: Bearer <TOKEN>" "https://my_website.com:443/api/storage"

但是,当我在 Python 中尝试使用 

requests.get
时:

url = "https://my_website.com:443/api/storage"
token = "..."
headers = {'Authorization': f"Bearer {token}"}

resp = requests.get(url, headers=headers)
resp.json()

我遇到如下身份验证错误:

---------------------------------------------------------------------------
SSLCertVerificationError                  Traceback (most recent call last)
File c:\AnsysDev\Python311\Lib\site-packages\urllib3\connectionpool.py:467, in HTTPConnectionPool._make_request(self, conn, method, url, body, headers, retries, timeout, chunked, response_conn, preload_content, decode_content, enforce_content_length)
    466 try:
--> 467     self._validate_conn(conn)
    468 except (SocketTimeout, BaseSSLError) as e:

...

File c:\AnsysDev\Python311\Lib\site-packages\requests\adapters.py:517, in HTTPAdapter.send(self, request, stream, timeout, verify, cert, proxies)
    513         raise ProxyError(e, request=request)
    515     if isinstance(e.reason, _SSLError):
    516         # This branch is for urllib3 v1.22 and later.
--> 517         raise SSLError(e, request=request)
    519     raise ConnectionError(e, request=request)
    521 except ClosedPoolError as e:

SSLError: HTTPSConnectionPool(host='my_website.com', port=443): Max retries exceeded with url: /api/storage (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)')))

为什么行为不同?

我尝试添加参数 

allow_redirects=False
allow_redirects=True
(也是默认值),并且我尝试使用 
requests.Session
设置令牌(见下文),但它们都会导致相同的错误:

session = requests.Session()
session.headers.update(headers)
response = session.get(url)
response.json()
python curl https python-requests bearer-token
1个回答
0
投票

根据您对

requests.get
的调用的回溯,这似乎是认证验证错误(
SSLCertVerificationError
),可能是因为您网站中的认证使用自签名SSL证书(
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain
)。

要解决这个问题,你可以用参数调用

verify=False
:

resp = requests.get(url, headers=headers, verify=False)
resp.json()

然后您可能会看到警告:

InsecureRequestWarning: Unverified HTTPS request is being made to host 'my_website.com'. Adding certificate verification is strongly advised.

要禁用它,您可以使用

urllib3
中的以下命令:

import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

如果您想在通话级别禁用此警告,您可以这样做:

import urllib3
import warnings

import requests

url = "https://my_website.com:443/api/storage"
token = "..."
headers = {'Authorization': f"Bearer {token}"}

with warnings.catch_warnings():
    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
    resp = requests.get(url, headers=headers, verify=False)

json_data = resp.json()

相关问题:

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.