Authorization signature and SDK


Login authorization related

@
1. What is authorization and how to authorize?
The so-called authorization means obtaining the Access Token. Once the application obtains the Access Token, it means that it has obtained the user's authorization and can request the user's private information (such as products, orders, etc.) from TOP (open platform) on behalf of the user. The Access Token here (Oauth2.0 protocol, which is the default protocol for current applications) is the SessionKey obtained during the original "TOP Authorization Protocol". For detailed methods of obtaining authorization, please click here Reference

2. Access Token (SessionKey) is only valid for 24 hours. How to increase it?
During the formal environment testing phase of the "Online Ordering" application, the Access Token validity period is fixed for 24 hours and cannot be increased. Re-authorization is required after expiration; after the application is launched (subject to review), the Access Token validity period will be automatically increased (and subscription The validity period of each application authorization is as follows:

After the application is online, the user If you subscribe for 1 year, the Access Token will be valid for 1 year. For more detailed instructions, please refer to ## Shop module front desk No session No session## Store module backend New Business

@
3. Authorization error: application callback can not match the redirect_uri (error code: invalid_client), what is the reason?
The uri value in the request URL during authorization is inconsistent with the application callback address. Just modify the uri and the callback address to be consistent

4. Authorization 1001 error (this application does not allow the current user access, as shown in the figure below), how to solve it?

This error is that the user authorized for the application is not in the application authorization list. Log in to the "Authorization Management" page of the open platform application and bind the user who needs to be authorized. Only applications that are authorized to be used by a small number of people need to be set up (such as merchant backend systems, online ordering applications that are not online).

Tag name## Formal test environment Online and running Remarks
Online ordering application 24 hours Ordering time bindinghere
xTao cooperative website 24 hours 24 hours
Merchant backend system 24 hours 1 year
24 hours Ordering time binding
24 hours 1 year
T1FKdYFslmXXb1upjX.jpg


5. When using code to obtain Access Token, the following error is reported. How to deal with it?
"error": "invalid_client", "error_description": "authorize code qexkqiJRNXJXEPTjPTWYYsK5486529 invalidate,please authorize again."
The code obtained from the callback address after authorization can only be used once. If it is used repeatedly, Report this error. Just re-authorize or code and try again

6. How does the program determine the expiration time of the authorization (Access Token)?
The application can record the user authorization time, and then combine it with expires_in (Access Token validity time, in seconds) returned when obtaining the Access Token to determine.

7. How does the application support sub-account authorization?
1) Check "Support Taobao sub-account login authorization" on the application authorization management page; 2) Authorize the application with the main account; 3) Log in to the seller center with the main account and grant application permissions to the sub-account

8. After the online ordering application is launched and the user orders, what operations does the application itself need to do, or how to determine the version information ordered by the user?
After the user (seller) orders, he can see the application in the service I purchased. Click "Use Now" to enter the authorization page (the system automatically completes it. The difference from the formal environment is that the formal environment requires authorization. URL for users to access), after user authorization, TOP will return the CODE parameter to the callback address. ISV uses this parameter to obtain the seller's nick and other information using POST method (refer to here for details). Then call the service platform API (click here to view) to determine the length of time the user has ordered, what kind of package, etc., and then the application will grant the corresponding permissions.

Supplement: When a user visits for the first time (enter from "Seller Center - My Purchased Services"), an authorization page will pop up. After authorization, return CODE to the application and obtain a nick based on it to determine the user's identity. Although the authorization page did not pop up when accessing the application for the second and third time after this, the CODE will still return to the callback address.

9. There are 3 Taobao stores, and now you need to open one Under the application, the product information of three stores can be obtained. Using Taobao taobao.items.inventory.get sessionkey can only obtain the product information of one store. How to deal with this situation?
Obtain the session keys of three stores respectively. For the method of obtaining, please refer to //open.taobao.com/doc/detail.htm?id=101423. After obtaining, refer to the following example to obtain product information:
For example, store A has appkey (888), and now I want to use taobao.items.inventory.get to get the products of store B.
A) When fetching store A's products, store A authorizes 888 and obtains sessionkeyA, and then passes it to sessionkeyA when calling the API to obtain store A's products.
B) When retrieving products from store B, store B authorizes 888 and obtains sessionkeyB. Then when calling the API, pass sessionkeyB to obtain store B's authorization.

10. Common authorization errors and instructions

##redirect_urigrant type is empty grant type##authorize code is empty##Application xxx need purchaseMust be ordered before use##User login failurelogin sign failureWireless login signature verification failedtaobao staff can't accreditTaobao staff can't accredit

Error message

Error reason

##request method must be get/post

The request must use the GET or POST method

client_id is empty

client_id(ieappkey)Can not be empty

response_type is empty

##response_typecannot be empty

##redirect_uri is empty

Cannot be empty

cannot be empty

authorize codecannot be empty

unsupported response type ,

the response type must code or token

## The value of response type must be codeortoken

##redirect_uri is invalidate

redirect_uri

is inconsistent with the callback address registered in the Developer Center

the grant type unsupported

grant typeInvalid value

##authorize reject

User refuses authorization

##authorize code expire

authorize code

Invalid,Please re-authorize

authorize code xxxx invalidate,please authorize again.

authorize code

Invalidate,Please re-authorize

client_secret is invalidate

app secretVerification failed

##xss chars included in params, such as <, >, ', "

The request parameters contain the following characters: <, >, ', "

##The Application already Bind with user ids:xxx

The authorized user is not

In the Developer Center"Authorization Management"Page Binding

Can not find the client_id:xxxxx

##client_id(That isappkey) does not exist

##Application need publish

Only the status is

"Formal environment test"and"Online and running" applications are allowed to be authorized

app call back is invalidate

The application call back address is invalid

##application callback can not match the redirect_uri

redirect_uri Does not match the pre-configured callback address

##only support http or https

Callback

URL only supports https or httpprotocol

application in black list,access forbidden.

appExists in the blacklist

The application don't need session

This application does not require session key, no need to refreshsession key

session key num is larger than xx

validsession keynumber exceeds The upper limit

is set in the authorization management in the console.

userid is invalidate

##userId Does not exist

##login failure

subuser can't access

The application does not support sub-account access

parent account forbid this sub account to access app.

parent The account does not authorize this sub-account to access the application

parent account forbidden

The parent account is not authorized or the authorization has expired

refresh token is empty

refresh token is empty

refresh token is error:xxxx

##refresh token The content is incorrect and parsing failed

refresh token is invalid

refresh tokenhas expired

##refresh times limit exceed

The number of refreshes exceeds the upper limit. One

session key can be refreshed at most 60 times

session expire

The current session has expired. The user's browser may have been paused for too long and has timed out.

## OAUTH SERVER ERROR:xxxxx

Internal system error, please try again

Iossdk params is lack

Missingios sdkProtocol parameters

iossdk track_id is invalid

ios sdkProtocol parameterstrack idVerification failed. It is recommended to checkapp secret

iossdk params check failed

ios sdkProtocol parameters Verification failed

Signature SDK related

@
1. What is a signature and how to generate it?
Reference document //open.taobao.com/doc/detail.htm?id=101617 (Part 1 related to sign)

2. Call the api to report "Invalid signature" Error, why?
1) AppSecret error, such as entering the wrong AppSecret or the AppSecret has been reset
2) The parameters when generating the signature are inconsistent with the parameters during the http request, causing an error.
3) The signature method is wrong. It is recommended to refer to the sample code //open.taobao.com/doc/detail.htm?id=112 provided by us.

3. What is the function of sdk and how to download it?
The SDK of Taobao Open Platform is a code package automatically generated by the program, which contains the open API and the corresponding request, encryption, return analysis and other necessary functions. Log in to the "Developer Center" and download it through the application certificate page (select the SDK corresponding to the permission when downloading). For details, please refer to //open.taobao.com/doc/detail.htm?id=101618

4. Appkey has API calling permission. Why does the downloaded SDK not contain the corresponding class?
When downloading the sdk, the "sdk corresponding to the permissions" was not selected. As a result, enter the certificate page and re-download


5. How to set the return data format in java sdk; and whether the sdk Support custom interface methods?
TaobaoClient client = new DefaultTaobaoClient () Add xml or json in the brackets here to specify; custom interface is not supported

FAQ

  • About this document for the time being No FAQ
yet