HTTP请求的OAuth [英] http OAuth request

问题描述

我是新来的网络programming.I想使基于OAuth的1.0 Dropbox的POST请求。 以下是用来做后request.Is的$ C $词是如何，我该怎么办呢？

  HttpPost httpPost;
            Log.d（HTTP，EXEC）;
            httpPost =新HttpPost（https://api.dropbox.com/1/shares/dropbox/a.jpg）;
            Log.d（HTTP，执行）;

            尝试 {
                名单＆LT;的NameValuePair＆GT; namevaluepairs中=新的ArrayList＆LT;的NameValuePair＆GT;（9）;
                nameValuePairs.add（新BasicNameValuePair（oauth_consumer_key，2f2y1dyuqhp58ek））;
                nameValuePairs.add（新BasicNameValuePair（oauth_token，令牌））;
                nameValuePairs.add（新BasicNameValuePair（oauth_nonce，将String.valueOf（millis）来））;
                nameValuePairs.add（新BasicNameValuePair（oauth_timestamp，将String.valueOf（millis）来））;
                nameValuePairs.add（新BasicNameValuePair（oauth_signature_method，HMAC-SHA1））;
                nameValuePairs.add（新BasicNameValuePair（oauth_version，1.0））;
                nameValuePairs.add（新BasicNameValuePair（oauth_signature，SW））; //这是URL连接codeD
                //nameValuePairs.add(new BasicNameValuePair（路径，/a.jpg））;
                //nameValuePairs.add(new BasicNameValuePair（根，保管箱））;
                httpPost.setEntity（新UrlEn codedFormEntity（namevaluepairs中））;

                Log.d（HTTP，要求）;
                HTT presponse响应= httpclient.execute（httpPost）;

                HttpEntity实体= response.getEntity（）;
                InputStream的是= entity.getContent（）;
            字符串结果;
                的BufferedReader读卡器=新的BufferedReader（新InputStreamReader的（是））;
                 StringBuilder的SB =新的StringBuilder（）;
                 串线= NULL;
                 行= reader.readLine（）;
                 sb.append（线）;
                 结果= sb.toString（）;
                 is.close（）;

                //的String = response.getEntity（）的getContent（）;
                Log.d（RESP，结果）;
                //tv.setText（response.toString（））;

            }赶上（ClientProtocolException E）{
            }赶上（IOException异常E）{
            }
 

签名基本字符串：

<$p$p><$c$c>POST&https%3A%2F%2Fapi.dropbox.com%2F1%2Fshares%2Fdropbox%2Fa.jpg&oauth_consumer_key%3D2f2y1dyuqhp58ek%26oauth_nonce%3D1340729641%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340729641%26oauth_token%3Dwz27t6thob0fbxl%26oauth_version%3D1.0

T 任何线索是什么问题呢？那我得到的回应是无效的签名基地string'which显示在logcat中。

LogCat中：

  06-26 22：30：46.125：我/的System.out（364）：调试器已落户（1322）
06-26 22：30：49.203：I / ActivityManager（66）：显示活动cloud.mobile / .MCActivity：9393毫秒（共9393毫秒）
06-26 22：30：49.243：W / ActivityManager（66）：启动超时已过期，放弃唤醒锁！
06-26 22：30：57.124：D / HTTP（364）：wz27t6thob0fbxl
06-26 22：30：59.197：D / HTTP（364）：EXE
06-26 22：30：59.886：D / HTTP（364）：1340730059
06-26 22：31：00.824：D / HTTP（364）： POST&https%3A%2F%2Fapi.dropbox.com%2F1%2Fshares%2Fdropbox%2Fa.jpg&oauth_consumer_key%3D2f2y1dyuqhp58ek%26oauth_nonce%3D1340730059%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340730059%26oauth_token%3Dwz27t6thob0fbxl%26oauth_version%3D1.0
06-26 22：31：00.824：D / HTTP（364）：xLNJrQ5R9jxDTnZcpQ3HLkLBxxQ =
06-26 22：31：00.973：D / HTTP（364）：EXE
06-26 22：31：00.983：D / HTTP（364）：执行
06-26 22：31：01.023：D / HTTP（364）：执行
06-26 22：31：01.664：D / HTTP（364）：请求
06-26 22：31：12.243：D / dalvikvm（364）：GC_FOR_MALLOC释放5195对象/在185ms 296968字节
06-26 22：31：25.063：I /全球（364）：默认缓冲区BufferedReader类构造函数中使用的大小。这将是更好的是明确是否需要一个8K字符缓冲区。
06-26 22：31：28.545：D / RESP（364）：{错误：无效的签名预期的签名基本字符串： POST&https%3A%2F%2Fapi.dropbox.com%2F1%2Fshares%2Fdropbox%2Fa.jpg&oauth_consumer_key%3D2f2y1dyuqhp58ek%26oauth_nonce%3D1340730059%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340730059%26oauth_token%3Dwz27t6thob0fbxl%26oauth_version%3D1.0"}
 

那么，这个预期的签名基本字符串（如上图所示）是完全一样的一个我生成并转换使用HMAC-巴列维国王oauth_signature .. 我失去了一些东西？

解决方案

有可能是坏了，你如何计算你对 oauth_signature 值。由于您没有提供$ C $下，我会尝试在黑暗中拍摄：

正如有人在的Dropbox论坛已经指出说。

  

获取OAuth的签名东西完全正确始终是一个巨大的痛苦。你应该尽量确保你的库生成基本字符串就像是一个服务器期待。一旦这是真的，你可以搞砸你的唯一途径是HMAC与错键（S）。

这个问题可能是您指定 HMAC-SHA1 为签名方法，但不要用它正确签署相应的字符串。

借助 OAuth的规范名三种不同的方法签署的基本字符串。当使用 HMAC-SHA1 你必须调用该方法的基本字符串和级联值输入参数。你可以找到一个示例实现为使用这种方法中的Java <一href="http://stackoverflow.com/questions/6312544/hmac-sha1-how-to-do-it-properly-in-java">here.

由于Dropbox是使用 SSL仅API 你也可以回落到使用法 PLAINTEXT 并直接提交相应的字符串。

此外，您使用的是相同的时间戳输入 oauth_timestamp 和 oauth_nonce 是不建议， oauth_nonce 应始终是唯一的。对于这个问题的一个更详细的解释，并使用一个全局计数器来解决它，读这篇文章。

I am new to network programming.I am trying to make a POST request based on OAuth 1.0 on dropbox. The following is the code i used to make the post request.Is that how i am supposed to do it?

HttpPost httpPost;
            Log.d("HTTP","Exec");
            httpPost = new HttpPost("https://api.dropbox.com/1/shares/dropbox/a.jpg");
            Log.d("HTTP","Execute");

            try {
                List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(9);
                nameValuePairs.add(new BasicNameValuePair("oauth_consumer_key", "2f2y1dyuqhp58ek"));
                nameValuePairs.add(new BasicNameValuePair("oauth_token", token));
                nameValuePairs.add(new BasicNameValuePair("oauth_nonce", String.valueOf(millis)));
                nameValuePairs.add(new BasicNameValuePair("oauth_timestamp", String.valueOf(millis)));
                nameValuePairs.add(new BasicNameValuePair("oauth_signature_method", "HMAC-SHA1"));
                nameValuePairs.add(new BasicNameValuePair("oauth_version", "1.0"));
                nameValuePairs.add(new BasicNameValuePair("oauth_signature", sw));//this is url encoded
                //nameValuePairs.add(new BasicNameValuePair("path", "/a.jpg"));
                //nameValuePairs.add(new BasicNameValuePair("root", "dropbox"));
                httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

                Log.d("HTTP","requesting");
                HttpResponse response = httpclient.execute(httpPost);

                HttpEntity entity = response.getEntity();
                InputStream is = entity.getContent();
            String result;
                BufferedReader reader = new BufferedReader(new InputStreamReader(is));
                 StringBuilder sb = new StringBuilder();
                 String line = null;
                 line = reader.readLine();
                 sb.append(line); 
                 result = sb.toString();
                 is.close();

                //String s=response.getEntity().getContent().;
                Log.d("resp", result);
                //tv.setText(response.toString());

            } catch (ClientProtocolException e) {
            } catch (IOException e) {
            }

The signature base string is:

POST&https%3A%2F%2Fapi.dropbox.com%2F1%2Fshares%2Fdropbox%2Fa.jpg&oauth_consumer_key%3D2f2y1dyuqhp58ek%26oauth_nonce%3D1340729641%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340729641%26oauth_token%3Dwz27t6thob0fbxl%26oauth_version%3D1.0

T Any clue what the problem might be?The response that i am getting is 'invalid signature Base string'which is shown in the logCat.

LogCat:

06-26 22:30:46.125: I/System.out(364): debugger has settled (1322)
06-26 22:30:49.203: I/ActivityManager(66): Displayed activity cloud.mobile/.MCActivity: 9393 ms (total 9393 ms)
06-26 22:30:49.243: W/ActivityManager(66): Launch timeout has expired, giving up wake lock!
06-26 22:30:57.124: D/HTTP(364): wz27t6thob0fbxl
06-26 22:30:59.197: D/HTTP(364): Exe
06-26 22:30:59.886: D/HTTP(364): 1340730059
06-26 22:31:00.824: D/HTTP(364): POST&https%3A%2F%2Fapi.dropbox.com%2F1%2Fshares%2Fdropbox%2Fa.jpg&oauth_consumer_key%3D2f2y1dyuqhp58ek%26oauth_nonce%3D1340730059%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340730059%26oauth_token%3Dwz27t6thob0fbxl%26oauth_version%3D1.0
06-26 22:31:00.824: D/HTTP(364): xLNJrQ5R9jxDTnZcpQ3HLkLBxxQ=
06-26 22:31:00.973: D/HTTP(364): Exe
06-26 22:31:00.983: D/HTTP(364): Exec
06-26 22:31:01.023: D/HTTP(364): Execute
06-26 22:31:01.664: D/HTTP(364): requesting
06-26 22:31:12.243: D/dalvikvm(364): GC_FOR_MALLOC freed 5195 objects / 296968 bytes in 185ms
06-26 22:31:25.063: I/global(364): Default buffer size used in BufferedReader constructor. It would be better to be explicit if an 8k-char buffer is required.
06-26 22:31:28.545: D/resp(364): {"error": "Invalid signature. Expected signature base string: POST&https%3A%2F%2Fapi.dropbox.com%2F1%2Fshares%2Fdropbox%2Fa.jpg&oauth_consumer_key%3D2f2y1dyuqhp58ek%26oauth_nonce%3D1340730059%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340730059%26oauth_token%3Dwz27t6thob0fbxl%26oauth_version%3D1.0"}

Well,this "expected signature base string(shown above)"is exactly same as the one i generated and converted to oauth_signature using HMAC-SHAH.. Am i missing something?

解决方案

There may be something wrong with how you compute your value for oauth_signature. As you didn't provide the code for that I'll try a shot in the dark:

As someone in the Dropbox forums already pointed out by saying

Getting the OAuth signature stuff exactly right is always a huge pain. You should try hard to make sure the base string your library generates is just like the one the server is expecting. Once that's true, the only way you can screw up is to hmac with the wrong key(s).

the problem could be that you specify HMAC-SHA1 as signature method, but do not sign the Base String correctly with it.

The OAuth Specification names three different methods for signing the Base String. When using HMAC-SHA1 you have to call that method with the Base String and the concatenated values as input parameters. You can find an example implementation for using this method in Java here.

As Dropbox is using an SSL only API you could also fall back to using the method PLAINTEXT and directly submitting the Base String.

Further you are using the same timestamp input for oauth_timestamp and oauth_nonce which is not recommended, oauth_nonce should always be unique. For a more detailed explanation of the problem and using a global counter to solve it, read this article.

这篇关于HTTP请求的OAuth的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！