生成身份验证头 [英] Generating Authentication Header
问题描述
有没有一种方法可以通过不使用PayPal SDK来为第三方生成身份验证标头.我已经获得了他们的访问令牌和机密.但是,这些都是通过curl请求实现的,这些请求对我来说很简单.反正有这样做吗?
Is there a way to generate the authentication header for a third party through not using the PayPal SDK. I have gotten their access token and secret. However these have been through curl requests which have been straightforward to me. Is there anyway to do it like this?
此外,要生成标头,我需要第三方的API签名吗?我怎么得到这个?
In addition, to generate the header I need an API signature of the third party? how would I get this?
谢谢您的帮助.
推荐答案
对于寻找PayPal X-PAYPAL-AUTHORIZATION标头值的node.js解决方案的其他人,我这样写:
For anyone else looking for a node.js solution to PayPal X-PAYPAL-AUTHORIZATION header values, I wrote this:
function PayPalURLEncoder(s)
{
var hex = "0123456789abcdef";
var untouched = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_";
var result = s.split('').map(function(c){
if (untouched.indexOf(c)>=0) { return c; }
else if (c==' ') { return "+"; }
else
{
// Needs converting to HEX
var code = c.charCodeAt(0);
return "%" + hex.charAt((code & 0xf0) >> 4) + hex.charAt(code & 0xf);
}
});
return result.join('');
}
exports.authorizationToken = function(accessToken,method,endpoint)
{
var PARAM_DELIMETER = "&";
var PARAM_SEPERATOR = "=";
var token = { key : accessToken.token, secret : accessToken.tokenSecret};
var consumer = { key : global.config.paypal.username, secret : global.config.paypal.password };
// Add params
var params = {
"oauth_consumer_key" : consumer.key,
"oauth_version" : "1.0",
"oauth_signature_method" : "HMAC-SHA1",
"oauth_token" : token.key,
"oauth_timestamp" : Math.round(new Date().getTime() / 1000),
};
// Convert params into paramString
var paramKeys = [];
var paramString = "";
for (var p in params) { paramKeys.push(p); } paramKeys.sort();
for (var i=0; i<paramKeys.length; i+=1)
{
var p = paramKeys[i];
paramString += (p + PARAM_SEPERATOR + params[p]);
if (i+1<paramKeys.length) paramString += PARAM_DELIMETER;
}
// Create signature
var key = PayPalURLEncoder(consumer.secret) + PARAM_DELIMETER + PayPalURLEncoder(token.secret);
var signatureBase = method + PARAM_DELIMETER + PayPalURLEncoder(endpoint) + PARAM_DELIMETER + PayPalURLEncoder(paramString);
var signature = CryptoJS.HmacSHA1(signatureBase, key).toString(CryptoJS.enc.Base64);
return "token="+token.key+",signature="+signature+",timestamp="+params["oauth_timestamp"];
};
AuthToken使用通常的方法从对"/Permissions/GetAccessToken"的调用中返回,并且包含用于代表第三方进行操作的令牌和tokenSecret对.方法为POST,终点为类似" https://svcs.sandbox.paypal. com/Permissions/GetBasicPersonalData ".
AuthToken is returned from a call to "/Permissions/GetAccessToken" using the usual methods and contains a token and tokenSecret pair for operating on behalf of a third party. Method would be POST and the end point would be something like "https://svcs.sandbox.paypal.com/Permissions/GetBasicPersonalData".
使用上面的方法可能看起来像这样:
Using the method above might look something like this:
exports.basicDetails = function(accessToken, callback)
{
var http = require('https');
var host = global.config.paypal.sandbox ? 'svcs.sandbox.paypal.com' : 'svcs.paypal.com';
var path = '/Permissions/GetBasicPersonalData';
var options = {
host: host,
path: path,
method: 'POST',
headers: {
"X-PAYPAL-AUTHORIZATION" : exports.authorizationToken(accessToken,"POST","https://"+host+path),
"X-PAYPAL-REQUEST-DATA-FORMAT" : "NV",
"X-PAYPAL-RESPONSE-DATA-FORMAT" : "JSON",
"X-PAYPAL-APPLICATION-ID" : global.config.paypal.sandbox ? "<<YOURAPPIDSANDBOX>>" : "<<YOURAPPID>>",
},
};
var req = http.request(options, function(res){
var str = "";
res.setEncoding('utf8');
res.on('data', function (chunk) { str += chunk; });
res.on('end', function () {
if (callback) callback(false,JSON.parse(str));
});
});
req.on('error',function(e){
if (callback) callback("Unable to connect with PayPal");
});
req.end("attributeList.attribute(0)=http://axschema.org/contact/email&attributeList.attribute(1)=http://schema.openid.net/contact/fullname&requestEnvelope.errorLanguage=en_US");
};
这篇关于生成身份验证头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
