为什么这个 twitter oauth API 令牌请求失败 [英] Why does this twitter oauth API token request fail

查看:61
本文介绍了为什么这个 twitter oauth API 令牌请求失败的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

[注意:以下所有 oauth 令牌/秘密都是随机创建的;他们是不是我的实际令牌/秘密] 

curl -o/tmp/test.txt 'https://api.twitter.com/oauth/request_token?oauth_timestamp=1345141469&consumer_key=UEIUyoBjBRomdvrVcUTn&oauth_access_token_secret=YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO&oauth_access_token=47849378%2drZlzmwbLsc&oauth_access_token_secret&oauth_access_token_secret=YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO&oauth_access_token=47849378%2drZlzmwbLsq1&drZlzmwbLsq1&drZlzmwbLsq1&3GQD1KD4KVoypLyqsq1dYAOgscijMCazcSfBflykjsconsumer_secret=rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&oauth_version=1%2e0&oauth_signature_method=HMAC%2dSHA1&oauth_signature=H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM'

[为了清楚起见,我添加了换行符;实际命令是一行]

假设所有其他数据都有效,为什么上面的命令会产生无法验证 oauth 签名和令牌"(即使我使用我的真实数据)?

特别是我的签名H0KLLecZNAAz%2bXoyrPriUs37X3Zz%2bAcabMa5M4oDLkM"无效,或者我是做一些更根本错误的事情.

我用来生成这个的程序:

<前>#!/bin/perl使用摘要::SHA;%twitter_auth_hash = ("oauth_access_token" => "47849378-rZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC","oauth_access_token_secret" => "YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO","consumer_key" => "UEIUyoBjBRomdvrVcUTn","consumer_secret" => "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW");# 如果没有注释,拉出我的实际数据# 需要bc-private.pl";$twitter_auth_hash{"oauth_signature_method"} = "HMAC-SHA1";$twitter_auth_hash{"oauth_version"} = "1.0";$twitter_auth_hash{"oauth_timestamp"} = time();$twitter_auth_hash{"oauth_nonce"} = time();对于 $i (keys %twitter_auth_hash) {push(@str,"$i=".urlencode($twitter_auth_hash{$i}));}$str = join("&",@str);# 签署的东西$url = "GET $str";#签名$sig = urlencode(Digest::SHA::hmac_sha256_base64($url, "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO");# 完整的 URL 包括 sig$furl = "https://api.twitter.com/oauth/request_token?$str&oauth_signature=$sig";# system("curl -o/tmp/testing.txt '$furl'");打印 "FURL: $furl\n";打印STR:$str\n";打印 "SIG: $sig\n";子网址{我的($str) = @_;$str=~s/([^a-zA-Z0-9])/"%".unpack("H2",$1)/iseg;$str=~s//\+/isg;返回 $str;}

注意:我意识到失败还有很多其他可能的原因,但当前的问题是:我是否正确发送了参数并且是我正确计算签名.

解决方案

Twitter 要求你做一个 POST 请求令牌.

[Note: all oauth tokens/secrets below were created randomly; they are NOT my actual tokens/secrets] 

 
curl -o /tmp/test.txt 'https://api.twitter.com/oauth/request_token?
oauth_timestamp=1345141469&
consumer_key=UEIUyoBjBRomdvrVcUTn&oauth_access_token_secret=YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO&oauth_access_token=47849378%2drZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC&oauth_nonce=1345141469&
consumer_secret=rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&
oauth_version=1%2e0&
oauth_signature_method=HMAC%2dSHA1&oauth_signature=H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM'

[I added newlines for clarity; actual command is one single line]

Assuming all the other data is valid, why does the command above yield "Failed to validate oauth signature and token" (even when I use my real data)?

In particular, is my signature "H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM" invalid, or am I doing something more fundamentally wrong.

The program I used to generate this: 


#!/bin/perl 
use Digest::SHA; 

%twitter_auth_hash = ( 
"oauth_access_token" => "47849378-rZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC", 
"oauth_access_token_secret" => "YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO", 
"consumer_key" => "UEIUyoBjBRomdvrVcUTn", 
"consumer_secret" => "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW" 
); 

# if uncommented, pull my actual data 
# require "bc-private.pl"; 

$twitter_auth_hash{"oauth_signature_method"} = "HMAC-SHA1"; 
$twitter_auth_hash{"oauth_version"} = "1.0"; 
$twitter_auth_hash{"oauth_timestamp"} = time(); 
$twitter_auth_hash{"oauth_nonce"} = time(); 

for $i (keys %twitter_auth_hash) { 
  push(@str,"$i=".urlencode($twitter_auth_hash{$i})); 
} 

$str = join("&",@str); 

# thing to sign 
$url = "GET $str"; 

# signing it 
$sig = urlencode(Digest::SHA::hmac_sha256_base64($url, "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO")); 

# full URL incl sig 
$furl = "https://api.twitter.com/oauth/request_token?$str&oauth_signature=$sig"; 
# system("curl -o /tmp/testing.txt '$furl'"); 


print "FURL: $furl\n"; 
print "STR: $str\n"; 
print "SIG: $sig\n"; 

sub urlencode { 
  my($str) = @_; 
  $str=~s/([^a-zA-Z0-9])/"%".unpack("H2",$1)/iseg; 
  $str=~s/ /\+/isg; 
  return $str; 
}

Note: I realize there are many other possible reasons this is failing, but current question is: am I sending the parameters correctly and am I computing the signature correctly.

解决方案

Twitter asks that you do a POST for the request token.

这篇关于为什么这个 twitter oauth API 令牌请求失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆