为什么这个 twitter oauth API 令牌请求失败 [英] Why does this twitter oauth API token request fail
问题描述
[注意:以下所有 oauth 令牌/秘密都是随机创建的;他们是不是我的实际令牌/秘密]
curl -o/tmp/test.txt 'https://api.twitter.com/oauth/request_token?oauth_timestamp=1345141469&consumer_key=UEIUyoBjBRomdvrVcUTn&oauth_access_token_secret=YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO&oauth_access_token=47849378%2drZlzmwbLsc&oauth_access_token_secret&oauth_access_token_secret=YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO&oauth_access_token=47849378%2drZlzmwbLsq1&drZlzmwbLsq1&drZlzmwbLsq1&3GQD1KD4KVoypLyqsq1dYAOgscijMCazcSfBflykjsconsumer_secret=rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&oauth_version=1%2e0&oauth_signature_method=HMAC%2dSHA1&oauth_signature=H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM'
[为了清楚起见,我添加了换行符;实际命令是一行]
假设所有其他数据都有效,为什么上面的命令会产生无法验证 oauth 签名和令牌"(即使我使用我的真实数据)?
特别是我的签名H0KLLecZNAAz%2bXoyrPriUs37X3Zz%2bAcabMa5M4oDLkM"无效,或者我是做一些更根本错误的事情.
我用来生成这个的程序:
<前>#!/bin/perl使用摘要::SHA;%twitter_auth_hash = ("oauth_access_token" => "47849378-rZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC","oauth_access_token_secret" => "YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO","consumer_key" => "UEIUyoBjBRomdvrVcUTn","consumer_secret" => "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW");# 如果没有注释,拉出我的实际数据# 需要bc-private.pl";$twitter_auth_hash{"oauth_signature_method"} = "HMAC-SHA1";$twitter_auth_hash{"oauth_version"} = "1.0";$twitter_auth_hash{"oauth_timestamp"} = time();$twitter_auth_hash{"oauth_nonce"} = time();对于 $i (keys %twitter_auth_hash) {push(@str,"$i=".urlencode($twitter_auth_hash{$i}));}$str = join("&",@str);# 签署的东西$url = "GET $str";#签名$sig = urlencode(Digest::SHA::hmac_sha256_base64($url, "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO");# 完整的 URL 包括 sig$furl = "https://api.twitter.com/oauth/request_token?$str&oauth_signature=$sig";# system("curl -o/tmp/testing.txt '$furl'");打印 "FURL: $furl\n";打印STR:$str\n";打印 "SIG: $sig\n";子网址{我的($str) = @_;$str=~s/([^a-zA-Z0-9])/"%".unpack("H2",$1)/iseg;$str=~s//\+/isg;返回 $str;}注意:我意识到失败还有很多其他可能的原因,但当前的问题是:我是否正确发送了参数并且是我正确计算签名.
Twitter 要求你做一个 POST 请求令牌.
[Note: all oauth tokens/secrets below were created randomly; they are NOT my actual tokens/secrets]
curl -o /tmp/test.txt 'https://api.twitter.com/oauth/request_token? oauth_timestamp=1345141469& consumer_key=UEIUyoBjBRomdvrVcUTn&oauth_access_token_secret=YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO&oauth_access_token=47849378%2drZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC&oauth_nonce=1345141469& consumer_secret=rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW& oauth_version=1%2e0& oauth_signature_method=HMAC%2dSHA1&oauth_signature=H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM'
[I added newlines for clarity; actual command is one single line]
Assuming all the other data is valid, why does the command above yield "Failed to validate oauth signature and token" (even when I use my real data)?
In particular, is my signature "H0KLLecZNAAz%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM" invalid, or am I doing something more fundamentally wrong.
The program I used to generate this:
#!/bin/perl use Digest::SHA; %twitter_auth_hash = ( "oauth_access_token" => "47849378-rZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC", "oauth_access_token_secret" => "YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO", "consumer_key" => "UEIUyoBjBRomdvrVcUTn", "consumer_secret" => "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW" ); # if uncommented, pull my actual data # require "bc-private.pl"; $twitter_auth_hash{"oauth_signature_method"} = "HMAC-SHA1"; $twitter_auth_hash{"oauth_version"} = "1.0"; $twitter_auth_hash{"oauth_timestamp"} = time(); $twitter_auth_hash{"oauth_nonce"} = time(); for $i (keys %twitter_auth_hash) { push(@str,"$i=".urlencode($twitter_auth_hash{$i})); } $str = join("&",@str); # thing to sign $url = "GET $str"; # signing it $sig = urlencode(Digest::SHA::hmac_sha256_base64($url, "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO")); # full URL incl sig $furl = "https://api.twitter.com/oauth/request_token?$str&oauth_signature=$sig"; # system("curl -o /tmp/testing.txt '$furl'"); print "FURL: $furl\n"; print "STR: $str\n"; print "SIG: $sig\n"; sub urlencode { my($str) = @_; $str=~s/([^a-zA-Z0-9])/"%".unpack("H2",$1)/iseg; $str=~s/ /\+/isg; return $str; }
Note: I realize there are many other possible reasons this is failing, but current question is: am I sending the parameters correctly and am I computing the signature correctly.
Twitter asks that you do a POST for the request token.
这篇关于为什么这个 twitter oauth API 令牌请求失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!