获取 Twitter 请求令牌失败 [英] Acquire Twitter request token failed

问题描述

我按照 http://dev.twitter.com/pages/auth 上的说明进行操作#request-token，并开发了ac#类来做OAuth授权.我使用了页面上的参数，输出签名基本字符串和签名匹配页面上的参数.所以我认为算法部分是正确的. 然后我用我的推特应用程序中的参数替换了参数，但我未能从推特服务中获取请求令牌.并且响应数据是无法验证 oauth 签名和令牌".

I followed the instruction at http://dev.twitter.com/pages/auth#request-token, and developed a c# class to do the OAuth authorization. I used the parameters on the page, and the output signature base string and signature match that on the page. So I think the algorithm part is correct. Then I replaced the parameters with the ones in my twitter application, but I failed to acquire the request token from Twitter service. And the response data is "Failed to validate oauth signature and token".

这是我发送的请求(我使用 http，而不是 https 进行调试):

Here's the request I send (I used http, instead of https for debug):

POST http://api.twitter.com/oauth/request_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id%3D11", oauth_consumer_key="GDdmIQH6jhtmLUypg82g", oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1272323042", oauth_version="1.0", oauth_signagure="IP%2FEEoc4tKdiobM%2FKH5cPK69cJM%3D"
Host: api.twitter.com
Proxy-Connection: Keep-Alive

这是回应:

HTTP/1.1 401 Unauthorized
Connection: Keep-Alive
Connection: Proxy-Support
Content-Length: 44
Via: 1.1 APS-PRXY-09
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Date: Fri, 08 Apr 2011 05:47:20 GMT
Content-Type: text/html; charset=utf-8
Server: hi
Proxy-Support: Session-Based-Authentication
Status: 401 Unauthorized
X-Transaction: 1302241640-40339-46793
Last-Modified: Fri, 08 Apr 2011 05:47:20 GMT
X-Runtime: 0.01519
Pragma: no-cache
X-Revision: DEV
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: k=207.46.55.29.1302241640766556; path=/; expires=Fri, 15-Apr-11 05:47:20 GMT; domain=.twitter.com
Set-Cookie: guest_id=13022416407746962; path=/; expires=Sun, 08 May 2011 05:47:20 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEiBpjMvAToHaWQiJWMzMTViOGZiNDkzMDRi%250ANjNhMmQwYmVkZDBhNTc2NTc4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--177afd5c0f6fe30005ab9a9412e6f85ab03cbfa7; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding

Failed to validate oauth signature and token

这就是我生成规范化参数的方式:

This is how I generate the normalized parameters:

string.Join("&", (from d in this.BuildParameterDict()
                  select string.Format("{0}={1}", OAuthEncoding.Encode(d.Key), OAuthEncoding.Encode(d.Value))))

BuildParameterDict 方法将排序构建一个列表:来自查询字符串的参数；来自身体的参数；'oauth' 的参数，除了 'oauth_signature'.

The BuildParameterDict method will sorted build a list with: parameters from query string; parameters from body; parameters sepcific to 'oauth', except the 'oauth_signature'.

那么签名基串是通过以下方式生成的:

Then the signature base string is generated by:

            StringBuilder sb = new StringBuilder();

            sb.Append(OAuthEncoding.Encode(this._request.Method));
            sb.Append('&');
            sb.Append(OAuthEncoding.Encode(this.GetNormalUri()));
            sb.Append('&');
            sb.Append(OAuthEncoding.Encode(this.GetNormalParameters()));

这是上面页面中生成的带有参数的基本字符串:

This is the generated base string with parameters from the above page:

POST&安培; HTTPS％3A％2F％2Fapi.twitter.com％2Foauth％2Frequest_token&安培; oauth_callback％3Dhttp％253A％252F％252Flocalhost％253A3005％252Fthe_dance％252Fprocess_callback％253Fservice_provider_id％253D11％26oauth_consumer_key％3DGDdmIQH6jhtmLUypg82g％26oauth_nonce％3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk％26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0

POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DQP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272323042%26oauth_version%3D1.0

与该页面上的字符串相同.

which is identical to the string on that page.

推荐答案

您的 oauth 签名在您的请求中列为oauth_signagure".

Your oauth signature is listed as "oauth_signagure" in your request.

oAuth 参数必须在发送前排序，但签名必须在授权请求的末尾.(http://oauth.net/core/1.0/#anchor14)

oAuth parameters has to be sorted before sending, but signature has to be at the end of the authorization request.(9.1.1 in http://oauth.net/core/1.0/#anchor14)

您可能还需要指定一个领域="/oauth/request_token".这是可选的，但我记得没错，Twitter 想要这个作为请求令牌.

You may also need to specify a realm="/oauth/request_token". It's optional, but as I remember correctly Twitter wants this one for a request token.

如果您可以添加您的代码，我们可能会发现发生了什么，因为您可能没有正确构建用于签名散列的请求和密钥.

If you can add your code we might find what's going on, as you might not be building your request and key for signature hashing correctly.

这篇关于获取 Twitter 请求令牌失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！