为OAuth创建签名和随机数(Ruby) [英] Creating Signature and Nonce for OAuth (Ruby)

问题描述

我希望从我的应用程序访问SmugMug的API，以获取用户的相册和图像(用户已通过ruby的OmniAuth进行了身份验证).

I'm looking to access SmugMug's API from my application to grab users' albums and images (the users have been authenticated via ruby's OmniAuth).

根据 SmugMug的OAuth API ，OAuth需要六个参数.

According to SmugMug's OAuth API, OAuth requires six parameters.

我可以使用OmniAuth获得令牌，并且时间戳应该很容易(Time.now.to_i对吗?).我不知道如何生成两件事-oauth_nonce和oauth_signature.

I can get the token with OmniAuth, and the timestamp should be easy (Time.now.to_i right?). There are two things that I don't know how to generate -- the oauth_nonce and the oauth_signature.

根据oauth docs，我通过时间戳生成随机数，但是我该怎么做呢?是否需要一定的长度并限制为某些字符?

According to the oauth docs, I generate the nonce via the timestamp, but how exactly would I do that? Does it need to be a certain length and limited to certain characters?

当然还有签名.如何用红宝石生成HMAC-SHA1信号?我知道oauth gem可以做到，但是我宁愿自己生成它以与OmniAuth一起使用.查看代码，我很难理解oauth gem如何生成信号.

And of course the signature. How would I generate a HMAC-SHA1 sig with ruby? I know the oauth gem can do it, but I'd rather generate it myself to use with OmniAuth. Looking at the code, I'm having trouble deciphering how the oauth gem generates the sig.

谢谢您的帮助.

推荐答案

签名

def sign( key, base_string )
  digest = OpenSSL::Digest::Digest.new( 'sha1' )
  hmac = OpenSSL::HMAC.digest( digest, key, base_string  )
  Base64.encode64( hmac ).chomp.gsub( /\n/, '' )
end#def

您不必从时间戳生成随机数，但是这样做很有意义，因为时间戳显然是唯一的，因此它为任何随机函数提供了良好的开始输入.

You don't have to generate the nonce from the timestamp, but it can make sense since the timestamp is obviously unique, so it makes a good starting input for any randomisation function.

我用这个，(我是从另一个问题上得到的，并经过修改的)

I use this, (that I got from another question on here and modified)

def nonce
  rand(10 ** 30).to_s.rjust(30,'0')
end#def

但是您可以使用任何能生成唯一字符串的东西.

but you can use anything that generates a unique string.

请参见erikeldridge在github上的此要旨和

See this gist by erikeldridge on github and Beginner’s Guide to OAuth for more

此后，我发现在Ruby标准库

I've since found there's a better way to generate random strings in the Ruby standard library, SecureRandom.

这篇关于为OAuth创建签名和随机数(Ruby)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！