向量api，401 http错误代码，签名不匹配.授权签名或客户凭证错误 [英] vector api, 401 http error code, Signature mismatch. Authorization signature or client credential is wrong

问题描述

我正在尝试使用在此映射矢量-平铺api .我已经从 developer.here.com 收到了我的凭据.我为HERE SDK for Android or iOS (Lite Edition)创建了一个应用.然后，我创建了凭据，并使用here.access.key.id作为我的密钥，并使用here.access.key.secret作为我的秘密.

I'm trying to use the here maps vector-tiles api. I've received my credentials from developer.here.com. I created an app for HERE SDK for Android or iOS (Lite Edition). I then created credentials, and am using here.access.key.id for my key and here.access.key.secret for my secret.

我正在使用oauth-sign npm包(大约为14.5) MM在撰写此问题时每周下载一次，因此我认为它应该可以正常运行)，并附有以下代码段:

I'm using the oauth-sign npm package (which as ~14.5MM weekly downloads at the time of writing this question, so I think it should be working properly) with the following code snippet:

import { hmacsign256 } from 'oauth-sign'

export const API_URL = 'https://account.api.here.com/oauth2/token'
export const nonceLength = 2**5

export interface TokenResponse {
  AccessToken: string
  TokenType: string
  ExpiresIn: number
}

export const generateNonce = (length: number): string => {
  let s = ''
  do {
    s += Math.random().toString(36).substr(2)
  } while (s.length < length)
  return s.substr(0, length)
}

export const fetchNewTokenFromAPI = async ({ key, secret }: { key: string, secret: string }): Promise<TokenResponse> => {
  const url = API_URL
  const method = 'POST'
  const body = 'grant_type=client_credentials'
  const auth = {
    oauth_consumer_key: key,
    oauth_nonce: generateNonce(nonceLength),
    oauth_signature_method: 'HMAC-SHA256',
    oauth_timestamp: String(Math.round(new Date().getTime() / 1000)),
    oauth_version: '1.0',
  }

  const sig = encodeURIComponent(hmacsign256(method, API_URL, auth, key, secret))
  const headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Authorization': `OAuth oauth_consumer_key="${auth['oauth_consumer_key']}",oauth_nonce="${auth['oauth_nonce']}",oauth_signature="${sig}",oauth_signature_method="HMAC-SHA256",oauth_timestamp="${auth['oauth_timestamp']}",oauth_version="1.0"`
  }

  const options: RequestInit = {
    method,
    headers,
    body,
    mode: 'cors',
  }

  const response = await fetch(url, options)
  if (response.ok)
    throw new Error(`expected 200 status, received ${response.status}`)

  return await response.json()
}

运行该函数时，我从api中收到以下信息:

When I run that function, I recieve the following from the api:

{
  "error": "invalid_client"
  "errorCode": 401300
  "errorId": "ERROR-32e365d0-11ce-4fff-86d7-5ca51970e017"
  "error_description": "errorCode: '401300'. Signature mismatch. Authorization signature or client credential is wrong."
  "httpStatus": 401
  "message": "Signature mismatch. Authorization signature or client credential is wrong."
}

推荐答案

在邮递员上测试令牌生成API之后，共享CURL请求.使用者密钥和使用者密钥分别在此处.access.key.id和key.secret.签名方法:HMAC-SHA1，版本:1.0

Sharing the CURL request after testing the token generation API on postman. Consumer key and Consumer secret are here.access.key.id and key.secret respectively. signature method : HMAC-SHA1, Version : 1.0

 curl -X POST \
  https://account.api.here.com/oauth2/token \
  -H 'Authorization: OAuth' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Postman-Token: xxxxxxxxxxxx' \
  -H 'cache-control: no-cache' \
  -d grant_type=client_credentials

这篇关于向量api，401 http错误代码，签名不匹配.授权签名或客户凭证错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！