HERE REST API OAuth 2.0令牌请​​求(带有1.0标头)错误 [英] HERE REST API OAuth 2.0 Token Request (with a 1.0 header) Error

查看:54
本文介绍了HERE REST API OAuth 2.0令牌请​​求(带有1.0标头)错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

自从最终设法按照文档

我尝试了各种调试,其中很多给了我不同的错误,然后我继续尝试重新调试,因此签名必定是问题所在.

我创建了以下类此处来处理生成标头,并从 guzzle/oauth-subscriber 包中的类.

以下是正在生成的请求标头的示例:

  array:2 ["Content-Type" =>应用程序/x-www-form-urlencoded"授权" =>"OAuth oauth_consumer_key =" XXXXXXXXXXXX,oauth_signature_method =" HMAC-SHA256,oauth_timestamp =" 1583629976,oauth_nonce =" Br2HsCVzsaEe3KswBhtCzsSxjUDWgX56,oauth_version =" 1.0,oauth2%2%3%2%2%D2%3%B2%D2%2%D2%2%D2%D2%1%B9C] 

和请求正文:

  array:4 ["grant_type" =>"client_credentials""client_id" =>"XXXXXXXXXXXX""client_secret" =>"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX""expires_in" =>87000] 

已替换敏感详细信息,但 consumer_key 是正确的,并且与 client_id 的值相同,并且 consumer_secret client_secret

无论我如何尝试更改 signUsingHmac()方法以更改签名,它都行不通,对我来说一切正常D:

有人有什么主意吗?

如果我能很好地工作,我会将其拉入包中,以减轻PHP中对该API的身份验证的痛苦.

我尝试完全按照文档,但是不幸的是它仍然没有用,这是我的 $ baseString 传递给hash方法时的样子:

<预> <代码> POST&安培; HTTPS%3A%2F%2Faccount.api.here.com%2Foauth2%2Ftoken&安培; grant_type%3Dclient_credentials%26oauth_consumer_key%3DXXbXbXbXbXbXbXb%26oauth_nonce%3DrZNNSZGOOIHFFtLboCjdAheCmKJmOYSp%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1583640503%26oauth_version%3D1.0

我还创建了一个新的要旨此处及其更新,以创建此 $ baseString

干杯,马特

解决方案

我创建了一个可行的要点.一些建议:

  • 所有值都必须为urlenconde()
  • 您需要使用的字符串对于signign,请求需要包括:method(大写)&网址(urlecode)&参数列表(URL编码)
  • 签名密钥是您的消费者密钥秘密(urlencode),后跟& .这是因为通常您的签名密钥需要我的消费者秘密和保密信息.秘密令牌.在这种情况下,我们没有秘密令牌

对于您的签名基本字符串的参数列表,您需要包括所有oauth_参数和grant_type,因为您还需要包括body参数.这些键的排序至关重要

一些代码PHP代码:

  $ keyId = getenv('HERE_API_KEY_ID');$ keySecret = getenv('HERE_API_KEY_SECRET');$ httpBody = ["grant_type" =>"client_credentials"];$ httpMethod ="POST";$ httpUrl ='https://account.api.here.com/oauth2/token';$ oauthNonce = mt_rand();$ oauthTimestamp = time();$ oauthSignatureMethod =" HMAC-SHA256;$ oauthVersion ="1.0";$ baseString = $ httpMethod.&".urlencode($ httpUrl);$ oauth1Param = ['oauth_consumer_key'=>$ keyId,'oauth_signature_method'=>$ oauthSignatureMethod,'oauth_timestamp'=>$ oauthTimestamp,'oauth_nonce'=>$ oauthNonce,'oauth_version'=>$ oauthVersion];$ paramString ="grant_type = client_credentials&"."oauth_consumer_key =".urlencode($ oauth1Param ['oauth_consumer_key']).& oauth_nonce =".urlencode($ oauth1Param ['oauth_nonce']).& oauth_signature_method =".urlencode($ oauth1Param ['oauth_signature_method']).& oauth_timestamp =".urlencode($ oauth1Param ['oauth_timestamp']).//& oauth_token =".& oauth_version =".urlencode($ oauth1Param ['oauth_version']);echo $ paramString.PHP_EOL;$ baseString = $ baseString.&".urlencode($ paramString);回声$ baseString.PHP_EOL;$ signingKey = urlencode($ keySecret).&";$ signature = urlencode(base64_encode(hash_hmac('sha256',$ baseString,$ signingKey,真的)));$ oauth1Param ['oauth_signature'] = $ signature;回显运行时签名:".$ signature .PHP_EOL; 

我创建了一个有效的GIST,您唯一需要更改的就是$ keyId和$ keySecret. https://gist.github.com/roberto-butti/736c38c796ede70c719f6a21a752c971

>

该文档非常有用: https://developer.twitter.com/zh-CN/docs/basics/authentication/oauth-1-0a/creating-a-signature

I've been trying to get my PHP application to create a successful token request since finally managing to get it working with Postman as per the docs here

Apparently the API is using OAuth 2.0 which is why I expect to send up grant_type, client_id, client_secret and expires_in (if I don't specify one of these fields then the API will successfully tell me it is missing).

Now the problem I am having is with this OAuth 1.0 Authorization Header that I am having to generate, which Postman seems to have no issues doing so, however trying to do it in PHP I am just getting an error returned from the API about a signature mismatch:

array:6 [
  "errorId" => "ERROR-fde4f0f1-9d5c-43fd-80eb-056cbf2c3259"
  "httpStatus" => 401
  "errorCode" => 401300
  "message" => "Signature mismatch. Authorization signature or client credential is wrong."
  "error" => "invalid_client"
  "error_description" => "errorCode: '401300'. Signature mismatch. Authorization signature or client credential is wrong."
]

I've tried various debugging, a lot of which gives me different errors then I keep landing back on this one so the signature must be the problem.

I created the following class here to handle generating a header, getting some guidance from the class in the guzzle/oauth-subscriber package.

Here is an example of the request headers being generated:

array:2 [
  "Content-Type" => "application/x-www-form-urlencoded"
  "Authorization" => "OAuth oauth_consumer_key="XXXXXXXXXXXX",oauth_signature_method="HMAC-SHA256",oauth_timestamp="1583629976",oauth_nonce="Br2HsCVzsaEe3KswBhtCzsSxjUDWgX56",oauth_version="1.0",oauth_signature="G7%2B5f2v2Kdx3rp%2B28DcuJRBvhi9H7fHC1mFLqJIgmMc%3D""
]

And the request body:

array:4 [
  "grant_type" => "client_credentials"
  "client_id" => "XXXXXXXXXXXX"
  "client_secret" => "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
  "expires_in" => 87000
]

Sensitive details replaced but consumer_key is correct and thats the same value as client_id and the same goes for consumer_secret and client_secret

No matter how I try and alter the signUsingHmac() method to change the signature, it doesn't work and it all looks fine to me D:

Anyone got any ideas?

If I can get this working nicely I will pull it out into package to make the auth for this API in PHP a lot less painful.

EDIT:

I tried forming the signature exactly like shown in the docs here but to unfortunately it still hasn't worked, this is what my $baseString looked like when passing into the hash method:

POST&https%3A%2F%2Faccount.api.here.com%2Foauth2%2Ftoken&grant_type%3Dclient_credentials%26oauth_consumer_key%3DXXbXbXbXbXbXbXb%26oauth_nonce%3DrZNNSZGOOIHFFtLboCjdAheCmKJmOYSp%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1583640503%26oauth_version%3D1.0

I've also created a new gist here with my updates to create this $baseString

Cheers, Matt

解决方案

I created a gist that works. Some suggestion:

  • all values need to be urlenconde()
  • the string that you need to use for signign the request needs to include: method (uppercase) & URL (urlecode) & list of parameters (url encoded)
  • the signing key is your consumer key secret (urlencode) followed by &. This because usually your signing key needs to me consumer secret & secret token. In this case we don't have secret token

For the list of parameters for your signature base string you need to include all oauth_ parameter and your grant_type because you need to include also the body parameter. The sorting of these keys is crucial

some code PHP code:

$keyId = getenv('HERE_API_KEY_ID');
$keySecret = getenv('HERE_API_KEY_SECRET');

$httpBody = [
    "grant_type" => "client_credentials"
];
$httpMethod = "POST";
$httpUrl = 'https://account.api.here.com/oauth2/token';


$oauthNonce = mt_rand();
$oauthTimestamp = time();
$oauthSignatureMethod= "HMAC-SHA256";
$oauthVersion = "1.0";


$baseString = $httpMethod."&". urlencode($httpUrl);

$oauth1Param = [
    'oauth_consumer_key' => $keyId,
    'oauth_signature_method' => $oauthSignatureMethod,
    'oauth_timestamp' => $oauthTimestamp,
    'oauth_nonce' => $oauthNonce,
    'oauth_version' => $oauthVersion
];


$paramString =

        "grant_type=client_credentials&".
        "oauth_consumer_key=". urlencode($oauth1Param['oauth_consumer_key']).
        "&oauth_nonce=". urlencode($oauth1Param['oauth_nonce']).
        "&oauth_signature_method=". urlencode($oauth1Param['oauth_signature_method']).
        "&oauth_timestamp=". urlencode($oauth1Param['oauth_timestamp']).
//        "&oauth_token=".
        "&oauth_version=". urlencode($oauth1Param['oauth_version'])
;

echo $paramString.PHP_EOL;
$baseString = $baseString . "&" . urlencode($paramString);
echo $baseString . PHP_EOL;
$signingKey= urlencode($keySecret) . "&";
$signature = urlencode(
    base64_encode(
    hash_hmac(
        'sha256',
        $baseString,
        $signingKey,
        true
    )
    )
);

$oauth1Param['oauth_signature']  =  $signature;
echo "RUNTIME SIGNATURE : " . $signature .PHP_EOL;

I create a GIST that works, the only thing that you need to change is $keyId and $keySecret. https://gist.github.com/roberto-butti/736c38c796ede70c719f6a21a752c971

This documentation was very useful: https://developer.twitter.com/en/docs/basics/authentication/oauth-1-0a/creating-a-signature

这篇关于HERE REST API OAuth 2.0令牌请​​求(带有1.0标头)错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆