HERE REST API OAuth 2.0令牌请求(带有1.0标头)错误 [英] HERE REST API OAuth 2.0 Token Request (with a 1.0 header) Error
问题描述
自从最终设法按照文档 我尝试了各种调试,其中很多给了我不同的错误,然后我继续尝试重新调试,因此签名必定是问题所在. 我创建了以下类此处来处理生成标头,并从 以下是正在生成的请求标头的示例: 和请求正文: 已替换敏感详细信息,但 无论我如何尝试更改 有人有什么主意吗? 如果我能很好地工作,我会将其拉入包中,以减轻PHP中对该API的身份验证的痛苦. 我尝试完全按照文档,但是不幸的是它仍然没有用,这是我的 我还创建了一个新的要旨此处及其更新,以创建此 干杯,马特 我创建了一个可行的要点.一些建议: 对于您的签名基本字符串的参数列表,您需要包括所有oauth_参数和grant_type,因为您还需要包括body参数.这些键的排序至关重要 一些代码PHP代码: 我创建了一个有效的GIST,您唯一需要更改的就是$ keyId和$ keySecret. https://gist.github.com/roberto-butti/736c38c796ede70c719f6a21a752c971 该文档非常有用: https://developer.twitter.com/zh-CN/docs/basics/authentication/oauth-1-0a/creating-a-signature I've been trying to get my PHP application to create a successful token request since finally managing to get it working with Postman as per the docs here Apparently the API is using OAuth 2.0 which is why I expect to send up Now the problem I am having is with this OAuth 1.0 Authorization Header that I am having to generate, which Postman seems to have no issues doing so, however trying to do it in PHP I am just getting an error returned from the API about a signature mismatch: I've tried various debugging, a lot of which gives me different errors then I keep landing back on this one so the signature must be the problem. I created the following class here to handle generating a header, getting some guidance from the class in the Here is an example of the request headers being generated: And the request body: Sensitive details replaced but No matter how I try and alter the Anyone got any ideas? If I can get this working nicely I will pull it out into package to make the auth for this API in PHP a lot less painful. EDIT: I tried forming the signature exactly like shown in the docs here but to unfortunately it still hasn't worked, this is what my I've also created a new gist here with my updates to create this Cheers,
Matt I created a gist that works.
Some suggestion: For the list of parameters for your signature base string you need to include all oauth_ parameter and your grant_type because you need to include also the body parameter. The sorting of these keys is crucial some code PHP code: I create a GIST that works, the only thing that you need to change is $keyId and $keySecret.
https://gist.github.com/roberto-butti/736c38c796ede70c719f6a21a752c971 This documentation was very useful: https://developer.twitter.com/en/docs/basics/authentication/oauth-1-0a/creating-a-signature 这篇关于HERE REST API OAuth 2.0令牌请求(带有1.0标头)错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! guzzle/oauth-subscriber
包中的类.
array:2 ["Content-Type" =>应用程序/x-www-form-urlencoded"授权" =>"OAuth oauth_consumer_key =" XXXXXXXXXXXX,oauth_signature_method =" HMAC-SHA256,oauth_timestamp =" 1583629976,oauth_nonce =" Br2HsCVzsaEe3KswBhtCzsSxjUDWgX56,oauth_version =" 1.0,oauth2%2%3%2%2%D2%3%B2%D2%2%D2%2%D2%D2%1%B9C]
array:4 ["grant_type" =>"client_credentials""client_id" =>"XXXXXXXXXXXX""client_secret" =>"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX""expires_in" =>87000]
consumer_key
是正确的,并且与 client_id
的值相同,并且 consumer_secret
和 client_secret
signUsingHmac()
方法以更改签名,它都行不通,对我来说一切正常D: $ baseString
传递给hash方法时的样子: $ baseString
$ keyId = getenv('HERE_API_KEY_ID');$ keySecret = getenv('HERE_API_KEY_SECRET');$ httpBody = ["grant_type" =>"client_credentials"];$ httpMethod ="POST";$ httpUrl ='https://account.api.here.com/oauth2/token';$ oauthNonce = mt_rand();$ oauthTimestamp = time();$ oauthSignatureMethod =" HMAC-SHA256;$ oauthVersion ="1.0";$ baseString = $ httpMethod.&".urlencode($ httpUrl);$ oauth1Param = ['oauth_consumer_key'=>$ keyId,'oauth_signature_method'=>$ oauthSignatureMethod,'oauth_timestamp'=>$ oauthTimestamp,'oauth_nonce'=>$ oauthNonce,'oauth_version'=>$ oauthVersion];$ paramString ="grant_type = client_credentials&"."oauth_consumer_key =".urlencode($ oauth1Param ['oauth_consumer_key']).& oauth_nonce =".urlencode($ oauth1Param ['oauth_nonce']).& oauth_signature_method =".urlencode($ oauth1Param ['oauth_signature_method']).& oauth_timestamp =".urlencode($ oauth1Param ['oauth_timestamp']).//& oauth_token =".& oauth_version =".urlencode($ oauth1Param ['oauth_version']);echo $ paramString.PHP_EOL;$ baseString = $ baseString.&".urlencode($ paramString);回声$ baseString.PHP_EOL;$ signingKey = urlencode($ keySecret).&";$ signature = urlencode(base64_encode(hash_hmac('sha256',$ baseString,$ signingKey,真的)));$ oauth1Param ['oauth_signature'] = $ signature;回显运行时签名:".$ signature .PHP_EOL;
grant_type
, client_id
, client_secret
and expires_in
(if I don't specify one of these fields then the API will successfully tell me it is missing).array:6 [
"errorId" => "ERROR-fde4f0f1-9d5c-43fd-80eb-056cbf2c3259"
"httpStatus" => 401
"errorCode" => 401300
"message" => "Signature mismatch. Authorization signature or client credential is wrong."
"error" => "invalid_client"
"error_description" => "errorCode: '401300'. Signature mismatch. Authorization signature or client credential is wrong."
]
guzzle/oauth-subscriber
package.array:2 [
"Content-Type" => "application/x-www-form-urlencoded"
"Authorization" => "OAuth oauth_consumer_key="XXXXXXXXXXXX",oauth_signature_method="HMAC-SHA256",oauth_timestamp="1583629976",oauth_nonce="Br2HsCVzsaEe3KswBhtCzsSxjUDWgX56",oauth_version="1.0",oauth_signature="G7%2B5f2v2Kdx3rp%2B28DcuJRBvhi9H7fHC1mFLqJIgmMc%3D""
]
array:4 [
"grant_type" => "client_credentials"
"client_id" => "XXXXXXXXXXXX"
"client_secret" => "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
"expires_in" => 87000
]
consumer_key
is correct and thats the same value as client_id
and the same goes for consumer_secret
and client_secret
signUsingHmac()
method to change the signature, it doesn't work and it all looks fine to me D:$baseString
looked like when passing into the hash method:POST&https%3A%2F%2Faccount.api.here.com%2Foauth2%2Ftoken&grant_type%3Dclient_credentials%26oauth_consumer_key%3DXXbXbXbXbXbXbXb%26oauth_nonce%3DrZNNSZGOOIHFFtLboCjdAheCmKJmOYSp%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1583640503%26oauth_version%3D1.0
$baseString
$keyId = getenv('HERE_API_KEY_ID');
$keySecret = getenv('HERE_API_KEY_SECRET');
$httpBody = [
"grant_type" => "client_credentials"
];
$httpMethod = "POST";
$httpUrl = 'https://account.api.here.com/oauth2/token';
$oauthNonce = mt_rand();
$oauthTimestamp = time();
$oauthSignatureMethod= "HMAC-SHA256";
$oauthVersion = "1.0";
$baseString = $httpMethod."&". urlencode($httpUrl);
$oauth1Param = [
'oauth_consumer_key' => $keyId,
'oauth_signature_method' => $oauthSignatureMethod,
'oauth_timestamp' => $oauthTimestamp,
'oauth_nonce' => $oauthNonce,
'oauth_version' => $oauthVersion
];
$paramString =
"grant_type=client_credentials&".
"oauth_consumer_key=". urlencode($oauth1Param['oauth_consumer_key']).
"&oauth_nonce=". urlencode($oauth1Param['oauth_nonce']).
"&oauth_signature_method=". urlencode($oauth1Param['oauth_signature_method']).
"&oauth_timestamp=". urlencode($oauth1Param['oauth_timestamp']).
// "&oauth_token=".
"&oauth_version=". urlencode($oauth1Param['oauth_version'])
;
echo $paramString.PHP_EOL;
$baseString = $baseString . "&" . urlencode($paramString);
echo $baseString . PHP_EOL;
$signingKey= urlencode($keySecret) . "&";
$signature = urlencode(
base64_encode(
hash_hmac(
'sha256',
$baseString,
$signingKey,
true
)
)
);
$oauth1Param['oauth_signature'] = $signature;
echo "RUNTIME SIGNATURE : " . $signature .PHP_EOL;