OAuth 签名验证失败 [英] OAuth signature verification fails

问题描述

我在设置具有两条腿身份验证的 oauth 提供程序时遇到了一些问题.

I'm having some problem setting up an oauth provider with two-legged authentication.

我正在使用 oauth-plugin gem 和 oauth gem，除了我的更新"请求外，一切正常.签名验证过程一直失败.

I'm using the oauth-plugin gem and the oauth gem, everything works fine except for my "update" requests. The signature verification process keeps failing.

这是我正在做的:

在客户端，我使用

oauth = OAuth::AccessToken.new(OAuth::Consumer.new(app_key, app_secret, :site => @api_endpoint))
oauth.get("http://localhost/api/v1/users/1")
oauth.post("http://localhost/api/v1/users", {:email => "testemail@mysite.com"})
oauth.put("http://localhost/api/v1/users", {:tags => ["some", "new", "tags"]})
oauth.delete("http://localhost/api/v1/users/1")

获取、发布和删除都通过身份验证，但更新失败.

get, post and delete all go through authentication fine, but update fails.

在服务器端，我设置了 ClientApplication 类

On the server side, I have my ClientApplication class set up

  def self.verify_request(request, options = {}, &block)
    begin
      signature = OAuth::Signature.build(request, options, &block)
      return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
      value = signature.verify
      value
    rescue OAuth::Signature::UnknownSignatureMethod => e
      false
    end
  end

signature.verify 在我的更新请求上失败并传递了其他 3 个请求.有人知道发生了什么吗?

signature.verify fails on my update requests and passes on the other 3 requests. Anybody know what's happening?

推荐答案

原来问题在于通过主体传递参数.
我将参数移动到带有 Addressable/uri 的 url 中，这解决了问题.长度上会有一些限制，但现在还可以.

Turns out the problem is with passing the params through the body.
I moved the params into the url with Addressable/uri, and that fixed the problem. It's gonna be a little limiting in terms of length, but ok for now.

这篇关于OAuth 签名验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！