Twitter OAuth，尝试发布直接消息时出错 [英] Twitter OAuth, Error when trying to POST direct message

问题描述

所以我正在构建一个与我的 C++ 应用程序结合使用的 java 脚本，用于向用户发送直接消息.该脚本执行构建我发送的请求的工作.当我发送请求时，我收到签名不正确"或无法验证您的身份" 有没有人看到我遗漏了什么或做错了什么?我正在继续调查.提前致谢

So I am building a java script that is used in conjunction of my C++ application for sending direct messages to users. the script does the work of building the request that i send. When i send a request i receive "Incorrect signature" or "can not authenticate you" Does anyone see something i am missing or am doing wrong? I am continuing to investigate. Thank you in advance

Javascript:

Javascript:

var nDate = new Date();
var epoch = nDate.getTime();
var nounce = "";

nounce = Base64.encode(epoch+randomString()); 

var Parameters =   [
   "oauth_consumerkey="+sConsumerKey,
   "oauth_nonce="+nounce,
   "oauth_signature_method=HMAC-SHA1",
   "oauth_timestamp="+epoch,
   "oauth_token="+sAccessToken,
   "oauth_version=1.0",
   "text="+sText,
   "user="+sUser];

var SortedParameters = Parameters.sort(); 
var joinParameters = SortedParameters.join("&");
var encodeParameters = escape(joinParameters);



signature_base_string = escape("POST&"+NormalizedURL+"&"+encodeParameters);

signature_key = sConsumerSecret+"&"+sAccessSecret;

signature = Base64.encode(hmacsha1(signature_base_string,signature_key));


sAuthHeader = "
  OAuth realm=, 
  oauth_nonce="+nounce+",
  oauth_timestamp="+epoch+",     
  oauth_consumer_key="+sConsumerKey+",
  oauth_signature_method=HMAC-SHA1, 
  oauth_version=1.0,
  oauth_signature="+signature+",
  oauth_token="+sAccessToken+",
  text="+sText;

goNVOut.Set("Header.Authorization: ", sAuthHeader);

推荐答案

以下几点需要注意:

• JavaScript 的转义"功能不适用于 OAuth URL 编码，根据 OAuth 规范.

5.1.参数编码

所有参数名称和值都是使用 [RFC3986] 转义百分比编码 (%xx) 机制.字符不在无保留字符集([RFC3986] 第 2.3 节)必须被编码.中的人物非保留字符集不得编码.中的十六进制字符编码必须是大写.文本名称和值必须编码为百分比编码前的 UTF-8 八位字节他们根据 [RFC3629].

All parameter names and values are escaped using the [RFC3986] percent-encoding (%xx) mechanism. Characters not in the unreserved character set ([RFC3986] section 2.3) MUST be encoded. Characters in the unreserved character set MUST NOT be encoded. Hexadecimal characters in encodings MUST be upper case. Text names and values MUST be encoded as UTF-8 octets before percent-encoding them per [RFC3629].

        unreserved = ALPHA, DIGIT, '-', '.', '_', '~'

JavaScript 的转义函数会让@ * +/通过，未转义.我相信这会破坏签名签名过程，因为服务器将转义这些，并且它计算的 HMAC-SHA1 值将与您的不同.

JavaScript's escape function will let @ * + / through, unescaped. I'm confident that that will break the signature signing process, since the server will be escaping those, and the HMAC-SHA1 value it computes will be different than yours.

• 确保对您的基本 URI、NormalizedURL 进行 URL 编码.

我发现正确编码是 OAuth 中最乏味的部分.请务必在新的url_encode"函数中使用大写字母.

I found that getting the encoding correct is the most tedious part of OAuth. Be sure to use upper-case letters in your new "url_encode" function.

这是我的 C++ 代码来进行 URL 编码.可以稍微优化一下，但应该很容易理解.

Here's my C++ code to do the URL encoding. It could be optimized a bit but should be easy to understand.

char hexdigit(int ch)
{
    assert(ch < 16);
    assert(ch >= 0);
    if (ch >= 10)
        return 'A' + ch - 10;
    return '0' + ch;
}

std::string url_encode(const std::string &to_encode)
{
    std::stringstream ss;
    for (std::string::const_iterator ich = to_encode.begin();
         ich != to_encode.end();
         ++ich)
    {
        unsigned char ch = (unsigned char)*ich;
        if (isalpha(ch) || isdigit(ch) || ch == '-' || ch == '_' || ch == '.' || ch == '~')
        {
            ss << ch;
        }
        else
        {
            ss << '%';
            ss << hexdigit(ch >> 4);
            ss << hexdigit(ch & 0xf);
        }
    }

    std::string encoded = ss.str();
    return encoded;
}

祝你好运！

这篇关于Twitter OAuth，尝试发布直接消息时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！