为 OAuth (Ruby) 创建签名和随机数 [英] Creating Signature and Nonce for OAuth (Ruby)

问题描述

我希望从我的应用程序访问 SmugMug 的 API 以获取用户的相册和图像(用户已通过 ruby​​ 的 OmniAuth 进行身份验证).

I'm looking to access SmugMug's API from my application to grab users' albums and images (the users have been authenticated via ruby's OmniAuth).

根据 SmugMug 的 OAuth API，OAuth 需要六个参数.

According to SmugMug's OAuth API, OAuth requires six parameters.

我可以使用 OmniAuth 获取令牌，并且时间戳应该很容易(Time.now.to_i 对吗?).有两件事我不知道如何生成——oauth_nonce 和 oauth_signature.

I can get the token with OmniAuth, and the timestamp should be easy (Time.now.to_i right?). There are two things that I don't know how to generate -- the oauth_nonce and the oauth_signature.

根据 oauth 文档，我通过时间戳生成随机数，但我到底要怎么做呢?是否需要一定的长度和限制在某些字符?

According to the oauth docs, I generate the nonce via the timestamp, but how exactly would I do that? Does it need to be a certain length and limited to certain characters?

当然还有签名.我将如何使用 ruby​​ 生成 HMAC-SHA1 签名?我知道 oauth gem 可以做到，但我宁愿自己生成它以与 OmniAuth 一起使用.查看代码，我无法理解 oauth gem 如何生成 sig.

And of course the signature. How would I generate a HMAC-SHA1 sig with ruby? I know the oauth gem can do it, but I'd rather generate it myself to use with OmniAuth. Looking at the code, I'm having trouble deciphering how the oauth gem generates the sig.

感谢您的帮助.

推荐答案

对于签名:

def sign( key, base_string )
  digest = OpenSSL::Digest::Digest.new( 'sha1' )
  hmac = OpenSSL::HMAC.digest( digest, key, base_string  )
  Base64.encode64( hmac ).chomp.gsub( /
/, '' )
end#def

您不必从时间戳生成随机数，但它是有意义的，因为时间戳显然是唯一的，因此它是任何随机化函数的良好起始输入.

You don't have to generate the nonce from the timestamp, but it can make sense since the timestamp is obviously unique, so it makes a good starting input for any randomisation function.

我使用这个，(我从这里的另一个问题中得到并修改了)

I use this, (that I got from another question on here and modified)

def nonce
  rand(10 ** 30).to_s.rjust(30,'0')
end#def

但是你可以使用任何能生成唯一字符串的东西.

but you can use anything that generates a unique string.

请参阅 erikeldridge 在 github 上的这篇要点 和 OAuth 初学者指南 了解更多

See this gist by erikeldridge on github and Beginner’s Guide to OAuth for more

我发现在 Ruby 标准库中有更好的方法来生成随机字符串，SecureRandom.

I've since found there's a better way to generate random strings in the Ruby standard library, SecureRandom.

这篇关于为 OAuth (Ruby) 创建签名和随机数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！