如何使用 Java 获取 Google 的 OAuth 请求令牌 [英] How to get an OAuth Request Token for Google using java
问题描述
在尝试访问 API 时,我正在努力从 google 获取请求令牌.我收到标准的 400 响应.我发送的请求与他们提供的 OAuth 游乐场中生成的请求几乎相同.
我正在使用匿名秘密/密钥并构建了一个基本字符串,如下所示:
<代码> GET&安培; HTTPS%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetRequestToken&安培; oauth_callback%3Dhttp%253A%252F%252Fgooglecodesamples.com%252Foauth_playground%252Findex.php%26oauth_consumer_key%3Danonymous%26oauth_nonce%3D61dddc084c4e8adfa13d1509161939b0%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1302853379%26oauth_version%3D1.0%26scope%3Dhttps%253A%252F%252Fwww.google.com%252Fcalendar%2252Fwww.google.com%252Fcalendar%2252F
为了调试发送的请求,我在 eclipse 中设置了 TCP/IP 监控.然而,这仅监控 Http 流量,因此以下是所请求内容的 99% 反映.
GET/accounts/OAuthGetRequestToken?scope=http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds%2F HTTP/1.1授权:OAuth的oauth_callback = HTTP%3A%2F%2Fgooglecodesamples.com%2Foauth_playground%2Findex.php",oauth_consumer_key = 匿名",oauth_nonce = 8cc04c7633db041dd0fd8e5fd0eb728e",oauth_signature = epRa5IZOA6s%2B3qhZa%2FUxuwYKnJA%3D",oauth_signature_method ="HMAC-SHA1", oauth_timestamp="1302790583", oauth_version="1.0"接受: */*用户代理:Java/1.6.0_24主机:本地主机连接:保持连接你能告诉我我做错了什么吗?提前致谢.
以下是我为此使用的唯一代码.
package com.pdw.gb;导入 java.io.BufferedReader;导入 java.io.InputStreamReader;导入 java.net.URL;导入 java.net.URLConnection;导入 java.net.URLEncoder;导入 java.util.Calendar;导入 java.util.Date;导入 java.util.Random;导入 javax.crypto.Mac;导入 javax.crypto.spec.SecretKeySpec;导入 com.google.gdata.util.common.util.Base64;公共类 OAuthTest3 {公共静态字符串读取(字符串网址){StringBuffer 缓冲区 = new StringBuffer();尝试{字符串[][] 数据 = {{ "oauth_callback", URLEncoder.encode("http://googlecodesamples.com/oauth_playground/index.php","UTF-8") },{oauth_consumer_key",匿名"},{ "oauth_nonce", a64BitRandomString() },{oauth_signature_method",HMAC-SHA1"},{ "oauth_timestamp", timeSinceEpochInMillis() },{oauth_signature","},{oauth_version",1.0"},{ "范围", URLEncoder.encode("https://www.google.com/calendar/feeds/","UTF-8") }};/*** 生成签名基串*/String signature_base_string = "GET&"+ URLEncoder.encode(url, "UTF-8") + "&";for (int i = 0; i < data.length; i++){//忽略空的 oauth_signature 字段如果(我!= 5){System.out.print(i);signature_base_string += URLEncoder.encode(data[i][0],UTF-8")+ "%3D"+ URLEncoder.encode(data[i][1], "UTF-8") + "%26";}}//剪切最后一个附加的 %26signature_base_string = signature_base_string.substring(0,signature_base_string.length() - 3);/*** 签署请求*/Mac m = Mac.getInstance("HmacSHA1");m.init(new SecretKeySpec("anonymous".getBytes(), "HmacSHA1"));m.update(signature_base_string.getBytes());byte[] res = m.doFinal();String sig = URLEncoder.encode(String.valueOf(Base64.encode(res)),"UTF8");数据[5][1] = 信号;/*** 创建请求头*/String header = "OAuth ";国际我= 0;for (String[] item : data){如果 (i!=7){header += item[0] + "="" + item[1] + "", ";}我++;}//切断最后附加的逗号header = header.substring(0, header.length() - 2);System.out.println("签名基串:"+ signature_base_string);System.out.println("授权头:" + header);System.out.println("签名:" + sig);字符串字符集 = "UTF-8";URLConnection connection = new URL(url+"?scope="+URLEncoder.encode("https://www.google.com/calendar/feeds/", "UTF-8")).openConnection();connection.setRequestProperty("Authorization", header);connection.setRequestProperty("Accept", "*/*");BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));字符串读取;while ((read = reader.readLine()) != null){缓冲区.追加(读取);}} 捕获(异常 e){e.printStackTrace();}返回 buffer.toString();}public static void main(String[] args){布尔调试=假;如果(!调试){System.out.println(OAuthTest3.read("https://www.google.com/accounts/OAuthGetRequestToken"));}别的{System.out.println(OAuthTest3.read("http://localhost/accounts/OAuthGetRequestToken"));}}私有静态字符串 a64BitRandomString() {StringBuffer sb = new StringBuffer();随机生成器 = new Random();for (int i = 0; i <32; i++) {整数 r = generator.nextInt();如果 (r <0) {r = r * -1;}r = r % 16;sb.append(r.toHexString(r));}返回 sb.toString();}私有静态字符串 timeSinceEpochInMillis() {日历 c = Calendar.getInstance();日期日期 = c.getTime();长时间 = date.getTime();整数 i = (int) (time/1000);返回 i.toString();}}应该是 m.init(new SecretKeySpec("anonymous&".getBytes(), "HmacSHA1")); 当oauth_token_secret 为空,您仍然需要&"将两个秘密连接起来,形成完整的签名密钥.
I'm struggling to fetch a request token from google when trying to access the APIs. I'm receiving the standard 400 response. The request i'm sending is almost identical to that generated in the OAuth playground they provide.
I'm using the anonymous secret/key and have constructed a base string as follows :
GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetRequestToken&oauth_callback%3Dhttp%253A%252F%252Fgooglecodesamples.com%252Foauth_playground%252Findex.php%26oauth_consumer_key%3Danonymous%26oauth_nonce%3D61dddc084c4e8adfa13d1509161939b0%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1302853379%26oauth_version%3D1.0%26scope%3Dhttps%253A%252F%252Fwww.google.com%252Fcalendar%252Ffeeds%252F
To debug the request being sent I setup TCP/IP monitoring in eclipse. However this only monitors Http traffic so the follwing is a 99% reflection of what is being requested.
GET /accounts/OAuthGetRequestToken?scope=http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds%2F HTTP/1.1
Authorization: OAuth oauth_callback="http%3A%2F%2Fgooglecodesamples.com%2Foauth_playground%2Findex.php", oauth_consumer_key="anonymous", oauth_nonce="8cc04c7633db041dd0fd8e5fd0eb728e", oauth_signature="epRa5IZOA6s%2B3qhZa%2FUxuwYKnJA%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1302790583", oauth_version="1.0"
Accept: */*
User-Agent: Java/1.6.0_24
Host: localhost
Connection: keep-alive
Can you tell me what I'm doing wrong? Thanks in advance.
Below is the the only code i'm using for this.
package com.pdw.gb;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.util.Calendar;
import java.util.Date;
import java.util.Random;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import com.google.gdata.util.common.util.Base64;
public class OAuthTest3 {
public static String read(String url)
{
StringBuffer buffer = new StringBuffer();
try
{
String[][] data = {
{ "oauth_callback", URLEncoder.encode("http://googlecodesamples.com/oauth_playground/index.php","UTF-8") },
{ "oauth_consumer_key", "anonymous" },
{ "oauth_nonce", a64BitRandomString() },
{ "oauth_signature_method", "HMAC-SHA1" },
{ "oauth_timestamp", timeSinceEpochInMillis() },
{ "oauth_signature", "" },
{ "oauth_version", "1.0" },
{ "scope", URLEncoder.encode("https://www.google.com/calendar/feeds/","UTF-8") }
};
/**
* Generation of the signature base string
*/
String signature_base_string = "GET&"
+ URLEncoder.encode(url, "UTF-8") + "&";
for (int i = 0; i < data.length; i++)
{
// ignore the empty oauth_signature field
if (i != 5)
{
System.out.print(i);
signature_base_string += URLEncoder.encode(data[i][0],
"UTF-8")
+ "%3D"
+ URLEncoder.encode(data[i][1], "UTF-8") + "%26";
}
}
// cut the last appended %26
signature_base_string = signature_base_string.substring(0,
signature_base_string.length() - 3);
/**
* Sign the request
*/
Mac m = Mac.getInstance("HmacSHA1");
m.init(new SecretKeySpec("anonymous".getBytes(), "HmacSHA1"));
m.update(signature_base_string.getBytes());
byte[] res = m.doFinal();
String sig = URLEncoder.encode(String.valueOf(Base64.encode(res)),"UTF8");
data[5][1] = sig;
/**
* Create the header for the request
*/
String header = "OAuth ";
int i=0;
for (String[] item : data)
{
if (i!=7)
{
header += item[0] + "="" + item[1] + "", ";
}
i++;
}
// cut off last appended comma
header = header.substring(0, header.length() - 2);
System.out.println("Signature Base String: "
+ signature_base_string);
System.out.println("Authorization Header: " + header);
System.out.println("Signature: " + sig);
String charset = "UTF-8";
URLConnection connection = new URL(url+"?scope="+URLEncoder.encode("https://www.google.com/calendar/feeds/", "UTF-8")).openConnection();
connection.setRequestProperty("Authorization", header);
connection.setRequestProperty("Accept", "*/*");
BufferedReader reader = new BufferedReader(new InputStreamReader(
connection.getInputStream()));
String read;
while ((read = reader.readLine()) != null)
{
buffer.append(read);
}
} catch (Exception e) {
e.printStackTrace();
}
return buffer.toString();
}
public static void main(String[] args)
{
boolean debug=false;
if (!debug)
{
System.out.println(OAuthTest3
.read("https://www.google.com/accounts/OAuthGetRequestToken"));
}
else
{
System.out.println(OAuthTest3
.read("http://localhost/accounts/OAuthGetRequestToken"));
}
}
private static String a64BitRandomString() {
StringBuffer sb = new StringBuffer();
Random generator = new Random();
for (int i = 0; i < 32; i++) {
Integer r = generator.nextInt();
if (r < 0) {
r = r * -1;
}
r = r % 16;
sb.append(r.toHexString(r));
}
return sb.toString();
}
private static String timeSinceEpochInMillis() {
Calendar c = Calendar.getInstance();
Date date = c.getTime();
Long time = date.getTime();
Integer i = (int) (time/1000);
return i.toString();
}
}
It should be m.init(new SecretKeySpec("anonymous&".getBytes(), "HmacSHA1")); When the oauth_token_secret is empty, you still need the "&" joining the two secrets to make the complete signature key.
这篇关于如何使用 Java 获取 Google 的 OAuth 请求令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
