问题的OAuth，POST与参数 [英] Problem with OAuth, POST with parameters

问题描述

我使用的是乔恩·克罗斯比的开放源代码的Objective-C的OAuth库的http：// code.google.com / p / oauthconsumer / 了解一些基本的HTTP认证不与令牌，只有消费者密钥和消费者秘密交易。我的code为GET的伟大工程，具有在URL参数和POST GET。当我发出URL中有参数的POST请求，不过，请求失败授权。我试图找出原因。

I'm using Jon Crosby's open source Objective-C OAuth library http://code.google.com/p/oauthconsumer/ for some basic http authentication that does not deal with tokens, only consumer key and consumer secret. My code works great for GET, GET with parameters in the URL, and POST. When I issue a POST request that has parameters in the URL, though, the request fails authorization. I'm trying to figure out why.

服务器使用Apache OAuth的，所以我想我的基本字符串比较该库。这里是一个人为的例子和我的媒体库生产基地串并签名。任何人都可以看到的问题是什么？

The server is using Apache Commons OAuth, so I'd like to compare my base string with that library. Here's a contrived example and the base string and signature produced by my library. Can anyone see what the problem is?

consumer key:    abcdef
consumer secret: ghijkl
POST request:    http://emptyrandomhost.com/a/uriwith/params?interesting=foo&prolific=bar
my base string:  POST&http%3A%2F%2Femptyrandomhost.com%2Fa%2Furiwith%2Fparams&interesting%3Dfoo%26oauth_consumer_key%3Dabcdef%26oauth_nonce%3D1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D2%26oauth_version%3D1.0%26prolific%3Dbar

此数据将产生以下的OAuth头授权：

This data produces the following OAuth header authorization:

Authorization: OAuth oauth_consumer_key="abcdef", 
                     oauth_version="1.0", 
                     oauth_signature_method="HMAC-SHA1", 
                     oauth_timestamp="2", 
                     oauth_nonce="1", 
                     oauth_signature="Z0PVIz5Lo4eB7aZFT8FE3%2FFlbz0%3D"

和显然我的签名是错误的。这个问题有要么是在基本字符串的建设，该HMAC-SHA1功能的实现方式（使用CommonHMAC.h苹果的CCHmac，所以希望这是不是），或与我Base64Trans codeR，这是开源的C。 2003年乔纳森·怀特/有毒软件。我主要是怀疑基本字符串，因为请求GET和POST工作，只有失败，POST使用URL参数之上。

And apparently my signature is wrong. The problem has to either be in the construction of the base string, in the way that the HMAC-SHA1 function is implemented (using Apple's CCHmac from CommonHMAC.h, so hopefully this isn't it), or with my Base64Transcoder, which is open source c. 2003 by Jonathan Wight/Toxic Software. I primarily suspect the base string, since the requests work for GET and POST and only fail with POST with URL parameters as above.

能有个人见人爱的OAuth经验点以上的问题呢？别的东西，这将是非常有用的是由Apache的百科全书OAuth的在他们的认证产生的基弦。谢谢你。

Can someone with lots of OAuth experience spot the problem above? Something else that would be very useful is the base string that is produced by Apache Commons OAuth in their authentication. Thanks.

推荐答案

您可以建立，并在此网址查看您的视觉要求：

you can build and check visually your request at this URL:

的http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/

打开由[+]符号表示的箱子，并在你的价值观填补，这样你也许能看到，如果问题出在你的code或运营商侧。

Open the boxes denoted by [+] signs and fill in your values, that way you may be able to see if the problem is at your code, or at the provider side.

这篇关于问题的OAuth，POST与参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！