建立微博的OAuth没有第三方库 [英] Setting up Twitter OAuth without 3rd party libraries

问题描述

公开的Twitter时间线，JSON + C＃延续，没有第三方库

我还是新的C＃和OAuth所以请容忍我，如果我不明白什么

我创建了一个名为oAuthClass C＃类，而这些都是我目前拥有的变量：

 静态类oAuthClass 
 {
公共静态无效的run（）
 {
 INT oauth_timestamp = GetTimestamp（DateTime.Now）; 
串oauth_nonce = PseudoRandomStringUsingGUID（）; 
串oauth_consumer_key =这里消费的关键; 
串oauth_signature_method =HMAC-SHA1 
串oauth_version =1.0; 
} 
} 
  

我对OAuth的签名，和我读了选择使用HMAC-SHA1现在，我不知道如何生成的签名，我也极其混乱阅读和看到的东西，如HTTP，编码和BASE-字符串和诸如此类的东西后，（我不知道他们的意思在所有），但我的猜测是创造的宀编码，就像空间的URL - >％20

在概括：
- 什么是基串

-Am我对上的空间？ - > 20％，例如

-HMAC-SHA1涉及到一个消息，一个关键，是消费者的秘密消息？是消费者密钥的密钥呢？

- 如何通过使用HMAC-SHA1算法

的创建签名

- 如果我设法创建签名，我怎么通过这些值来Twitter？

我可以使用

  http://example.com?consumer_key=asdf&oauth_signature=signaturevalue&etc，
  

但我已阅读并apparantly人使用HTTP报头什么的（同样，我真的不知道这是什么）

感谢您！同样，没有第三方库允许：（

解决方案

这是真的很难回答在很短的方式你的问题，因为实施完全成熟的OAuth用户端是不平凡的，需要真正理解OAuth1.0a规范。这不是火箭科学，但它确实需要整理出所有的点点滴滴。

我将尝试零碎的回答你的问题。

什么是基本条件？

在OAuth的签名基本字符串是建立像这样的：

• 开始与请求的HTTP方法您正在发送，以大写字母。例如： POST 或 GET 。


• 添加符号（&安培; ）字符到


• 添加编码的URL（百分比编码）的URL你调用你的要求（做不包括参数这里）


• 添加另一个符号（&安培; ）字符这里


• 最后添加URL编码参数字符串

我将介绍如何创建您在最后一步需要的参数字符串。

收集包含在请求中的所有参数。你会发现他们无论是在URL作为查询字符串的一部分，还当你是 POST -ing请求请求主体。例如说，你是 POST -ing参数参数1 =值来的网址 HTTP ：？//example.com/参数2 =值2 。这使得两个参数，包括

现在你也必须总结一下所需要的协议，要快乐，所有的OAuth参数。这将导致一个参数列表看起来像这样：

• oauth_consumer_key = fffffaaaafffaaaff


• oauth_nonce = aaaaabbbbbcccccaaaaudi2313


• oauth_signature_method = HMAC-SHA1


• oauth_timestamp = 1319633599


• 组oauth_token = bbbbbbbbbfsdfdsdfsfserwerfsddffdsdf


• oauth_version = 1.0


• 参数1 =值


• 参数2 =值2

所有这些个别字符串必须按字典顺序排序的参数名称（按字母顺序应该足够了），并连接成一个字符串。 。这就是你的参数字符串

我说的对的空间 - >％20例如：

是的。你说的是编码％，这也是推移HTTP编码和URL编码的名称。 http://en.wikipedia.org/wiki/Percent-encoding 。

HMAC-SHA1涉及到一个消息，一个关键，是消费者的秘密消息？是消费者密钥的密钥呢？

该消息是，你在上面创建签名基本字符串。关键是你的消费者的秘密，你的访问令牌秘密的组合。所以关键应该是这样的： CONSUMER_SECRET和放大器; TOKEN_SECRET （注意号）。在你做你不会有一个令牌密钥还没有绝对的第一个请求，那么关键就是唯一的 CONSUMER_SECRET和放大器; （再次，注意号）

如何创建通过使用HMAC-SHA1算法的签名。

我拿来这从 http://oauth.googlecode.com/svn/code/csharp /OAuthBase.cs 和秘密和基底线被假定为提供给代码

基本上用密钥和一个消息养活HMACSHA1实例，呈现哈希并将其转换成一个base64字符串

  HMACSHA1 HMACSHA1 =新HMACSHA1（）; 
 hmacsha1.Key = Encoding.ASCII.GetBytes（的String.Format（{0}&放大器; {1}，以UrlEncode（consumerSecret），string.IsNullOrEmpty（tokenSecret）：以UrlEncode（tokenSecret））） ; 
字节[] =的DataBuffer System.Text.Encoding.ASCII.GetBytes（signatureBaseString）; 
字节[] = HASHBYTES hmacsha1.ComputeHash（DataBuffer中）; 
 
返回Convert.ToBase64String（HASHBYTES）; 
  

如果我设法创建签名，我怎么通过这些值来Twitter？

您应该能够轻松地研究HTTP标头是什么。

不过你可以选择添加的参数和签名URL的最终结果，我觉得微博，甚至接受他们的一些请求，请求主体。但最好的方式是通过授权 HTTP头，因为它允许明确分离协议之间的具体要求和具体参数。

它看起来有点像这（直接从的 OAuth的1.0A规格）：

 授权：OAuth的境界=示例，
 oauth_consumer_key =0685bd9184jfhq22，
组oauth_token =ad180jjd733klru7，
 oauth_signature_method =HMAC-SHA1，
 oauth_signature =wOJIO9A2W5mFwDgiDvZbTSMK％2FPY％3D，
 oauth_timestamp =137131200 ，
 oauth_nonce =4572616e48616d6d65724c61686176，
 oauth_version =1.0
  

Continuation from Get twitter public timeline, json+C#, no 3rd party libraries

I'm still new to C# and oAuth so please bear with me if I fail to understand anything

I've created a C# class named oAuthClass, and these are the variables I currently have:

    static class oAuthClass
{
    public static void run()
    {
        int oauth_timestamp = GetTimestamp(DateTime.Now);
        string oauth_nonce = PseudoRandomStringUsingGUID();
        string oauth_consumer_key = "consumer key here";
        string oauth_signature_method = "HMAC-SHA1";
        string oauth_version = "1.0";
    }
}

I've read up on OAuth Signatures, and I chose to use HMAC-SHA1 for now, I don't know how to generate the signature, I'm also extremely confused after reading and seeing stuff like HTTP-Encodings and Base-Strings and whatnot (I've no idea what they mean at all), but my guess is to create a URL that's "Http-encoded", like spaces->"%20"?

In summary: -What are base-strings?

-Am I right on the spaces->%20 example?

-HMAC-SHA1 involves a message and a key, is the consumer secret the message? Is the consumer key the key then?

-How to create a signature through the use of the HMAC-SHA1 algorithm

-If I do manage to create the signature, how do I pass these values to Twitter?

I could use

http://example.com?consumer_key=asdf&oauth_signature=signaturevalue&etc., 

but I've read and apparantly people use HTTP-Headers or something (again, I don't really know what this is)

Thank you! Again, no 3rd party libraries allowed :(

解决方案

It is really hard to answer your question in a short manner, since implementing a full blown OAuth client is not trivial and requires really understanding the OAuth1.0a specification. It is not rocket science but it really requires sorting out all the bits and pieces.

I will attempt to answer your question piecemeal.

What are base strings?

A signature base string in OAuth is built like this:

• Start with the HTTP method of the request your are sending, in upper case. E.g POST or GET.
• Add an ampersand (&) character to that
• Add the URL encoded (percent encoded) URL you are calling in your request (do not include parameters here)
• Add yet another ampersand (&) character here
• Lastly add the URL encoded parameter string

I'll describe how to create the parameter string you need in that last step.

Gather all the parameters included in the request. You'll find them either in the URL as part of the query string and also in the request body when you are POST-ing requests. Say for example that you are POST-ing the parameter parameter1=value1 to the URL http://example.com/?parameter2=value2. That makes two parameters to include.

Now you also have to sum up all the OAuth parameters that are needed for the protocol to be happy. These would lead to a parameter list looking something like this:

• oauth_consumer_key=fffffaaaafffaaaff
• oauth_nonce=aaaaabbbbbcccccaaaaudi2313
• oauth_signature_method=HMAC-SHA1
• oauth_timestamp=1319633599
• oauth_token=bbbbbbbbbfsdfdsdfsfserwerfsddffdsdf
• oauth_version=1.0
• parameter1=value1
• parameter2=value2

All these individual strings need to be lexicographically sorted on the parameter name (alphabetically should suffice), and concatenated into a string. That's your parameter string.

Am I right on the spaces->%20 example?

Yes. You are talking about percent encoding, which also goes by the name of HTTP encoding and URL encoding. http://en.wikipedia.org/wiki/Percent-encoding.

HMAC-SHA1 involves a message and a key, is the consumer secret the message? Is the consumer key the key then?

The message is the signature base string that you created above. And the key is the combination of your consumer secret and your access token secret. So the key should look like this: CONSUMER_SECRET&TOKEN_SECRET (notice the ampersand). In the absolute first request that you do you will not have a token secret yet, then the key is only CONSUMER_SECRET& (again, notice the ampersand).

How to create a signature through the use of the HMAC-SHA1 algorithm.

I fetched this from http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs and the secrets and the base string are assumed to be available to the code.

Basically feed an HMACSHA1 instance with a key and a message, render that hash and convert it to a base64 string.

HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.ASCII.GetBytes(string.Format("{0}&{1}", UrlEncode(consumerSecret), string.IsNullOrEmpty(tokenSecret) ? "" : UrlEncode(tokenSecret)));
byte[] dataBuffer = System.Text.Encoding.ASCII.GetBytes(signatureBaseString);
byte[] hashBytes = hmacsha1.ComputeHash(dataBuffer);

return Convert.ToBase64String(hashBytes);

If I do manage to create the signature, how do I pass these values to Twitter?

You should easily be able to research what an HTTP header is.

But you can choose to add the final result of the parameters and signature to the URL, I think Twitter even accepts them in the request body on some requests. But the preferred way is through the Authorization HTTP header since it allows for clear separation between protocol specific and request specific parameters.

It should look somewhat like this (taken straight from the OAuth 1.0a spec):

Authorization: OAuth realm="Example",
    oauth_consumer_key="0685bd9184jfhq22",
    oauth_token="ad180jjd733klru7",
    oauth_signature_method="HMAC-SHA1",
    oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
    oauth_timestamp="137131200",
    oauth_nonce="4572616e48616d6d65724c61686176",
    oauth_version="1.0"

这篇关于建立微博的OAuth没有第三方库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！