在JavaScript Twitter的OAuth认证 [英] Twitter OAuth authentication in javascript
问题描述
我到处找一个jQuery Ajax调用使用他们的OAuth的方法来验证在Twitter上使用的一个很好的例子。我阅读说明书好几次,这是我迄今为止,此刻我只是试图让Oauth_Token发送验证用户。我不断收到错误401未经授权错误。我已经尝试了一些组合改变数据类型和几个其他的东西,在Ajax调用,但没有成功。我相信,在创建基地的签名和SHA1加密创建签名是正确的,但我可能是错的。如果任何人有实现的JavaScript Twitter的OAuth的成功,请让我知道如何。我也没有兴趣使用第三方API,其实我是想学这个。感谢您事先的任何帮助。
微博说明 http://dev.twitter.com/pages/auth
我的code(JavaScript)的
// Unix时间
无功富=新的日期; //一般JS日期对象
变种unixtime_ms = foo.getTime(); //返回毫秒自时代
VAR unixtime = parseInt函数(unixtime_ms / 1000);
VAR callBackURL =OOB; // OOB现在
VAR现时=12342897;
//使用公式创建签名基本字符串
VAR baseSign =POST+&放大器; EN + codeURIComponent(https://api.twitter.com/oauth/request_token)的ToString()+&放大器;
EN + codeURIComponent(oauth_callback)+%3D+ EN codeURIComponent(callBackURL)
+%26
EN + codeURIComponent(oauth_consumer_key)+%3D+ EN codeURIComponent(*****消费者键**********)
+%26
EN + codeURIComponent(oauth_nonce)+%3D+ EN codeURIComponent(随机数)
+%26
EN + codeURIComponent(oauth_signature_method)+%3D+ EN codeURIComponent(HMAC-SHA1)
+%26
EN + codeURIComponent(oauth_timestamp)+%3D+ EN codeURIComponent(unixtime)
+%26
EN + codeURIComponent(oauth_version)+%3D+ EN codeURIComponent(1.0);
//创建签名,随着消费者的秘密钥匙,我们签署了签名基本字符串
VAR签名= b64_hmac_sha1(********分泌键****************,baseSign);
//建立从签名头
VAR jsonData = JSON.stringify({
授权:{
oauth_nonce:现时,
oauth_callback:恩codeURIComponent(callBackURL)
oauth_signature_method:HMAC-SHA1,
oauth_timestamp:unixtime,
oauth_consumer_key:**********消费者键*********,
oauth_signature:签名,
oauth_version:1.0
}
});
//请求访问令牌
$阿贾克斯({
网址:http://api.twitter.com/oauth/request_token
类型:后,
标题:jsonData,
数据类型:JSONP
成功:功能(数据){
警报(数据);
},
错误:功能(数据){
警报(错误);
}
下面是HTTP响应
HTTP / 1.1 401未经授权
日期:星期四,2011年7月14号21时05分55秒GMT
服务器:喜
状态:401未授权
的X交易:1310677555-60750-49846
X框选项:SAMEORIGIN
最后一次修改:星期四,2011年7月14号21时05分55秒GMT
的X运行时:0.01152
内容类型:text / html的;字符集= UTF-8
杂注:无缓存
的X修订:DEV
到期日:星期二,1981年3月31日05:00:00 GMT
的X MID:ffc990286a86b688f1e72ef733365926ea30ca62
有所不同:接受编码
缓存控制:无缓存,无存储,必重新验证,pre-检查= 0,后检查= 0,代理重新验证
内容长度:44
- 代理连接:保持活动
连接:保持活动
设置Cookie:LANG = EN; PATH = /
设置Cookie:LANG = EN; PATH = /
设置Cookie: _twitter_sess=BAh7DjoOcmV0dXJuX3RvIiJodHRwOi8vdHdpdHRlci5jb20vcGF1bF9pcmlz%250AaDoJdXNlcmkEl6phBDoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRs%250AKwgE9BTnMAE6B2lkIiU2MzBkYmJmNmY4YmRmY2E3NGI2NDRmZTFhNjZiNmU2%250ANToTc2hvd19oZWxwX2xpbmswOgxjc3JmX2lkIiUyODIzYWNlNmFjMzQ3OTk5%250AZDE5YmVlYmJlYzM4MTg0ZSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoTcGFzc3dvcmRfdG9rZW4i%250ALThkY2NlMmE1OTI5OWJmM2VjNDI4YWRiOTE0YTRmYzVjYzQwN2FkMmM%253D--22a361f562df3aa6991b81fff6f486086ab71f0e;
域= .twitter.com;
路径= /;仅Http
代理服务器的支持:基于会话的认证
年龄:0
无法验证的OAuth签名和令牌
解决方案
我有完全一样的问题
https://dev.twitter.com/discussions/3454
Basicly你不能得到oauth_token这种方式在客户端。这就是为什么你总是得到错误401。
有一个解决方案,使用'XAUTH'(https://dev.twitter.com/docs/oauth/xauth),以避免服务器端,但这样做需要发送一个详细的消息api@twitter.com要求XAUTH特权。
I have looked everywhere for a good example of a JQuery ajax call to authenticate a use in Twitter using their OAuth method. I read the instructions several times and this is what I have so far, at the moment I am only trying to get the Oauth_Token to send the user to validate. I keep getting the error 401 unauthorized error. I have tried a few combinations changing the dataType and couple other things in the ajax call but no success. I believe that the "Create base signature and the Create signature from SHA1 encryption" is correct, but I could be wrong. If anyone has implement twitter OAuth in javascript successfully please let me know how. I am also not interested in using a third party API, I actually want to learn this. Thanks in advance for any help.
Twitter instructions http://dev.twitter.com/pages/auth
My code (Javascript)
//Unix time
var foo = new Date; // Generic JS date object
var unixtime_ms = foo.getTime(); // Returns milliseconds since the epoch
var unixtime = parseInt(unixtime_ms / 1000);
var callBackURL = "oob"; //oob for now
var nonce = "12342897";
//Create Signature Base String using formula
var baseSign = "POST" + "&" + encodeURIComponent("https://api.twitter.com/oauth/request_token").toString() + "&"
+ encodeURIComponent("oauth_callback") + "%3D" + encodeURIComponent(callBackURL)
+ "%26"
+ encodeURIComponent("oauth_consumer_key") + "%3D" + encodeURIComponent("*****consumer key**********")
+ "%26"
+ encodeURIComponent("oauth_nonce") + "%3D" + encodeURIComponent(nonce)
+ "%26"
+ encodeURIComponent("oauth_signature_method") + "%3D" + encodeURIComponent("HMAC-SHA1")
+ "%26"
+ encodeURIComponent("oauth_timestamp") + "%3D" + encodeURIComponent(unixtime)
+ "%26"
+ encodeURIComponent("oauth_version") + "%3D" + encodeURIComponent("1.0");
//Create Signature, With consumer Secret key we sign the signature base string
var signature = b64_hmac_sha1("********secrete key****************", baseSign);
//Build headers from signature
var jsonData = JSON.stringify({
Authorization: {
oauth_nonce: nonce,
oauth_callback: encodeURIComponent(callBackURL),
oauth_signature_method: "HMAC-SHA1",
oauth_timestamp: unixtime,
oauth_consumer_key: "**********consumer key*********",
oauth_signature: signature,
oauth_version: "1.0"
}
});
//Request Access Token
$.ajax({
url: "http://api.twitter.com/oauth/request_token",
type: "post",
headers: jsonData,
dataType: "jsonp",
success: function (data) {
alert(data);
},
error: function (data) {
alert("Error");
}
Here is the HTTP response
HTTP/1.1 401 Unauthorized
Date: Thu, 14 Jul 2011 21:05:55 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1310677555-60750-49846
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 14 Jul 2011 21:05:55 GMT
X-Runtime: 0.01152
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
X-MID: ffc990286a86b688f1e72ef733365926ea30ca62
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0, proxy-revalidate
Content-Length: 44
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Set-Cookie: lang=en; path=/
Set-Cookie: lang=en; path=/
Set-Cookie: _twitter_sess=BAh7DjoOcmV0dXJuX3RvIiJodHRwOi8vdHdpdHRlci5jb20vcGF1bF9pcmlz%250AaDoJdXNlcmkEl6phBDoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRs%250AKwgE9BTnMAE6B2lkIiU2MzBkYmJmNmY4YmRmY2E3NGI2NDRmZTFhNjZiNmU2%250ANToTc2hvd19oZWxwX2xpbmswOgxjc3JmX2lkIiUyODIzYWNlNmFjMzQ3OTk5%250AZDE5YmVlYmJlYzM4MTg0ZSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoTcGFzc3dvcmRfdG9rZW4i%250ALThkY2NlMmE1OTI5OWJmM2VjNDI4YWRiOTE0YTRmYzVjYzQwN2FkMmM%253D--22a361f562df3aa6991b81fff6f486086ab71f0e;
domain=.twitter.com;
path=/; HttpOnly
Proxy-support: Session-based-authentication
Age: 0
Failed to validate oauth signature and token
I had exactly the same issue. After lose a few hours at the twitter developers page i found this:
https://dev.twitter.com/discussions/3454
Basicly you can't get the oauth_token this way on the client side. That's why you are always getting error 401.
There's a solution to avoid server side using the 'xauth' (https://dev.twitter.com/docs/oauth/xauth), but to do so you need to send a detailed message to api@twitter.com to request xAuth privileges.
这篇关于在JavaScript Twitter的OAuth认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!