使用Restack的有向OAuth身份验证（或）消费者密钥OAuth Web服务 [英] Consumption of 2 Legged OAuth authentication (or) Consumer key OAuth webservices using Restkit

问题描述

根据本指南，我已在我的网站中配置了2条有腿OAuth服务：
http：/ /drupal.org/node/1827698

I have configured 2 legged OAuth services in my web as in accordance with this guide: http://drupal.org/node/1827698

我确定配置是正确的，因为当我使用基本URL +服务触发webservice时浏览器返回我的错误：

I am pretty sure that the configuration is all proper, for when I trigger the webservice using the base URL + service endpoint through the web browser, the browser returns me this error:

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<result>The request must be signed</result>

这表明这是一个身份验证错误。我想。

Which does kind of suggest that it is an authentication error. I suppose.

现在我有计划在我的iPhone项目中使用Restkit。我按照此指南写下一个简单的2腿OAuth Web服务请求：
https://github.com/RestKit/RestKit/wiki/OAuth-Support-on-RestKit

Now I have plans of using Restkit in my iPhone project. I followed this guide to write down a simple 2 legged OAuth webservice request: https://github.com/RestKit/RestKit/wiki/OAuth-Support-on-RestKit

这是我的代码：

    NSString *urlResource = @"";
    urlResource = @"/service_endpoint/node";
    RKObjectManager* objectManager = [RKObjectManager objectManagerWithBaseURLString:@"http://mydomain.com/"];
    [RKObjectManager setSharedManager:objectManager];
    objectManager.client.OAuth1ConsumerKey = @"proper_consumer_key";
    objectManager.client.OAuth1ConsumerSecret = @"proper_consumer_secret";
    objectManager.client.OAuth1AccessToken = nil;
    objectManager.client.OAuth1AccessTokenSecret = nil;
    objectManager.client.authenticationType = RKRequestAuthenticationTypeOAuth1;
#define USE_GET_REQUEST 0
#if USE_GET_REQUEST
    [objectManager.client get:urlResource delegate:self];
#else
    NSDictionary *theParams = nil;
    NSString *timeStamp = [[NSNumber numberWithInt:(NSTimeInterval)[[NSDate date] timeIntervalSince1970]] stringValue];
    theParams = [NSDictionary dictionaryWithObjectsAndKeys:@"1.0", @"oauth_version", @"HMAC-SHA1", @"oauth_signature_method", timeStamp, @"oauth_timestamp", nil];
    [objectManager.client post:urlResource
                        params:theParams
                      delegate:self];
#endif

我之前尝试过GET请求，如 post 。我得到一个空的身体没有任何数据，Restkit记录这，这表明授权问题：

I tried with GET request earlier as indicated in the post. I get an empty body without any data and somewhere Restkit logs this, which indicates authorization problem:

2012-11-06 19:27： 46.887 MyProject OAuth [22187：11603] I
restkit.network:RKRequest.m:689状态码：401

2012-11-06 19:27:46.887 MyProject OAuth[22187:11603] I restkit.network:RKRequest.m:689 Status Code: 401

I意识到Restkit不会以这种方式添加任何参数，因此请求不知道使用什么签名，时间戳和OAuth版本。因此，我尝试相同使用POST请求，其中我可以指定这些参数。即使现在我得到一个空的身体和Restkit日志说：

I realized that Restkit would not add any parameters in this way and hence the request is not aware of what signature, timestamp and OAuth version to use. Hence I tried the same using POST request where I can specify these parameters. Even now I get an empty body and the Restkit log says this:

2012-11-06 19：28：03.231 MyProject OAuth [22205 ：11603] I
restkit.network:RKRequest.m:689状态代码：404

2012-11-06 19:28:03.231 MyProject OAuth[22205:11603] I restkit.network:RKRequest.m:689 Status Code: 404

我不知道在哪里我会出错或什么其他尝试！期待帮助解决这个问题。

I do not know where I am going wrong or what else to try! Looking forward for help in resolving this issue.

编辑：
我实现了一个缺少的回调方法，现在得到： p>

I implemented a missing callback method and now am getting:

请求必须签名

"The request must be signed"

信息。我假设上面的设置应该已经足够OAuth身份验证，如引用链接中提到的，我还应该做什么？

message. I presume that the above setup should have been enough for OAuth authentication, as mentioned in the referred link, what else am I supposed to do?

观察：

Observations:

我可以看到RestKit代码的内部资料，OAuth参数会放在网址要求的HTTP标头栏位中。但不知道Drupal 7是否能够从HTTP头字段读取这些信息，因为它总是返回我：

I could see the internals of RestKit code and the OAuth parameters are put into the HTTP header field of the URL request. But am not sure if Drupal 7 is capable of reading this information from the HTTP header field for it always returns me back:

请求必须

The request must be signed

这意味着Drupal在第一种情况下不接收OAuth参数，否则会给我以下错误最少：

Which means that the OAuth parameters are not received by Drupal in first case, otherwise it would have given me the following error at least:

无效的签名

Invalid Signature

正在寻找一些其他选项，看看我的消费者密钥和秘密和所有其他设置是否在服务器端正确完成。为了确认这一点，我从此处下载了php OAuth客户端脚本。从此处下载SVN代码。在那里，当我交叉检查请求与PHP客户端，我的请求都被完美地服务，我通过输入端点，消费者密钥和消费者秘密来获得xml。

I was looking for some other options to see if my consumer key and secret and all the other setup is done properly in the server side or not. To confirm this I downloaded the php OAuth client script from here. Download the SVN code from here. In that when I cross check the requests with PHP client, my requests are all being served perfectly & I get back the xml by just entering the endpoint, consumer key and consumer secret.

我尝试的另一件事是允许GCOAuth生成签名，并放置一个断点，以便我可以转储HTTP头字段在日志中，而不是Restkit发送请求到服务器，我快速准备的URL请求完全与上述PHP客户端相同的格式。现在此请求触发后，我返回

One more thing I tried is to allow GCOAuth to generate the signature and all inside the Restkit and placed a breakpoint so that I can dump the HTTP header fields in a log and instead of Restkit sending the request to the server, I quickly prepared the URL request exactly in the same format as the above PHP client does. Now this request when triggered, I get back the

无效的签名

Invalid Signature

响应，这也意味着OAuth参数没有在Restkit / GCOAuth中正确准备？

response, does this also somehow mean that the OAuth parameters are not properly prepared in Restkit / GCOAuth?

/ p>

Thanks, Raj

推荐答案

我能够通过修改Restkit的类来解决它。根据我在上面的问题提到的观察，我能够弄清楚我假设是一些网络服务器的限制，让我们说在这种情况下Drupal 7。几乎在我为iOS开发的所有OAuth库中，OAuth身份验证参数都在请求的HTTP头字段中设置。

I was able to solve it by making changes in the Restkit's classes. As per my observations mentioned in the question above, I was able to figure out what I assume is a limitation of some of the webservers, lets say Drupal 7 in this case. Almost in all of the OAuth libraries I have come across for iOS, the OAuth authentication parameters were set in the HTTP header fields of the request.

我遇到了 PHP客户端（如我在上面的观察中所述），如果我们提供适当的消费者密钥和消费者密钥，将生成oauth_nonce字符串，时间戳并且还将在URL的查询参数中提供oauth_signature。 Restkit的库中缺少此功能（我假设？）。虽然Restkit在HTTP头字段中填充了GCOAuth提供的所有信息，但我觉得我的Drupal 7网络服务器没有以某种方式读取，或者我使用错误的HTTP头字段。我搜索了关于如何传递HTTP头字段中的参数的Drupal 7的文档，并从那里读取，但我找不到很多帮助，我不是那么熟练。

I came across the PHP client (as mentioned in my observations above) where if we provide proper consumer key and consumer secret, it will generate the oauth_nonce string, the timestamp and will also provide the oauth_signature inside the URL's query parameters. This capability was missing in Restkit's libraries (I assume?). Though Restkit fills in the HTTP header field with all the information provided by GCOAuth, I feel that my Drupal 7 webserver was not reading it somehow, or maybe I was using the wrong key for the HTTP header field. I searched for the documentation of Drupal 7 on how to pass the parameters in HTTP header field and read it from there, but I could not find much help and am not that proficient at it though.

所以我的解决方案是构建URL请求，就像提到的 PHP客户端

So my solution was to build the URL request just as the way the mentioned PHP client does. Almost everything was done by Restkit within the GCOAuth class, RKClient & RKRequest classes. All I had to do was to tweak so that the OAuth parameters are appended to the request URL. All my changes I have pushed to a forked code of Restkit in github. My changes specific to this OAuth module are commented with "// Raj OAuth:" which can be searched in the project.

代码，我已经成功地用于触发和使用webservice。现在我已经为RKClient的 -get：delegate：方法提供了一个重载的指定方法，同样可以根据需要扩展到所有其他可用的方法。 p>

Below is the code which I have successfully used to trigger and consume the webservice. For now I have provided an overloaded designated method for RKClient's -get:delegate: method, the same can be extended to all other available methods on need basis, I believe.

-(void)triggerOAuthRequest
{
    NSString *urlResource = @"";
    urlResource = @"/endpoint_path/endpoint.xml";
    NSString *baseURL = @"http://your_domain_name.com/path_to_drupal_home_folder/";
    NSString *consumerKey = @"YW9h6tUc*************";
    NSString *consumerSecret = @"HUS2ALAC*************";

    RKObjectManager* objectManager = [RKObjectManager objectManagerWithBaseURLString:baseURL];
    [RKObjectManager setSharedManager:objectManager];
    objectManager.client.OAuth1ConsumerKey = consumerKey;
    objectManager.client.OAuth1ConsumerSecret = consumerSecret;
    objectManager.client.OAuth1AccessToken = nil;
    objectManager.client.OAuth1AccessTokenSecret = nil;
    objectManager.client.authenticationType = RKRequestAuthenticationTypeOAuth1;
    [objectManager.client get:urlResource
                     delegate:self
constructOAuthQueryParamsInURL:YES];
}

我还假设发送此请求对于我的OAuth参数在客户端用秘密消费者密钥签名，然后请求被发送到服务器，尽管URL本身具有查询参数，我觉得安全ozcons是用秘密消费者密钥签署的，其中只有web服务器可以解密并检查请求是否来自可信来源。

I also assume that sending this request is safe enough for the fact that my OAuth parameters are signed with the secret consumer key at the client end and after that the request is sent to the server, though the URL itself has the query parameters, I feel it is safe coz the oauth_signature is signed with secret consumer key which only the webserver can decrypt and check if the request is from authentic sources.

如果您认为有任何改进的余地，请告诉我。

If you feel there is scope for any improvement please let me know.

感谢，

Raj

这篇关于使用Restack的有向OAuth身份验证（或）消费者密钥OAuth Web服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！