“无效签名”：具有Django活塞的oAuth提供者 [英] "Invalid signature": oAuth provider with Django-piston

问题描述

我正在与django-piston一起尝试创建一个支持oAuth的API。

我开始使用本教程：

http：// blog.carduner.net/2010/01/26/django-piston-and-oauth/

我向活塞的管理员界面添加了一个消费者的钥匙和秘密都设置为abcd用于测试目的。

网址已成功连接，并且oAuth提供程序被调用。

但是，使用tripit运行我的get请求令牌测试（python get_request_token.py http：//127.0 .0.1：8000 / api abcd abcd），我收到以下错误：

签名无效。预期签名
基本字符串：
GET& http％3A％2F％2F127.0.0.1％3A8000％2Fapi％2Foauth％2Frequest_token％2F& oauth_consumer_key％3Dabcd％26oauth_nonce％3D0c0bdded5b1afb8eddf94f7ccc672658％26oauth_signature_method％3DHMAC-SHA1 ％26oauth_timestamp％3D1275135410％26oauth_version％3D1.0

问题似乎在Piston的oauth.py的_check_signature方法中，其中

  valid_sig = signature_method.check_signature（oauth_request，consumer，token，signature）
  pre> 
 
 
正在返回false。但是，我不知道如何让签名验证。
 
 
 
任何想法？
 
 
 
  - ----更新----- 
 
 
 
如果我从活塞的后端删除测试用户，则返回的响应正确设置为无效的用户，因此此查找似乎正在工作。
解决方案
我发现最后的答案是将oauth_consumer的工作副本安装到应用程序目录中。一旦我将消费者添加到此应用程序中，一切都按预期运行。
 
I'm working with django-piston to attempt to create an API that supports oAuth.

I started out using the tutorial at:

http://blog.carduner.net/2010/01/26/django-piston-and-oauth/

I added a consumer to piston's admin interface with key and secret both set to "abcd" for test purposes.

The urls are successfully wired-up and the oAuth provider is called.

However, running my get request token tests with tripit (python get_request_token.py "http://127.0.0.1:8000/api" abcd abcd), I receive the following error:

  
Invalid signature. Expected signature
  base string:
  GET&http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dabcd%26oauth_nonce%3D0c0bdded5b1afb8eddf94f7ccc672658%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275135410%26oauth_version%3D1.0
The problem seems to lie inside the _check_signature method of Piston's oauth.py, where 
valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature)
is returning false. I can't, however, work out how to get the signature validated.

Any ideas?

-----Update-----

If I remove the test consumer from piston's backend, the response returned is correctly set to "Invalid consumer", so this lookup appears to be working.
解决方案
The eventual answer I found was to install a working copy of oauth_consumer into the application directory. Once I had added my consumer inside this application, everything worked as expected.

                        
这篇关于“无效签名”：具有Django活塞的oAuth提供者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！