Facebook签署iOS请求（HMAC SHA256） [英] Facebook Signed Request for iOS (HMAC SHA256)

问题描述

我一直在尝试为iOS上的Facebook签名请求生成HMAC SHA256几周。我迫切需要帮助。

I've been trying to generate HMAC SHA256 for Facebook signed request on iOS for weeks now. I am desperate need of help.

Facebook签名请求有两个部分，用句点分隔。第一部分是有效载荷的HMAC256，而第二部分是有效载荷的Base64编码串。我只能重新创建第二部分。

Facebook signed requests have two parts which are separated by a period. First part is an HMAC256 of the payload while the 2nd part is Base64 encoded string of the payload. I've only been able to recreate the second part.

vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0

我一直在使用以下代码，每个人都使用但是它生成了不同的哈希：

I've been using the following code that everybody uses but it's generating a different hash:

#import <CommonCrypto/CommonHMAC.h>
#import "NSData+Base64.h"

+(NSString*) hmacForSecret:(NSString*)secret data:(NSString*)data {

     const char *cKey  = [secret cStringUsingEncoding:NSASCIIStringEncoding];
     const char *cData = [data cStringUsingEncoding:NSASCIIStringEncoding];
     unsigned char cHMAC[CC_SHA256_DIGEST_LENGTH];

     CCHmac(kCCHmacAlgSHA256, cKey, strlen(cKey), cData, strlen(cData), cHMAC);
     NSData *HMAC = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)];

     return [HMAC base64EncodedString];
}

根据Facebook文档：
https://developers.facebook.com/docs/authentication/signed_request/

According to Facebook docs: https://developers.facebook.com/docs/authentication/signed_request/

当使用秘密作为密钥时，正确的HMAC256输出应该是：

Correct HMAC256 output should be when using "secret" as the key:

 vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso

要编码的有效负载：

 {
     "algorithm": "HMAC-SHA256",
     "0": "payload"
 }

注意：您可以对签名请求的第二部分进行Base64解码以获得此有效负载。

NOTE: You can Base64 decode the 2nd part of the signed request to get this payload.

推荐答案

问题在于Base64编码器。它需要编码为Base64Url，请参阅：
http://en.wikipedia.org/ wiki / Base64＃URL_applications

The problem was with the Base64 encoder. It needs to be encoded as Base64Url see: http://en.wikipedia.org/wiki/Base64#URL_applications

这是修改后的base64EncodedString类别方法：

Here's the modifed base64EncodedString category method:

//NSData+Base64.h
 - (NSString *)base64EncodedString
 {
    size_t outputLength;

    char *outputBuffer = NewBase64Encode([self bytes], [self length], true, &outputLength);
    NSString *result = [[[NSString alloc] initWithBytes:outputBuffer length:outputLength encoding:NSASCIIStringEncoding] autorelease];
    free(outputBuffer);

     NSString *b64PayloadClean = [[result componentsSeparatedByCharactersInSet:[NSCharacterSet newlineCharacterSet]] componentsJoinedByString:@""];

     //do URL encoding by replacing "+" and "/" to "-" and "_" respectively
     b64PayloadClean = [b64PayloadClean stringByReplacingOccurrencesOfString:@"=" withString:@""];
     b64PayloadClean = [b64PayloadClean stringByReplacingOccurrencesOfString:@"+" withString:@"-"];
     b64PayloadClean = [b64PayloadClean stringByReplacingOccurrencesOfString:@"/" withString:@"_"];

    return b64PayloadClean;
 }

这篇关于Facebook签署iOS请求（HMAC SHA256）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！