Shopify oauth中的HMAC-SHA256问题(输出不匹配) [英] HMAC-SHA256 issue in Shopify oauth (Output does not match)
问题描述
我正在尝试按照此文档在Shopify市场上发布应用。而且我仍然坚持oauth文档的第3步,你需要做'HMAC签名验证'。
I'm trying to publish an app on Shopify marketplace by following this documentation. And I'm stuck on step-3 of the oauth documentation wherein you have to do 'HMAC Signature Validation'.
文档说明你必须处理字符串(指定下面)通过HMAC-SHA256使用应用程序的共享密钥。
Documentation states that you have to process the string (specified below) through HMAC-SHA256 using app's shared secret key.
String = "shop=some-shop.myshopify.com×tamp=1337178173"
我正在尝试使用Java实现这些步骤。以下是我使用的代码的要点。
I'm trying to implement the steps using Java. Following is gist of the code that I have used.
private static final String HMAC_ALGORITHM = "HmacSHA256";
String key = "hush";
String data = "shop=some-shop.myshopify.com×tamp=1337178173";
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(),HMAC_ALGORITHM);
Mac mac = Mac.getInstance(HMAC_ALGORITHM);
mac.init(keySpec);
byte[] rawHmac = mac.doFinal(data.getBytes());
System.out.println(Hex.encodeHexString(rawHmac));
代码生成以下字符串:
c2812f39f84c32c2edaded339a1388abc9829babf351b684ab797f04cd94d4c7
通过Shopify开发者论坛上的一些随机搜索,我找到了指向问题的链接。
Through some random search on Shopify developer forum I found the link to a question.
来自 @Shayne <的最后一条消息/ a>建议我们必须通过添加 protocol 字段对 data 变量进行更改。
The last message from @Shayne suggests that we have to make changes in data variable by adding protocol field.
但它没有成功:(
谁能告诉我应该做什么?我是否必须在我的代码或文档中的过程已更改。
请帮忙。
Can anyone tell me what should be done?Do I have to make modifications in my code or the process in the documentation have changed. Please help.
推荐答案
示例显然是错误的。您的哈希代码没问题。你需要确保包含一个来自Shopify响应的参数,例如验证回复的输入如下:
The example is wrong apparently. Your hash code is OK. You'll need to make sure you include all parameters from the Shopify response e.g. the input for verification of a response would look like:
code={code}&protocol=https://&store={store}×tamp={timestamp}
这篇关于Shopify oauth中的HMAC-SHA256问题(输出不匹配)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
