获取用户会话令牌时意外签名

Question

我正在使用 Connecty Cube 并按照 documentation 获取用户会话令牌，但是响应是

客户端错误：POST https://api.connectycube.com/session 导致 422 Unprocessable Entity 响应：

{"errors":["Unexpected signature"]}

我正在使用下面的代码来获取会话令牌。

use GuzzleHttp\Psr7;
use GuzzleHttp\Client;
use GuzzleHttp\Exception\ClientException;
use GuzzleHttp\Exception\TransferException;

 $client = new Client();

// Create Connecty Cube Session
$application_id = env('CUBE_APPLICATION_ID');
$auth_key = env('CUBE_APPLICATION_KEY');
$timestamp = time();
$nonce = substr($timestamp, 0, 4);

$response = $client->request('POST', 'https://api.connectycube.com/session', [
    'form_params' => [
        'application_id' => $application_id,
        'auth_key' => $auth_key,
        'timestamp' => $timestamp,
        'nonce' => $nonce,
        'signature' => hash_hmac('sha1', 
            http_build_query([
                'application_id' => $application_id, 
                'auth_key' => $auth_key,
                'nonce' => $nonce,
                'timestamp' => $timestamp,
            ]),
            env('CUBE_APPLICATION_SECRET')
        ),
        "user" => [
            "email" => <email address>,
            "password" => <password>
        ]
    ]
]);

$contents = json_decode($response->getBody()->getContents(), true);
var_dump($contents);

请帮助我找出哪里出错了。谢谢！

Answer 1

// Application credentials
DEFINE('APPLICATION_ID', 1204);
DEFINE('AUTH_KEY', "HhBrEq4BRgT4R8S");
DEFINE('AUTH_SECRET', "TkpdsDSSWyD6Sgb");

// endpoints
DEFINE('CB_API_ENDPOINT', "https://api.connectycube.com");
DEFINE('CB_PATH_SESSION', "session.json");

// Generate signature
$nonce = rand();
$timestamp = time(); // time() method must return current timestamp in UTC but seems like hi is return timestamp in current time zone
$signature_string = "application_id=".APPLICATION_ID."&auth_key=".AUTH_KEY."&nonce=".$nonce."&timestamp=".$timestamp;

echo "stringForSignature: " . $signature_string . "<br><br>";
$signature = hash_hmac('sha1', $signature_string , AUTH_SECRET);

// Build post body
$post_body = http_build_query(array(
                'application_id' => APPLICATION_ID,
                'auth_key' => AUTH_KEY,
                'timestamp' => $timestamp,
                'nonce' => $nonce,
                'signature' => $signature
                ));

// $post_body = "application_id=" . APPLICATION_ID . "&auth_key=" . AUTH_KEY . "&timestamp=" . $timestamp . "&nonce=" . $nonce . "&signature=" . $signature;

 echo "postBody: " . $post_body . "<br><br>";
// Configure cURL
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, CB_API_ENDPOINT . '/' . CB_PATH_SESSION); // Full path is - https://api.connectycube.com/session.json
curl_setopt($curl, CURLOPT_POST, true); // Use POST
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body); // Setup post body
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Receive server response

// Execute request and read responce
$responce = curl_exec($curl);

// Check errors
if ($responce) {
        echo $responce . "\n";
} else {
        $error = curl_error($curl). '(' .curl_errno($curl). ')';
        echo $error . "\n";
}

// Close connection
curl_close($curl);