OAuth2 请求出现“无效令牌”和“签名无效”错误

Question

我想知道是否有人能够指出我的请求在哪里搞砸了。我正在尝试使用 OAuth2 进行连接，但出现了一个奇怪的错误。

我尝试过使用一些标题选项，但无济于事。出于某种原因，我认为这很简单，我错了。我刚刚开始使用 OAuth2。

它正在返回：

array(5) {
  ["access_token"]=>
  string(88) "//43773esO1jYyy4hEZ0EXjovF21uqvIQC5U4TzLf8b+LhLf/fYnw3i5bMNkFTiynTZdIvNO9mlW90QhcKLuxg=="
  ["token_type"]=>
  string(3) "mac"
  ["secret"]=>
  string(88) "tCAU89rpW9RGoF28EHufUuLG1GBA+CquUuPqh9svQ9Y8ofkqucpMnt+9X9pqgYgE6GBalBwKGNTerMcCDqh5lA=="
  ["algorithm"]=>
  string(12) "hmac-sha-256"
  ["expires_in"]=>
  int(3599)
}
E3Bgu19tbvYKEwMLv7p6rgUfKFMHgudBm4hOUMcBCOI=
string(65) "{"error":"invalid_token","error_description":"Signature Invalid"}"

这是我的脚本：

 <?php 

  $identifier = "QSJMuz3wGIMBbeL6rciemeIJSZ7H5fnuQgU5urztijK6DkFCxLW0FDgqIRraTPW7PiehKM+5mi+U9S45ORGA4igJfmVlv0w0WqNGQ1Rz4v2wakbt26HyVrJg/0ybE0KQMB0qjL/jj3xwOBkPA1FmU1x612axwPY1yMEZYHB9FhfUinFEdhSTd2alSpr5YgJlZDwZ6IK6Z2JaDYOP0S2e3A==";
 $decrypted_id = "dTBFdjlqVStXc1BYN2hSUE1lZVY2QWdaWWI2SjlTdG9nNnVtVUgrb04wb1dpeWhtdUZKT1FIUEZmSW1GeDNpa2xjZnpJWTU1d2FmQVIwMlhlVldTN0E9PTpxVXpHSXdYQVJldG82dGplMnU2YzZBPT0=";

  $r = rand(0, 25);
  $arr = explode(':', base64_decode($decrypted_id)); 
  $p1 = $arr[1];
  $p0 = $arr[0];

  $res = base64_encode($p1 . ":" . $p0);  

  $headers = array('Authorization: Basic ' . $res);
  $posts = array('unique_id', $decrypted_id . ':' . $r);

  $ch = curl_init();

  curl_setopt($ch, CURLOPT_URL,"https://ishin-global.aktsk.com/auth/sign_in");
  curl_setopt($ch, CURLOPT_POST, true);  

  curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($posts));
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);  

  $server_output = curl_exec ($ch);
  $server_output = json_decode($server_output, true);
  echo "<pre>";
   var_dump($server_output);
  echo "</pre>";

  curl_close ($ch);


?>

 <?php 

  $access_token = $server_output["access_token"];
  $secret = $server_output["secret"];

  $ts = time();
  $nonce = $ts . ":" . uniqid();

  $url = "https://ishin-global.aktsk.com/user";
  $url_host = parse_url($url, PHP_URL_HOST);

     $msg = implode('', array(
        $ts,
        $nonce,
        'GET',
        $url_host,
        '/user',
        '443'
      ));



  $byte_array = base64_decode($secret);
  //echo $byte_array;
  // Create signature
  $mac = base64_encode(hash_hmac('sha256', utf8_encode($msg), $secret, true));

  echo $mac;    

  $headers = array('Authorization: Id="' . $access_token . '", Nonce="' . $nonce . '", Ts="' . $ts .'", Mac="' . $mac . '"');



  $ch1 = curl_init();

  curl_setopt($ch1, CURLOPT_URL,"https://ishin-global.aktsk.com/user");

  curl_setopt($ch1, CURLOPT_HTTPHEADER, $headers);
  curl_setopt($ch1, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch1, CURLOPT_SSL_VERIFYPEER, false);
  curl_setopt($ch1, CURLOPT_SSL_VERIFYHOST, false); 
  curl_setopt($ch1, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17');
  curl_setopt($ch1, CURLOPT_AUTOREFERER, true); 
  curl_setopt($ch1, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch1, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch1, CURLOPT_VERBOSE, true); 

  echo "<pre>";
   $server_output1 = curl_exec($ch1);

   if(curl_errno($ch1)){
    echo 'Request Error:' . curl_error($ch1);
   }

  var_dump($server_output1);
  echo "</pre>";

  curl_close ($ch1);



 ?>
 </body>
</html>

Answer 1

我知道是两年后，但端口不是 443，而是 3001

你的做法和我的做法很不一样，所以我不知道你的代码是否有问题，对我来说似乎是这样，但我不知道这两个变量是从哪里来的。

我用它来创建 OAUTH2

$rn=chr(0x0A);
$secret=$signin['secret']; //this is from sign_in part that I assume you're getting right
$nonce=$requestepochtime.':'.md5('whateveryouwant');
$method='GET';
$url='/blablabla';
$hostname='the-url-without-the-http';
$port='3001'; //<- THIS ONE DROVE ME CRAZY
$RFC2616_string=
    $requestepochtime.$rn.
    $nonce.$rn.
    $method.$rn.
    $url.$rn.
    $hostname.$rn.
    $port.$rn.
    ''.$rn;

如果你当时解决了它，也许现在在全球你必须面对拼图。