无法验证 oauth 签名和令牌 - 生成 OAuth 令牌的问题

【问题标题】:Failed to validate oauth signature and token - Issue generating OAuth Token无法验证 oauth 签名和令牌 - 生成 OAuth 令牌的问题
【发布时间】:2011-07-24 19:57:43
【问题描述】:

我一直在考虑在 OAuth 网站上和通过 SF 创建签名,但是我创建签名时总是遇到同样的错误,知道我在这里做错了什么吗?

Error: Failed to validate oauth signature and token

我有一个适用于旧的 rest API 的应用程序,所以我知道我的问题不在于我的应用程序或服务器等

<?php
function Post_Data($url,$data,$header){
    $ch = curl_init();  
    curl_setopt($ch, CURLOPT_URL, $url); 
    curl_setopt($ch, CURLOPT_POST, 1);  
    curl_setopt($ch, CURLOPT_POSTFIELDS,$data);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    $result = curl_exec($ch);  
    curl_close($ch);
    return $result;
    }
// Get OAuth Token
$consumer_key = "hidden";
$consumer_secret = "hidden";
$request_url = "http://api.twitter.com/oauth/request_token";
$callback = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$nonce = md5(time());
$timestamp = time();
$data = array(
    "oauth_callback" => $callback,
    "oauth_consumer_key" => $consumer_key,
    "oauth_nonce" => $nonce,
    "oauth_signature_method" => "HMAC-SHA1",
    "oauth_timestamp" => $timestamp,
    "oauth_version" => "1.0"
    );
$post_string = '';
foreach($data as $key => $value){
    $post_string .= $key.'='.($value).'&';
    }
$post_string = rtrim($post_string, '&');
$base_string = 'GET&'.urlencode($request_url).'&'.urlencode($post_string);
$data["oauth_signature"] = base64_encode(hash_hmac('sha1', $base_string, $consumer_secret, true));
$header = array("Expect:");
$content = Post_Data($request_url,$data,$header);
print_r($content);
?>

【问题讨论】:

    标签: php security twitter curl oauth


    【解决方案1】:

    这可能是您的服务器时钟吗? http://blainegarrett.com/2009/07/14/failed-to-validate-oauth-signature-and-token-on-twitter-oauth-check-your-cloc/

    【讨论】:

    • 很遗憾不是这个问题,我花了一段时间使用 date_default_timezone_set 从美洲/欧洲更改时区,但返回的错误消息没有变化。
    【解决方案2】:

    也许您应该删除“oauth_callback”并重试。

    这是我的代码

    class Twitter
{
    private $CALLBACK_URL = 'http://your_site';

    private $REQUEST_TOKEN_URL = 'https://api.twitter.com/oauth/request_token';
    private $ACCESS_TOKEN_URL = 'https://api.twitter.com/oauth/access_token';
    private $AUTHORIZE_URL = 'https://api.twitter.com/oauth/authorize';

    private $consumer_key = 'your_key';
    private $consumer_secret = 'your_secret';
    private $access_token = 'your_token';    // oauth_token
    private $access_token_secret = 'your_token_secret';

    private $token_secret = '';

    private $method = 'POST';    // [HEAD, GET, POST]
    private $params = array();

    public function get_request_token() {
        //$this->params['oauth_callback'] = $this->CALLBACK_URL;    // Something worng with this "Failed to validate oauth signature and token", God dammit...
        $this->params['oauth_consumer_key'] = $this->consumer_key;
        $this->params['oauth_nonce'] = md5(uniqid('prefix'));
        $this->params['oauth_signature_method'] = 'HMAC-SHA1';    // [HMAC-SHA1, RSA-SHA1, PLAINTEXT]
        $this->params['oauth_timestamp'] = time();
        $this->params['oauth_version'] = '1.0';    // [1.0, 1.1] *Optional

        $this->params['oauth_signature'] = $this->HMAC_SHA1();

        $headers = array();
        ksort($this->params);
        foreach($this->params as $k => $v){
            $headers[] = $this->RFC3986($k).'="'.$this->RFC3986($v).'"';
        }

        $c = curl_init();
        curl_setopt($c, CURLOPT_URL, $this->REQUEST_TOKEN_URL);
        curl_setopt($c, CURLOPT_POST, true);
        curl_setopt($c, CURLOPT_HTTPHEADER, array('Authorization: OAuth '.implode(', ', $headers)));
        curl_setopt($c, CURLOPT_RETURNTRANSFER, true);

        $result = curl_exec($c);    // if(CURLOPT_RETURNTRANSFER == true){ return "Result" or FALSE }else{ return TRUE or FALSE }
        curl_close($c);

        return $result;
    }

    private function HMAC_SHA1() {
        $text = $this->get_signature_base_string();
        $key = $this->RFC3986($this->consumer_secret).'&'.$this->RFC3986($this->token_secret);

        if(function_exists('hash_hmac')){
            $signature = base64_encode(hash_hmac('sha1', $text, $key, true));
        }else{
            $blocksize = 64;
            $hashfunc = 'sha1';
            if(strlen($key) > $blocksize){
                $key = pack('H*', $hashfunc($key));
            }
            $key = str_pad($key, $blocksize, chr(0x00));
            $ipad = str_repeat(chr(0x36), $blocksize);
            $opad = str_repeat(chr(0x5c), $blocksize);
            $hmac = pack('H*', $hashfunc(($key ^ $opad).pack('H*', $hashfunc(($key ^ $ipad).$base_string))));
            $signature = base64_encode($hmac);
        }

        return $signature;
    }

    private function get_signature_base_string() {
        $base = array(
            strtoupper($this->method),
            $this->RFC3986($this->REQUEST_TOKEN_URL),
            $this->RFC3986($this->get_normalized_params())
        );

        return implode('&', $base);
    }

    private function RFC3986($str) {
        return str_replace('+', ' ', str_replace('%7E', '~', rawurlencode(($str))));
    }

    private function get_normalized_params() {
        $normalized = array();

        ksort($this->params);
        foreach($this->params as $k => $v){
            if($k != 'oauth_signature'){
                $normalized[] = $k.'='.$v;
            }
        }

        return implode('&', $normalized);
    }
}

$T = new Twitter();
echo $T->get_request_token();

    【讨论】:

      猜你喜欢
      • 2011-04-08
      • 1970-01-01
      • 1970-01-01
      • 2015-03-19
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode