Twitter API 使用 Oauth1.0 身份验证失败

【问题标题】:Twitter API failing with Oauth1.0 authenticationTwitter API 使用 Oauth1.0 身份验证失败
【发布时间】:2021-11-14 11:07:57
【问题描述】:

我试图从 Twitter 发帖,所以我必须生成 oauth1.0 签名,所以我尝试实现它

 public static String prepareParameterString(Authorization authorization) {
        StringBuilder builder = new StringBuilder();
        builder.append("include_entities=true").
                append("&").append("oauth_consumer_key=").append(percentEncode(authorization.getOauthCustomerKey())).
                append("&").append("oauth_nonce=").append(percentEncode(authorization.getOauthNonce()))
                .append("&").append("oauth_signature_method=").append(percentEncode(authorization.getOauthSignatureMethod()))
                .append("&").append("oauth_timestamp=").append(percentEncode(authorization.getOauthTimeStamp()))
                .append("&").append("oauth_token=").append(percentEncode(authorization.getOauthTokenKey()))
                .append("&").append("oauth_version=").append(percentEncode(authorization.getOauthVersion()))
                .append("&").append("status=").append(percentEncode(authorization.getStatus()));
        return builder.toString();
}

这就是我创建基本字符串的方法

public static String prepareSignatureBaseString(String paramaterString, String httpMethod, String url) {
        return httpMethod + "&" + percentEncode(url) + "&" + percentEncode(paramaterString);
    }

public static String calculateSigningKey(Authorization authorization) {
    return percentEncode(Objects.requireNonNull(authorization.getOauthConsumerSecret())) + "&" +
            percentEncode(Objects.requireNonNull(authorization.getOauthTokenSecret()));
}


public static String calculateHMAC(String input, String signingKey) {
    try {
        SecretKeySpec secretKeySpec = new SecretKeySpec(signingKey.getBytes(),
                HMAC_SHA1_ALGORITHM);

        Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
        mac.init(secretKeySpec);
        return Base64.getEncoder().encodeToString(mac.doFinal(input.getBytes()));
    } catch (Exception e) {
        e.printStackTrace();
    }

    return null;

}

所以这些是用于创建签名密钥和哈希的方法

 public static String generateTimeStamp() {
        Timestamp timestamp = new Timestamp(System.currentTimeMillis());


        return (timestamp.getTime() / 1000L) + "";
    }

    public static String generateNonce() {
        return UUID.randomUUID().toString().replace("-", "");
    }

    public static String percentEncode(String string) {

        return new PercentEscaper("-_.~").escape(string);
    }

这些是用于生成来自番石榴库的 nonce 、 Timestamp 、百分比编码的代码

 public static String getAuthorizationHeader(Signature status) {
        StringBuilder builder = new StringBuilder();
        appendParameter(builder, "oauth_consumer_key", status.getAuthorization().getOauthCustomerKey());
        appendParameter(builder, "oauth_nonce", status.getAuthorization().getOauthNonce());
        appendParameter(builder, "oauth_signature", status.getSignature());
        appendParameter(builder, "oauth_signature_method", status.getAuthorization().getOauthSignatureMethod());
        appendParameter(builder, "oauth_timestamp", status.getAuthorization().getOauthTimeStamp());
        appendParameter(builder, "oauth_token", status.getAuthorization().getOauthTokenKey());
        appendParameter(builder, "oauth_version", status.getAuthorization().getOauthVersion());


        System.out.println(builder.toString());
        return builder.substring(0, builder.length() - 1);

    }

    private static void appendParameter(StringBuilder buf, String name, String value) {
        if (value != null) {
            buf.append(' ').append(percentEncode(name)).append("=\"").append(percentEncode(value)).append("\",");
        }

    }

即使测试用例使用 twitter 提供的数据成功运行,我也已按照文档完成所有操作

@Test
    void urlEncoderTest2() {
        assertEquals("Hello%20Ladies%20%2B%20Gentlemen%2C%20a%20signed%20OAuth%20request%21",
                SecurityUtils.percentEncode("Hello Ladies + Gentlemen, a signed OAuth request!"));
    }

    @Test
    void securityTest() {
        Authorization authorization = new Authorization("xvz1evFS4wEEPTGEFPHBog",
                "kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw",
                "370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
                "LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE", "Hello Ladies + Gentlemen, a signed OAuth request!");
        Signature signature = new Signature(authorization);
        authorization.setOauthNonce("kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg");
        authorization.setOauthTimeStamp("1318622958");
        assertEquals("hCtSmYh+iHYCEqBWrE7C7hYmtUk=" ,signature.generateSignature());
    }

我使用 OAuth 标头发送它但收到 400 错误

{
"errors": [
  {
"code": 215,
"message": "Bad Authentication data."
}
],
}

谁能告诉我错过的地方提前谢谢

【问题讨论】:

    标签: java twitter oauth twitter-oauth


    【解决方案1】:

    问题发生是因为我未能在 url 参数中发送 include_entities = true

    来自 API 的上一个网址 https://api.twitter.com/1.1/statuses/update.json?status="tweet"

    正确的网址。 https://api.twitter.com/1.1/statuses/update.json?status="tweet 来自 API"&include_entities=true

    【讨论】:

    • 嗨,我没有看到你已经对它们进行了排序,你按预期排序了吗?
    猜你喜欢
    • 2011-11-16
    • 2015-03-13
    • 1970-01-01
    • 1970-01-01
    • 2018-11-02
    • 2019-01-06
    • 1970-01-01
    • 2019-07-16
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode