Twitter OAuth返回“不正确的签名”。请帮忙

时间:2010-08-18 21:38:51

标签: php twitter oauth

过去几个小时我一直在看这个。我试过谷歌搜索问题并尝试了几次编辑但无济于事。我确信这里的一切都是正确的,但我仍然会遇到错误。可以与twitter Oauth一起工作的人请看看我的代码,看看有什么不对。

<?php


$oauth_consumer_key = "OKuMtqCnndfee3sw";   //scrambled
$oauth_consumer_secret = "Gs2hOY9drerfdsfiOF76Yeyf9aTjYzPH5Z3eMU";   // scrambled
$oauth_nonce = sha1(time());
$oauth_signature_method = "HMAC-SHA1";
$oauth_timestamp = time();

$oauth_version = "1.0";
$oauth_token = "50005779-NSp6lP5DVLoWMh34dfdsBb2FnHf9DIcpu";  // scrambled
$token_secret = "ha0tS9SyldDdfeefw";   // scrambled
$status = "testing";

$baseString = "oauth_consumer_key=" . rawurlencode($oauth_consumer_key) . "&oauth_nonce=" . rawurlencode($oauth_nonce) . "&oauth_signature_method=" . rawurlencode($oauth_signature_method) . "&oauth_timestamp=" . rawurlencode($oauth_timestamp) . "&oauth_token=" . rawurlencode($oauth_token) . "&oauth_version=" . rawurlencode($oauth_version) . "&status=" . rawurlencode($status);

$baseString = "POST&" . rawurlencode("https://api.twitter.com/1/statuses/update.json") . "&" . rawurlencode($baseString);


$signing_key = rawurlencode($oauth_consumer_secret) . "&" . rawurlencode($token_secret);

$signature = base64_encode(hash_hmac('sha1', $a, $signing_key, true));

$auth = "OAuth oauth_nonce=\"" . $oauth_nonce . "\",oauth_signature_method=\"" . $oauth_signature_method . "\",oauth_timestamp=\"" . $oauth_timestamp . "\",oauth_consumer_key=\"" . $oauth_consumer_key . "\",oauth_token=\"" . rawurlencode($oauth_token) . "\",oauth_signature=\"" . rawurlencode($signature) ."\",oauth_version=\"" . $oauth_version . "\"";

$ch = curl_init("https://api.twitter.com/1/statuses/update.json");

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Expect: ", "Authorization: $auth"));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $baseString);

$b = curl_exec($ch);
var_dump($b);

curl_close($ch);
​?>

非常感谢任何帮助。谢谢。

1 个答案:

答案 0 :(得分:1)

您似乎没有关注OAuth身份验证流程(除非这只是用户已经过身份验证的结尾)。过去几周我一直在与OAuth合作,并且遇到了很多麻烦。昨天晚上只使用他们在网站上提供的OAuth PHP库就可以了。你可以在这里找到它 - &gt; http://oauth.googlecode.com/svn/code/php/OAuth.php

这是我从那里开发的(完整工作流程):

验证页面

$oauth_signature_method = new OAuthSignatureMethod_HMAC_SHA1();
$oauth_consumer_key = new OAuthConsumer( "your_twitter_consumer_key", "your_twitter_consumer_secret" );
$oauth_token = NULL;

$request_token = OAuthRequest::from_consumer_and_token( $oauth_consumer_key, $oauth_token, 'GET', "https://api.twitter.com/oauth/request_token", array('oauth_callback' => "http://your/callback/url/")) );
$request_token->sign_request( $oauth_signature_method, $oauth_consumer_key, $oauth_token );

$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, $request_token->to_url());
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, TRUE);
$response = curl_exec($curl_handle);
curl_close($curl_handle);

$token = OAuthUtil::parse_parameters($response);
$_SESSION['oauth_token'] = $token['oauth_token'];
$_SESSION['oauth_token_secret'] = $token['oauth_token_secret'];

header('Location: https://api.twitter.com/oauth/authorize?oauth_token=' . $token['oauth_token']);

回调页面

$oauth_signature_method = new OAuthSignatureMethod_HMAC_SHA1();
$oauth_consumer_key = new OAuthConsumer( "your_twitter_consumer_key", "your_twitter_consumer_secret" );
$oauth_token = new OAuthConsumer( $_SESSION['oauth_token'], $_SESSION['oauth_token_secret'] );

$access_token = OAuthRequest::from_consumer_and_token( $oauth_consumer_key, $oauth_token, 'GET', "https://api.twitter.com/oauth/access_token", array('oauth_verifier' => $_REQUEST['oauth_verifier']) );
$access_token->sign_request( $oauth_signature_method, $oauth_consumer_key, $oauth_token );

$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, $access_token->to_url());
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, TRUE);
$response = curl_exec($curl_handle);
curl_close($curl_handle);

$token = OAuthUtil::parse_parameters($response);
$_SESSION['access_token'] = $token;

unset($_SESSION['oauth_token']);
unset($_SESSION['oauth_token_secret']);

// user has been verified. Token is stored in $_SESSION. Now you can make calls to the api
header('Location: http://your/completion/page');

致电/ account / verify_credentials:

$access_token = $_SESSION['access_token'];

$oauth_signature_method = new OAuthSignatureMethod_HMAC_SHA1();
$oauth_consumer_key = new OAuthConsumer( "your_twitter_consumer_key", "your_twitter_consumer_secret" );
$oauth_token = new OAuthConsumer( $access_token['oauth_token'], $access_token['oauth_token_secret'] );

$request = OAuthRequest::from_consumer_and_token( $oauth_consumer_key, $oauth_token, 'GET', 'https://api.twitter.com/account/verify_credentials.json', NULL );
$request->sign_request( $oauth_signature_method, $oauth_consumer_key, $oauth_token );

$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, $request->to_url());
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, TRUE);
$response = curl_exec($curl_handle);
curl_close($curl_handle);

$response = json_decode($response);
print_r($response);

我还使用以下代码创建了测试状态更新页面:

$access_token = $_SESSION['access_token'];

$oauth_signature_method = new OAuthSignatureMethod_HMAC_SHA1();
$oauth_consumer_key = new OAuthConsumer( "your_twitter_consumer_key", "your_twitter_consumer_secret" );
$oauth_token = new OAuthConsumer( $access_token['oauth_token'], $access_token['oauth_token_secret'] );

$post_fields = array(
    'status' => "This is a test status update."
);
$request = OAuthRequest::from_consumer_and_token( $oauth_consumer_key, $oauth_token, 'POST', 'https://api.twitter.com/statuses/update.json', $post_fields );
$request->sign_request( $oauth_signature_method, $oauth_consumer_key, $oauth_token );

$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, $request->to_url());
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl_handle, CURLOPT_USERAGENT, "Twitter OAuth Test");
curl_setopt($curl_handle, CURLOPT_HTTPHEADER, array('Expect:'));

curl_setopt($curl_handle, CURLOPT_POST, TRUE);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, $post_fields);

$response = curl_exec($curl_handle);
print_r(curl_getinfo($curl_handle));
curl_close($curl_handle);

$response = json_decode($response);
print_r($response);

这是完整的Twitter OAuth身份验证。我希望这可以帮助你或者至少让你开始!