无法验证oauth签名和令牌 - 问题生成OAuth令牌

时间:2011-03-28 21:30:12

标签: php security twitter curl oauth

我一直在考虑在OAuth网站上创建一个签名&在SF但是我创建了我的签名我总是得到同样的错误,任何想法我在这里做错了什么?

Error: Failed to validate oauth signature and token

我有旧的其他API的应用程序,所以我知道我的问题不在于我的应用程序或服务器等

<?php
function Post_Data($url,$data,$header){
    $ch = curl_init();  
    curl_setopt($ch, CURLOPT_URL, $url); 
    curl_setopt($ch, CURLOPT_POST, 1);  
    curl_setopt($ch, CURLOPT_POSTFIELDS,$data);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    $result = curl_exec($ch);  
    curl_close($ch);
    return $result;
    }
// Get OAuth Token
$consumer_key = "hidden";
$consumer_secret = "hidden";
$request_url = "http://api.twitter.com/oauth/request_token";
$callback = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$nonce = md5(time());
$timestamp = time();
$data = array(
    "oauth_callback" => $callback,
    "oauth_consumer_key" => $consumer_key,
    "oauth_nonce" => $nonce,
    "oauth_signature_method" => "HMAC-SHA1",
    "oauth_timestamp" => $timestamp,
    "oauth_version" => "1.0"
    );
$post_string = '';
foreach($data as $key => $value){
    $post_string .= $key.'='.($value).'&';
    }
$post_string = rtrim($post_string, '&');
$base_string = 'GET&'.urlencode($request_url).'&'.urlencode($post_string);
$data["oauth_signature"] = base64_encode(hash_hmac('sha1', $base_string, $consumer_secret, true));
$header = array("Expect:");
$content = Post_Data($request_url,$data,$header);
print_r($content);
?>

2 个答案:

答案 0 :(得分:3)

也许您应该删除“ oauth_callback ”并重试。

这是我的代码

class Twitter
{
    private $CALLBACK_URL = 'http://your_site';

    private $REQUEST_TOKEN_URL = 'https://api.twitter.com/oauth/request_token';
    private $ACCESS_TOKEN_URL = 'https://api.twitter.com/oauth/access_token';
    private $AUTHORIZE_URL = 'https://api.twitter.com/oauth/authorize';

    private $consumer_key = 'your_key';
    private $consumer_secret = 'your_secret';
    private $access_token = 'your_token';    // oauth_token
    private $access_token_secret = 'your_token_secret';

    private $token_secret = '';

    private $method = 'POST';    // [HEAD, GET, POST]
    private $params = array();

    public function get_request_token() {
        //$this->params['oauth_callback'] = $this->CALLBACK_URL;    // Something worng with this "Failed to validate oauth signature and token", God dammit...
        $this->params['oauth_consumer_key'] = $this->consumer_key;
        $this->params['oauth_nonce'] = md5(uniqid('prefix'));
        $this->params['oauth_signature_method'] = 'HMAC-SHA1';    // [HMAC-SHA1, RSA-SHA1, PLAINTEXT]
        $this->params['oauth_timestamp'] = time();
        $this->params['oauth_version'] = '1.0';    // [1.0, 1.1] *Optional

        $this->params['oauth_signature'] = $this->HMAC_SHA1();

        $headers = array();
        ksort($this->params);
        foreach($this->params as $k => $v){
            $headers[] = $this->RFC3986($k).'="'.$this->RFC3986($v).'"';
        }

        $c = curl_init();
        curl_setopt($c, CURLOPT_URL, $this->REQUEST_TOKEN_URL);
        curl_setopt($c, CURLOPT_POST, true);
        curl_setopt($c, CURLOPT_HTTPHEADER, array('Authorization: OAuth '.implode(', ', $headers)));
        curl_setopt($c, CURLOPT_RETURNTRANSFER, true);

        $result = curl_exec($c);    // if(CURLOPT_RETURNTRANSFER == true){ return "Result" or FALSE }else{ return TRUE or FALSE }
        curl_close($c);

        return $result;
    }

    private function HMAC_SHA1() {
        $text = $this->get_signature_base_string();
        $key = $this->RFC3986($this->consumer_secret).'&'.$this->RFC3986($this->token_secret);

        if(function_exists('hash_hmac')){
            $signature = base64_encode(hash_hmac('sha1', $text, $key, true));
        }else{
            $blocksize = 64;
            $hashfunc = 'sha1';
            if(strlen($key) > $blocksize){
                $key = pack('H*', $hashfunc($key));
            }
            $key = str_pad($key, $blocksize, chr(0x00));
            $ipad = str_repeat(chr(0x36), $blocksize);
            $opad = str_repeat(chr(0x5c), $blocksize);
            $hmac = pack('H*', $hashfunc(($key ^ $opad).pack('H*', $hashfunc(($key ^ $ipad).$base_string))));
            $signature = base64_encode($hmac);
        }

        return $signature;
    }

    private function get_signature_base_string() {
        $base = array(
            strtoupper($this->method),
            $this->RFC3986($this->REQUEST_TOKEN_URL),
            $this->RFC3986($this->get_normalized_params())
        );

        return implode('&', $base);
    }

    private function RFC3986($str) {
        return str_replace('+', ' ', str_replace('%7E', '~', rawurlencode(($str))));
    }

    private function get_normalized_params() {
        $normalized = array();

        ksort($this->params);
        foreach($this->params as $k => $v){
            if($k != 'oauth_signature'){
                $normalized[] = $k.'='.$v;
            }
        }

        return implode('&', $normalized);
    }
}

$T = new Twitter();
echo $T->get_request_token();

答案 1 :(得分:2)

它可能是你的服务器时钟吗? http://blainegarrett.com/2009/07/14/failed-to-validate-oauth-signature-and-token-on-twitter-oauth-check-your-cloc/

相关问题
最新问题