由于签名和令牌,Twitter Oauth失败

时间:2012-07-08 13:08:11

标签: java oauth twitter twitter-oauth

我正在尝试创建一个应用程序来从twitter进行身份验证,但我收到以下错误 :

Failed to validate oauth signature and token

以下是我的应用代码:

public class TwitCons {

    String sign_method ="HMAC-SHA1";

    public static String consumer_key ="^^^^^^^^^^^^^^^^^^^^";
    public static String consumer_secret="^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^";
    String request_uri = "https://api.twitter.com/oauth/request_token";
    String oauth_callback="http://127.0.0.1:8080/twitter/getToken";

    String getNonce(){
        Random ran = new Random(); 
        long nonce1 = ran.nextLong(); 

        Long nonce = Math.abs(new Long(nonce1)); 

        return nonce.toString();
    }


    String getTimestamp(){
        long time = System.currentTimeMillis();


        return String.valueOf(time/1000);
    }


    String getSignature(String request_uri ,String request_token,String nonce) throws UnsupportedEncodingException
    {
        String base="oauth_callback=http://127.0.0.1:8080/twitter/getToken&oauth_consumer_key="+consumer_key+"&oauth_nonce="+nonce+"&oauth_signature_method="+sign_method+"&oauth_timestamp="+getTimestamp()+"&oauth_token=&oauth_version=1.0";

        String baseString="POST&"+URLEncoder.encode(request_uri , "UTF-8")+"&"+URLEncoder.encode(base , "UTF-8");

        String signKey = consumer_secret +"&"+ request_token ;
        System.out.println(signKey +"\n"+baseString);

        try {
            SecretKeySpec signingKey = new SecretKeySpec(signKey.getBytes(),"HmacSHA1");
            Mac mac = Mac.getInstance(signingKey.getAlgorithm());
            mac.init(signingKey);
            byte[] rawHmac = mac.doFinal(baseString.getBytes());
            String result = new String(Base64.encodeBase64(rawHmac));
            System.out.println(URLEncoder.encode(result , "UTF-8"));
            return URLEncoder.encode(result , "UTF-8");
            //return result;

        } catch (GeneralSecurityException e) {
            return "";
        }




    }


}


public class Twitter extends TwitCons{

    public void getRequest() throws IllegalArgumentException, HttpException, IOException
    {

        HttpClient client = new HttpClient();
        PostMethod post = new PostMethod("https://api.twitter.com/oauth/request_token");
        String nonce=getNonce();
        String header = "oauth_callback=\""+URLEncoder.encode(oauth_callback ,"UTF-8")+"\","+
            "oauth_consumer_key=\""+consumer_key +"\","+
            "oauth_nonce=\""+nonce + "\","+
            "oauth_signature=\""+getSignature(request_uri,"",nonce) + "\","+ 
            "oauth_signature_method=\""+sign_method + "\","+
            "oauth_timestamp=\""+getTimestamp() + "\","+
            "oauth_version=\"1.0\""  ;

        post.addRequestHeader("Authorization", "OAuth "+header);
        client.executeMethod(post);

        System.out.println(post.getResponseBodyAsString()+"\n"+post.getRequestHeader("Authorization"));






    }

Class有getRequest方法,用于发出获取request_token和token_secret

的twitter请求

和第二类TwitCons有不同的方法和常量来获取请求令牌

2 个答案:

答案 0 :(得分:0)

Twitter.getRequest()中,您的标头看起来似乎错了。每个参数的值必须用双引号(")包围:

StringBuilder headerBuilder = new StringBuilder("OAuth ");

headerBuilder.append("oauth_callback=\"").append(oauth_callback).append("\", ");
headerBuilder.append("oauth_consumer_key=\"").append(consumer_key).append("\", ");
headerBuilder.append("oauth_nonce=\"").append(nonce).append("\", ");
headerBuilder.append("oauth_signature=\"").append(getSignature(request_uri,"",nonce)).append("\", ");
headerBuilder.append("oauth_signature_method=\"").append(sign_method).append("\", ");
headerBuilder.append("oauth_timestamp=\"").append(getTimestamp()).append("\", ");
headerBuilder.append("oauth_version=\"1.0\"");

String header = headerBuilder.toString();

有关详细信息,请参阅Twitter API中的相应页面:https://dev.twitter.com/docs/auth/authorizing-request

编辑:代码已修复,因为逗号前没有空格。

答案 1 :(得分:-1)

您错过了oauth_token中的String base。请参阅https://dev.twitter.com/docs/auth/3-legged-authorization了解如何获取(如果您还不知道这一点,并且忘记将其放入基本字符串中;)。

可能是您的签名计算错误,因为您在&oauth_token=字符串中包含base,但该密钥不属于您的请求。 OAuth 1.0 specification只是说:

  

签名基本字符串是请求元素到单个字符串的一致可重现级联。

值得尝试删除字符串的那一部分。

<强>更新

您可能需要在Authorization标头中对您的回调网址进行urlencode,按字母顺序排序,并将参数放在引号中,建议使用@ air-dex。试试这个:

String oauth_callback = "http://127.0.0.1:8080/twitter/getToken";
String oauth_callback_encoded = URLEncoder.encode(oauth_callback, "UTF-8");

然后

String header = "oauth_callback=\"" + oauth_callback_encoded + "\", " +
            "oauth_consumer_key=\"" + consumer_key + "\", " +
            "oauth_nonce=\"" + nonce + "\", " +
            "oauth_signature=\"" + getSignature(request_uri, "", nonce) + "\", " +
            "oauth_signature_method=\"" + sign_method + "\", " +
            "oauth_timestamp=\"" + getTimestamp() + "\", " +
            "oauth_version=\"1.0\"";


String base = "oauth_consumer_key=" + consumer_key + 
            "&oauth_nonce=" + nonce + 
            "&oauth_signature_method=" + sign_method + 
            "&oauth_timestamp=" + getTimestamp() +
            "&oauth_version=1.0";
相关问题
最新问题