我使用grails插件:oauth 2.1.0连接到oauth API Vitadock要求HMACSHA256对基本签名字符串进行编码,因此我创建了一个HMACSha256SignatureService.groovy来实现它并自定义TargetScaleApi.groovy
HMACSha256SignatureService.groovy
import javax.crypto.*
import javax.crypto.spec.*
import org.apache.commons.codec.binary.*
import org.scribe.exceptions.*
import org.scribe.services.SignatureService
import org.scribe.utils.*
public class HMACSha256SignatureService implements SignatureService {
private static final String EMPTY_STRING = "";
private static final String CARRIAGE_RETURN = "\r\n";
private static final String UTF8 = "UTF-8";
private static final String HMAC_SHA256 = "HMACSHA256";
private static final String METHOD = "HMAC-SHA256";
/**
* {@inheritDoc}
*/
public String getSignature(String baseString, String apiSecret, String tokenSecret) {
try {
println baseString
Preconditions.checkEmptyString(baseString, "Base string cant be null or empty string");
Preconditions.checkEmptyString(apiSecret, "Api secret cant be null or empty string");
return doSign(baseString, OAuthEncoder.encode(apiSecret) + '&' + OAuthEncoder.encode(tokenSecret));
}
catch (Exception e) {
throw new OAuthSignatureException(baseString, e);
}
}
private String doSign(String toSign, String keyString) throws Exception {
SecretKeySpec key = new SecretKeySpec((keyString).getBytes(UTF8), HMAC_SHA256);
Mac mac = Mac.getInstance(HMAC_SHA256);
mac.init(key);
byte[] bytes = mac.doFinal(toSign.getBytes(UTF8));
String a = new String(Base64.encodeBase64(bytes)).replace(CARRIAGE_RETURN, EMPTY_STRING)
println a
return a;
}
public String getSignatureMethod() {
return METHOD;
}
}
TargetScaleApi.groovy
import org.scribe.builder.api.DefaultApi10a
import org.scribe.model.Token
import org.scribe.services.SignatureService
class TargetScaleApi extends DefaultApi10a {
private static final String AUTHORIZE_URL = "https://vitacloud.medisanaspace.com/auth?oauth_token=%s"
@Override
public String getAccessTokenEndpoint() {
return "https://vitacloud.medisanaspace.com/auth/accesses/verify"
}
@Override
public String getAuthorizationUrl(Token requestToken) {
return String.format(AUTHORIZE_URL, requestToken.getToken());
}
@Override
public String getRequestTokenEndpoint() {
return "https://vitacloud.medisanaspace.com/auth/unauthorizedaccesses"
}
@Override
public SignatureService getSignatureService() {
return new HMACSha256SignatureService();
}
}
但是我收到了一条错误消息:签名无效。
<b>message</b>Invalid signature (jBbmlITCOBuIN3KfVB8glzv1sftrx1v7MvNyAJkiGTU%3D, expected: Ia21vjqskdBXrRE%2BngpHqaP4GJV3hfUGOt0ksGVcgk0%3D) [Base Parameter String: oauth_consumer_key=V5BiK7kzVcefBVfJ1htu13vfreWZNDPnkzx4DG67UBG6lNe0dZ1DUClKk5XM1Y1L&oauth_nonce=897870535&oauth_signature_method=HMAC-SHA256&oauth_timestamp=1372069427&oauth_version=1.0, Base Signature String: POST&https%3A%2F%2Fvitacloud.medisanaspace.com%2Fauth%2Funauthorizedaccesses&oauth_consumer_key%3DV5BiK7kzVcefBVfJ1htu13vfreWZNDPnkzx4DG67UBG6lNe0dZ1DUClKk5XM1Y1L%26oauth_nonce%3D897870535%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1372069427%26oauth_version%3D1.0] [authorization = OAuth oauth_callback="http%3A%2F%2Flocal.mydatainnet.axonactive.vn%3A8080%2Faa-mdin-web-client-2.0.1%2Foauth%2Fcallback%3Fprovider%3Dtargetscale", oauth_signature="jBbmlITCOBuIN3KfVB8glzv1sftrx1v7MvNyAJkiGTU%3D", oauth_version="1.0", oauth_nonce="897870535", oauth_signature_method="HMAC-SHA256", oauth_consumer_key="V5BiK7kzVcefBVfJ1htu13vfreWZNDPnkzx4DG67UBG6lNe0dZ1DUClKk5XM1Y1L", oauth_timestamp="1372069427", content-type = application/x-www-form-urlencoded, cache-control = no-cache, pragma = no-cache, user-agent = Java/1.6.0_25, host = vitacloud.medisanaspace.com, accept = text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2, connection = keep-alive, content-length = 0, ]
感谢您的帮助 Hang Dinh
答案 0 :(得分:0)
我相信VitaDock实现了Oauth 1.0(https://github.com/Medisana/vitadock-api/wiki/Definitions)。如果您正在使用面向oauth 2.1.0的插件,那可能是错误的来源。