401响应Twitter反向认证
这是我使用的授权标题:
Authorization = "OAuth oauth_consumer_key=\"2D9rLD8Lu23hrchrh4VMBkQ6AZKHYi2yY2oeuoeutcFMdAs\", oauth_nonce=\"-486353546\", oauth_signature="x3NdGnJmBTUAICBRE9C44N8mFd4%3D", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"137663828056\", oauth_version=\"1.0\", x_auth_mode=\"reverse_auth\"";
这是我使用的基本字符串:
https://api.twitter.com/oauth/access_token
以下是我正在工作的twitter documentation:
第1步:获取特殊请求令牌
首先,您向Twitter请求令牌URL发出HTTPS请求 https://api.twitter.com/oauth/request_token与您的应用程序一起使用 消费者密钥。除了传统的oauth_ *签名 参数,还必须包括设置为值的x_auth_mode reverse_auth。
例如,请考虑签署以下值的请求 使用令牌秘密ydC2yUbFaScbSlykO0PmrMjXFeLraSi3Q2HfTOlGxQM:
此处使用的令牌仅用于演示目的,不会 为你工作。
oauth_consumer_key JP3PyvG67rXRsnayOJOcQ oauth_nonce 1B7D865D-9E15-4ADD-8165-EF90D7A7D3D2 oauth_signature_method HMAC-SHA1 oauth_timestamp 1322697052 oauth_version 1.0 x_auth_mode reverse_auth 这些参数应该产生一个看起来的签名基本字符串 像这样:
POST&安培; HTTPS%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&安培; oauth_consumer_key%3DJP3PyvG67rXRsnayOJOcQ%26oauth_nonce%3D1B7D865D-9E15-4ADD-8165-EF90D7A7D3D2%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1322697052%26oauth_version%3D1 1.0%26x_auth_mode%3Dreverse_auth 此调用应该导致响应看起来像这样。注意 该响应实际上看起来像OAuth标头。
(为了清晰起见,添加了换行符):
OAuth oauth_nonce =“xq2maKtilFhVTC1MSxVC4cQIJLd53O6w97YmrdOGSk8”, oauth_signature_method =“HMAC-SHA1”,oauth_timestamp =“1322697052”, oauth_consumer_key = “JP3PyvG67rXRsnayOJOcQ”, 组oauth_token = “5mgkU82W0PTA0DLgSIA5vFK6c08i8dXzrbLnX06vl38”, oauth_signature = “AOM%2FwW2kAowAeHBRvw7faH245p0%3D”, oauth_version = “1.0”
修改:我仍然得到401。我使用以下代码生成oauth_signature,因此现在我的Authorization标头如下所示:OAuth oauth_timestamp="1376639141", oauth_nonce="BB2D2634F3-99A5-4B64-8CB34E-2314CE9E4FD7", oauth_version="1.0", oauth_consumer_key="mrcD8LuSNKJKFAchKHYi2yY2qwh5tcFMdAs", oauth_signature_method="HMAC-SHA1", oauth_signature="moer8H7xzluAdoAAAFZpv6n4noeu%3D"
NSString *OAuthorizationHeader(NSURL *url, NSString *method, NSData *body, NSString *_oAuthConsumerKey, NSString *_oAuthConsumerSecret, NSString *_oAuthToken, NSString *_oAuthTokenSecret)
{
NSString *_oAuthNonce = [NSString ab_GUID];
NSString *_oAuthTimestamp = [NSString stringWithFormat:@"%d", (int)[[NSDate date] timeIntervalSince1970]];
NSString *_oAuthSignatureMethod = @"HMAC-SHA1";
NSString *_oAuthVersion = @"1.0";
NSMutableDictionary *oAuthAuthorizationParameters = [NSMutableDictionary dictionary];
oAuthAuthorizationParameters[@"oauth_nonce"] = _oAuthNonce;
oAuthAuthorizationParameters[@"oauth_timestamp"] = _oAuthTimestamp;
oAuthAuthorizationParameters[@"oauth_signature_method"] = _oAuthSignatureMethod;
oAuthAuthorizationParameters[@"oauth_version"] = _oAuthVersion;
oAuthAuthorizationParameters[@"oauth_consumer_key"] = _oAuthConsumerKey;
if(_oAuthToken)
oAuthAuthorizationParameters[@"oauth_token"] = _oAuthToken;
// get query and body parameters
NSDictionary *additionalQueryParameters = [NSURL ab_parseURLQueryString:[url query]];
NSDictionary *additionalBodyParameters = nil;
if(body) {
NSString *string = [[[NSString alloc] initWithData:body encoding:NSUTF8StringEncoding] autorelease];
if(string) {
additionalBodyParameters = [NSURL ab_parseURLQueryString:string];
}
}
// combine all parameters
NSMutableDictionary *parameters = [[oAuthAuthorizationParameters mutableCopy] autorelease];
if(additionalQueryParameters) [parameters addEntriesFromDictionary:additionalQueryParameters];
if(additionalBodyParameters) [parameters addEntriesFromDictionary:additionalBodyParameters];
// -> UTF-8 -> RFC3986
NSMutableDictionary *encodedParameters = [NSMutableDictionary dictionary];
for(NSString *key in parameters) {
NSString *value = parameters[key];
encodedParameters[[key ab_RFC3986EncodedString]] = [value ab_RFC3986EncodedString];
}
NSArray *sortedKeys = [[encodedParameters allKeys] sortedArrayUsingFunction:SortParameter context:encodedParameters];
NSMutableArray *parameterArray = [NSMutableArray array];
for(NSString *key in sortedKeys) {
[parameterArray addObject:[NSString stringWithFormat:@"%@=%@", key, encodedParameters[key]]];
}
NSString *normalizedParameterString = [parameterArray componentsJoinedByString:@"&"];
NSString *normalizedURLString = [NSString stringWithFormat:@"%@://%@%@", [url scheme], [url host], [url path]];
NSString *signatureBaseString = [NSString stringWithFormat:@"%@&%@&%@",
[method ab_RFC3986EncodedString],
[normalizedURLString ab_RFC3986EncodedString],
[normalizedParameterString ab_RFC3986EncodedString]];
NSString *key = [NSString stringWithFormat:@"%@&%@",
[_oAuthConsumerSecret ab_RFC3986EncodedString],
(_oAuthTokenSecret) ? [_oAuthTokenSecret ab_RFC3986EncodedString] : @""];
NSData *signature = HMAC_SHA1(signatureBaseString, key);
NSString *base64Signature = [signature base64EncodedString];
NSMutableDictionary *authorizationHeaderDictionary = [[oAuthAuthorizationParameters mutableCopy] autorelease];
authorizationHeaderDictionary[@"oauth_signature"] = base64Signature;
NSMutableArray *authorizationHeaderItems = [NSMutableArray array];
for(NSString *key in authorizationHeaderDictionary) {
NSString *value = authorizationHeaderDictionary[key];
[authorizationHeaderItems addObject:[NSString stringWithFormat:@"%@=\"%@\"",
[key ab_RFC3986EncodedString],
[value ab_RFC3986EncodedString]]];
}
NSString *authorizationHeaderString = [authorizationHeaderItems componentsJoinedByString:@", "];
authorizationHeaderString = [NSString stringWithFormat:@"OAuth %@", authorizationHeaderString];
return authorizationHeaderString;
}
我传入此方法的参数是
url:https://api.twitter.com/oauth/request_token,method:POST,body:无,oAuthConsumerToken:我的密钥,oAuthConsumerSecret:我的秘密,{{1} }:无,oAuthToken:无
编辑我试过这个oauth test console来验证我是否正确生成了oauth签名,但似乎我需要会员的令牌和秘密:
1 个答案:
答案 0 :(得分:0)
您尚未在授权标头中包含oauth_signature。
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?