尝试从twitter API获取Oauth request_token时出现“未授权”错误

时间:2013-11-22 13:56:01

标签: java twitter authorization twitter-oauth twitter4j

我想从twitter API获取Oauth request_token。 但是当我运行代码时,它会输出“Unauthorized”,尽管我是授权用户。 以下是输出:

"parameter_string=oauth_consumer_key=MlyUxiF1ihXIymYIPWZCA&oauth_nonce=7ee1983904884d45b723f6cc50306617&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1385127328&oauth_version=1.0
signature_base_string=POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3DMlyUxiF1ihXIymYIPWZCA%26oauth_nonce%3D7ee1983904884d45b723f6cc50306617%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1385127328%26oauth_version%3D1.0
oauth_signature=%2FOnHRfoRKyxPd9KG%2BA0HlFvE6yg%3D
authorization_header_string=OAuth oauth_consumer_key="MlyUxiF1ihXIymYIPWZCA",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1385127328",oauth_nonce="7ee1983904884d45b723f6cc50306617",oauth_version="1.0",oauth_signature="%2FOnHRfoRKyxPd9KG%2BA0HlFvE6yg%3D"
log4j:WARN No appenders could be found for logger (org.apache.http.impl.conn.BasicClientConnectionManager).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Unauthorized
"

这是我的完整代码:

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.UUID;

import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.BasicResponseHandler;
import org.apache.http.impl.client.DefaultHttpClient;

public class TwitterConnection {

    public static void main(String args[]) throws UnsupportedEncodingException {

        // System.out.println(System.getProperty("java.classpath"));

        String oauth_signature_method = "HMAC-SHA1";

        String oauth_consumer_key = "MlyUxiF1ihXIymYIPWZCA";

        String uuid_string = UUID.randomUUID().toString();

        uuid_string = uuid_string.replaceAll("-", "");

        String oauth_nonce = uuid_string; // any relatively random alphanumeric
                                            // string will work here. I used
                                            // UUID minus "-" signs

        long timestamp_at_entry = new Date().getTime();
        String oauth_timestamp = (new Long(timestamp_at_entry / 1000))
                .toString(); // get current time in milliseconds, then divide by
                                // 1000 to get seconds

        // I'm not using a callback value. Otherwise, you'd need to include it
        // in the parameter string like the example above

        // the parameter string must be in alphabetical order

        String parameter_string = "oauth_consumer_key=" + oauth_consumer_key
                + "&oauth_nonce=" + oauth_nonce + "&oauth_signature_method="
                + oauth_signature_method + "&oauth_timestamp="
                + oauth_timestamp + "&oauth_version=1.0";

        System.out.println("parameter_string=" + parameter_string);

        String signature_base_string = "POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&"
                + URLEncoder.encode(parameter_string, "UTF-8");

        System.out.println("signature_base_string=" + signature_base_string);

        String oauth_signature = "";

        try {

            oauth_signature = computeSignature(signature_base_string,
                    "122595245-sPcfsJO3GRkJpjzgFLZ918OaHkxeSmwYg9WDn23Z"); // note
                                                                            // the
                                                                            // &
                                                                            // at
                                                                            // the
                                                                            // end.
                                                                            // Normally
                                                                            // the
                                                                            // user
                                                                            // access_token
                                                                            // would
                                                                            // go
                                                                            // here,
                                                                            // but
                                                                            // we
                                                                            // don't
                                                                            // know
                                                                            // it
                                                                            // yet
                                                                            // for
                                                                            // request_token

            System.out.println("oauth_signature="
                    + URLEncoder.encode(oauth_signature, "UTF-8"));

        } catch (GeneralSecurityException e) {

            // TODO Auto-generated catch block

            e.printStackTrace();

        }

        String authorization_header_string = "OAuth oauth_consumer_key=\""
                + oauth_consumer_key
                + "\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"" +

                oauth_timestamp + "\",oauth_nonce=\"" + oauth_nonce
                + "\",oauth_version=\"1.0\",oauth_signature=\""
                + URLEncoder.encode(oauth_signature, "UTF-8") + "\"";

        System.out.println("authorization_header_string="
                + authorization_header_string);

        String oauth_token = "";

        HttpClient httpclient = new DefaultHttpClient();
        try {

//          HttpParams params = new SyncBasicHttpParams();
//          HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
//          HttpProtocolParams.setContentCharset(params, "UTF-8");
//          HttpProtocolParams.setUserAgent(params, "HttpCore/1.1");
//          HttpProtocolParams.setUseExpectContinue(params, false);
//
//          HttpProcessor httpproc = new ImmutableHttpProcessor(
//                  new HttpRequestInterceptor[] {
//                          // Required protocol interceptors
//                          new RequestContent(), new RequestTargetHost(),
//                          // Recommended protocol interceptors
//                          new RequestConnControl(), new RequestUserAgent(),
//                          new RequestExpectContinue() });
//
//          HttpRequestExecutor httpexecutor = new HttpRequestExecutor();
//          HttpContext context = new BasicHttpContext(null);
//          HttpHost host = new HttpHost(
//                  "https://api.twitter.com/oauth/request_token", 443); // use
//                                                                          // 80
//                                                                          // if
//                                                                          // you
//                                                                          // want
//                                                                          // regular
//                                                                          // HTTP
//                                                                          // (not
//                                                                          // HTTPS)
//          DefaultHttpClientConnection conn = new DefaultHttpClientConnection();
//
//          context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn);
//          context.setAttribute(ExecutionContext.HTTP_TARGET_HOST, host);
//
//          // initialize the HTTPS connection
//          SSLContext sslcontext = SSLContext.getInstance("TLS");
//          sslcontext.init(null, null, null);
//          SSLSocketFactory ssf = sslcontext.getSocketFactory();

            // for HTTP, use this instead of the above.
            // Socket socket = new Socket(host.getHostName(), host.getPort());
            // conn.bind(socket, params);

//          BasicHttpEntityEnclosingRequest request2 = new BasicHttpEntityEnclosingRequest(
//                  "POST", "https://api.twitter.com/oauth/request_token");
//          request2.setEntity(new StringEntity("",
//                  "application/x-www-form-urlencoded", "UTF-8"));
//          request2.setParams(params);
//          request2.addHeader("Authorization", authorization_header_string); // this
//                                                                              // is
//                                                                              // where
//                                                                              // we're
//                                                                              // adding
//                                                                              // that
//                                                                              // required
//                                                                              // "Authorization: BLAH"
//                                                                              // header.
//          httpexecutor.preProcess(request2, httpproc, context);
//          HttpResponse response2 = httpexecutor.execute(request2, conn,
//                  context);
//          //
             HttpPost httppost = new
             HttpPost("https://api.twitter.com/oauth/request_token");

             httppost.setHeader("Authorization",authorization_header_string);


             ResponseHandler<String> responseHandler = new
             BasicResponseHandler();

             String responseBody = httpclient.execute(httppost,
             responseHandler);

             oauth_token =
             responseBody.substring(responseBody.indexOf("oauth_token=") + 12,
             responseBody.indexOf("&oauth_token_secret="));

             System.out.println(responseBody);

        }

        catch (ClientProtocolException cpe) {
            System.out.println(cpe.getMessage());
        }

        catch (IOException ioe) {
            System.out.println(ioe.getMessage());
        }

        finally {
            httpclient.getConnectionManager().shutdown();
        }
    }

    private static String computeSignature(String baseString, String keyString)
            throws GeneralSecurityException, UnsupportedEncodingException {

        SecretKey secretKey = null;

        byte[] keyBytes = keyString.getBytes();

        secretKey = new SecretKeySpec(keyBytes, "HmacSHA1");

        Mac mac = Mac.getInstance("HmacSHA1");

        mac.init(secretKey);

        byte[] text = baseString.getBytes();

        return new String(Base64.encodeBase64(mac.doFinal(text))).trim();

    }

}

我想知道,我该如何解决这个问题并获取request_token。

2 个答案:

答案 0 :(得分:0)

看一下像Signpost这样的图书馆。使用所有正确的参数创建签名和&amp;分隔符总是很棘手,你似乎在做所有这些。如果你只是出于学术原因尝试它,那么请阅读rfc!

答案 1 :(得分:0)

假设您的消费者密钥为122595245-sPcfsJO3GRkJpjzgFLZ918OaHkxeSmwYg9WDn23Z,您需要在结尾附加一个与号符号以获取签名密钥。

您的签名基本字符串是正确的(oauth_callback参数除外 - 见下文),因此您的代码可能生成错误的签名。您可以使用在线签名生成器检查您的签名,例如LinkedIn OAuth Test Console

您似乎没有在计算中包含oauth_callback参数。这需要设置为您希望用户在授权您的应用时重定向到的网址,或“oob”用于基于PIN的授权。

顺便说一下,如果上面的代码包含您的实际消费者密钥和消费者秘密,我不会将它们发布在公共论坛上。