我正在使用dev.twitter.com的“我的应用程序”页面中的OAuth工具生成用于获取OAuth request_token的cURL命令。但是当我运行cURL命令时,我总是得到 401 Unauthorized 响应。有人可以帮忙吗?
备注:
oauth_token
的值。oob
值。oauth_callback=oob
放在Authorization
标题中,而不是放在POST数据中这是生成的cURL命令:
curl --request 'POST' 'http://api.twitter.com/oauth/request_token' --data 'oauth_callback=oob' --header 'Authorization: OAuth oauth_consumer_key="tE5nLRh4gcSB3hsQc8iPw", oauth_nonce="94408715574f443f45d6f291d0105bd6", oauth_signature="xA70n%2FXPUQ1EuGjdtf6jz9J%2FZUs%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1385744996", oauth_token="******", oauth_version="1.0"' --verbose
输出上述cURL命令:
* About to connect() to api.twitter.com port 80 (#0)
* Trying 199.59.149.199... connected
* Connected to api.twitter.com (199.59.149.199) port 80 (#0)
> POST /oauth/request_token HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8y zlib/1.2.5
> Host: api.twitter.com
> Accept: */*
> Authorization: OAuth oauth_consumer_key="tE5nLRh4gcSB3hsQc8iPw", oauth_nonce="4a5cc00de2b606e0f8a739194e21d7af", oauth_signature="IBoBxEpymr2hYMLSISrzHRucbEc%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1385744052", oauth_token="**********", oauth_version="1.0"
> Content-Length: 18
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 401 Unauthorized
< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< content-length: 44
< content-type: text/html; charset=utf-8
< date: Fri, 29 Nov 2013 17:10:28 GMT
< expires: Tue, 31 Mar 1981 05:00:00 GMT
< last-modified: Fri, 29 Nov 2013 17:10:28 GMT
< pragma: no-cache
< server: tfe
< set-cookie: _twitter_sess=BAh7CDoHaWQiJTc3YzFiYTFiMzNlMTZmYzVhMjFkODdlMGIwN2FlMDk1Og9j%250AcmVhdGVkX2F0bCsIARbXpEIBIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--d3b782133d5b46e57716bb0bd8da05928e754277; domain=.twitter.com; path=/; secure; HttpOnly
< set-cookie: guest_id=v1%3A138574502859327916; Domain=.twitter.com; Path=/; Expires=Sun, 29-Nov-2015 17:10:28 UTC
< status: 401 Unauthorized
< vary: Accept-Encoding
< x-frame-options: SAMEORIGIN
< x-mid: 6a66f617778e5cc014e432a7ec7228027a61baca
< x-runtime: 0.01191
< x-transaction: 4516e92fc449126d
< x-ua-compatible: IE=10,chrome=1
< x-xss-protection: 1; mode=block
<
* Connection #0 to host api.twitter.com left intact
* Closing connection #0
Failed to validate oauth signature and token
答案 0 :(得分:4)
这是一个很长的镜头,但你的时钟是否正确设置? Twitter只允许请求标头和它们的时钟之间大约5分钟的差异。本周早些时候,这完全是我的屁股,并不是最好的文件记录。
埋在这个帖子中:
https://dev.twitter.com/discussions/15112
来自Taylor Singletary(在Twitter工作)的帖子大约四分之一/三分之一说:“...查看您的时间戳,看起来您可能比我们的服务器提前几分钟。这可能是您遇到的问题。”