我有一个OAuth的实现,与Fitbit一起从fitbit的服务中提取数据。然而,他们最近更新了他们的服务,现在每当我尝试获取访问令牌时请求都会失败。
他们就新要求发表了以下声明:
The solution is to OAuth sign the requests to <https://api.fitbit.com/oauth/request_token> and <https://api.fitbit.com/oauth/access_token> in a similar manner that all other calls to the Fitbit API are signed.
Requests to <https://api.fitbit.com/oauth/request_token> need to be signed with your application's consumer key and secret.
Requests to <https://api.fitbit.com/oauth/access_token> need to be signed with your application's consumer key and secret and the oauth_token and oauth_verifier received from the authorization callback.
我正在使用PHP PECL OAuth库来处理OAuth请求。但是,我找不到向签名添加其他参数的方法。我正在尝试以下操作,但我不确定这是更新OAuth签名的正确方法:
$params['consumer_key'] = $this->consumer_key;
$params['consumer_secret'] = $this->consumer_secret;
$params['oauth_token'] = $this->oauth_token;
$params['oauth_verifier'] = $_REQUEST['oauth_verifier'];
$this->signature = $this->oauth->generateSignature('GET', $this->access_url, $params);
$this->access_token = $this->oauth->getAccessToken($this->access_url, $this->signature, $_REQUEST['oauth_verifier']);
我得到的OAuth错误是:
401
Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)
oauthoauth_signatureInvalid signature: FfvYDv5MSOfwcOwLZBJa0TlKS4Q=false
从上面的代码中存储的签名表明正确的签名应该是:
[signature] => wlfzqPs4aEkTkHfqyaO65D/RW6o=
这是调试信息的“Headers Sent”部分:
[headers_sent] => Authorization: OAuth oauth_session_handle="Frdnxw8oHe3BgNVi0Fy4jBXrZko%3D",
oauth_verifier="ss6nmke8elf3so66jg3auued49",
oauth_consumer_key="(my key)",
oauth_signature_method="HMAC-SHA1",
oauth_nonce="30463910852ea5cc2d04e60.71895372",
oauth_timestamp="1391090882",
oauth_version="1.0",
oauth_token="2cabd6beab341e332bdf8e522b6019ef",
oauth_signature="hULwWcQOl%2F8aYjh0YjR843iVXtA%3D"
我在文档中找不到任何解释如何设置OAuth签名以与其请求一起使用的文档。任何帮助将不胜感激!!!
如果您需要更多信息,请与我们联系!
答案 0 :(得分:0)
我找到了这个问题。
事实证明我没有保存正在递交的oauth_token_secret,而是使用了消费者秘密。
我更新后,流程按预期运行。