使用HMAC-SHA1生成OAuth签名?

时间:2014-07-07 14:40:51

标签: oauth

我为提出这么多问题而道歉,但似乎没有人得到答案,我真的需要帮助。我正在使用LTI将我的程序集成到学习管理系统中,我需要使用OAuth进行身份验证。我按照指南here生成签名没有任何问题,但我生成的签名永远不会与LMS传递给我的签名相符,我无法弄清楚为什么他们永远不会匹配我的生活。我希望这是我不知道的事情,但我真的需要一些帮助。

当我从LMS启动我的程序时,我通过POST在所谓的LTI启动中发送了这个数组:

array(
  'launch_presentation_locale' => 'EN-US__',
  'tool_consumer_instance_guid' => 'key',
  'tool_consumer_instance_name' => 'MyProgram',
  'tool_consumer_instance_description' => 'MyProgram',
  'tool_consumer_instance_contact_email' => 'johndoe@email.com',
  'tool_consumer_info_version' => '10.3.0 SP5',
  'tool_consumer_info_product_family_code' => 'desire2learn',
  'context_id' => '2440554',
  'context_title' => 'ContextTitle',
  'context_label' => 'ContextTitle',
  'context_type' => '',
  'user_id' => 'USER_ID',
  'roles' => 'None',
  'lis_person_name_given' => 'John',
  'lis_person_name_family' => 'Doe',
  'lis_person_name_full' => 'John Doe',
  'lis_person_contact_email_primary' => 'johndoe@email.com',
  'ext_tc_profile_url' => 'https://profileurl.com',
  'ext_d2l_token_id' => '123456789',
  'ext_d2l_link_id' => '1234',
  'ext_d2l_token_digest' => 'AbCdEfGhIjKlMnOpQrStUvWxYzi=',
  'resource_link_id' => '',
  'resource_link_title' => 'MyProgram',
  'resource_link_description' => 'MyProgram',
  'lis_result_sourcedid' => 'abcdefgh-ijkl-mnop-qrst-uvwxyz012345',
  'lis_outcome_service_url' => 'https://outcomeserviceurl.com',
  'lti_version' => 'LTI-1p0',
  'lti_message_type' => 'basic-lti-launch-request',
  'oauth_version' => '1.0',
  'oauth_nonce' => '123456789',
  'oauth_timestamp' => '1234567890',
  'oauth_signature_method' => 'HMAC-SHA1',
  'oauth_consumer_key' => 'key',
  'oauth_callback' => 'about:blank',
  'oauth_signature' => 'eFUR8O5xVydLrj4PDj37nF4cq6A=',
  'basiclti_submit' => 'Launch Endpoint with BasicLTI Data'
);

这是我正在尝试的。我已添加评论以澄清步骤:

// Set variables that are required for the signature to be generated. 
$OAUTH_KEY = 'key';
$OAUTH_SECRET = 'secret';
$httpMethod = 'POST';
$SITE_URL = 'https://localhost/test.php';

// make array copy of entire POST data, remove the 'oauth_signature' field as specified in the oauth spec from the copy array, then sort alphabetically. After that, url encode the key/value of each item in the copy array and store into a string for later use.
$request_parameter_array = $_POST;
unset($request_parameter_array['oauth_signature']);
ksort($request_parameter_array);
$request_parameter_str = '';
foreach($request_parameter_array as $key => $value) {
    $request_parameter_str .= rawurlencode($key) . '=' . rawurlencode($value) . '&';
}

// create the signature base string (string variable that the actual signature is created from) by following these steps from the OAuth documentation:

//     1.  The HTTP request method in uppercase.  For example: "HEAD",
//         "GET", "POST", etc.  If the request uses a custom HTTP method, it
//         MUST be encoded (Section 3.6).

//    2.  An "&" character (ASCII code 38).

//    3.  The base string URI from Section 3.4.1.2, after being encoded
//        (Section 3.6).

//    4.  An "&" character (ASCII code 38).

//    5.  The request parameters as normalized in Section 3.4.1.3.2, after
//        being encoded (Section 3.6).

$key = rawurlencode($OAUTH_SECRET) . '&';
$signature_base = strtoupper($httpMethod) . '&' . rawurlencode($SITE_URL) . '&';
$signature_base .= rawurlencode($request_parameter_str);

$signature = base64_encode(hash_hmac("sha1", $signature_base, $key, true));
echo $signature;

1 个答案:

答案 0 :(得分:0)

我想这是我自己的愚蠢问题。这个问题来自D2L本身,因为我误解了使用工具链接与工具提供程序进行集成之间的区别。我确实删除了我的工具提供程序,并使用工具链接,现在我可以每次都进行身份验证。

事实证明,这里的代码根本没有问题。