为什么Twitter返回“无法验证oauth签名和令牌?”

时间:2010-06-02 04:55:33

标签: php twitter oauth

很抱歉打扰你但另一个“无法验证oauth签名和令牌”错误,但我无法弄清楚我的请求有什么问题。

我正在用这个字符串构建我的签名:

POST&http%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2Fcraiga.id.au%2Ftwitter%2Fconnected%26oauth_consumer_key%3Dtm5...DOg%26oauth_nonce%3D8...22b%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275453048%26oauth_version%3D1.0

从这里我使用以下PHP代码生成28个字符的签名:

base64_encode(hash_hmac('sha1', $raw, 'YUo...HIU' . '&', true));

使用此签名,我发送以下请求:

POST http://api.twitter.com/oauth/request_token HTTP/1.1
Host: api.twitter.com
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive
Authorization: OAuth oauth_nonce="3D8...22b", oauth_callback="http%3A%2F%2Fcraiga.id.au%2Ftwitter%2Fconnected", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1275453048", oauth_consumer_key="tm5...DOg", oauth_signature="aYd...c6E%3D", oauth_version="1.0"
Content-Length: 266
Content-Type: application/x-www-form-urlencoded

oauth_callback=http%3A%2F%2Fcraiga.id.au%2Ftwitter%2Fconnected&oauth_consumer_key=tm5...DOg&oauth_nonce=3D8...22b&oauth_signature_method=HMAC-SHA1&oauth_timestamp= 1275453048&oauth_version=1.0

我从Twitter获得以下对此请求的回复:

HTTP/1.1 401 Unauthorized
Date: Wed, 02 Jun 2010 04:40:14 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1275453614-48409-7443
Last-Modified: Wed, 02 Jun 2010 04:40:14 GMT
X-Runtime: 0.01083
Content-Type: text/html; charset=utf-8
Content-Length: 44
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: k=58.161.42.101.1275453614748615; path=/; expires=Wed, 09-Jun-10 04:40:14 GMT; domain=.twitter.com
Set-Cookie: guest_id=12754536147577949; path=/; expires=Fri, 02 Jul 2010 04:40:14 GMT
Set-Cookie: _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCKaq9fYoAToRdHJhbnNfcHJvbXB0MDoHaWQi%250AJWU0ZDFhMGQzMWU0NTZjMzJiZWFkNWUzMTA4ZDRjOTg3IgpmbGFzaElDOidB%250AY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--f1e5c7649858a1694f24307504354846bbc1d16b; domain=.twitter.com; path=/
Vary: Accept-Encoding
Connection: close

Failed to validate oauth signature and token

如果有人可以说明为什么会失败,我很乐意听到。

3 个答案:

答案 0 :(得分:1)

您使用了错误的信息来生成签名。 你应该使用......

  

oauth_callback = http%3A%2F%2Fcraiga.id.au%2Ftwitter%2Fconnected& oauth_consumer_key = tm5 ... DOg& oauth_nonce = 3D8 ... 22b& oauth_signature_method = HMAC-SHA1& oauth_timestamp = 1275453048& oauth_version = 1.0

...生成签名(阅读:不使用' POST'和请求URI)

有关详细信息,请参阅Twitter Developers: Creating a signature

答案 1 :(得分:1)

存在问题导致服务器未与Twitter时间同步的时间 服务器运行的100%解决方案(用于同步时钟)

sudo ntpdate -s time.nist.gov

并使用

检查推特时间 
lynx --dump --head https://api.twitter.com/1/help/test.json

答案 2 :(得分:1)

我最近在尝试从Spout(Storm)连接到Twitter时遇到了类似的问题;必须使用以下方式同步我的Ubuntu时钟:

sudo apt-get install ntp

相关问题
最新问题