如何使用自定义访问令牌为2脚oAuth签名请求

时间:2015-08-19 18:44:25

标签: ruby oauth gem rest-client

我使用oauth-ruby gem一段时间了,我已经实现了两种类型的auth:

  1. 默认一个
  2. 和自定义,使用通过短信发送的OTP

    3. 它们现在都完美无缺

    但现在我正试图实施新的(3)双腿oauth。我遇到了一些我实际上无法理解的问题。 使用来自(3)的访问令牌的所有签名请求都因为无效令牌而失败。对于(1-2),它没有任何问题。

    签名请求通过RestClient.before_execution_proc实现:

    RestClient.add_before_execution_proc do |req, params|
  access_token.sign!(req)
end

    我认为问题来自access_token = OAuth::AccessToken,因为其他2之间存在实际差异。 任何建议或建议都会非常有用

    1 

    def default_oauth(login, pass, device: Device.new)
  @cookies = login_req(login, pass).cookies
  headers = common_headers.merge("Cookie" => @cookies)
  #Get request token
  request_token = consumer.get_request_token
  # Authorize request key
  authorize = RestClient.post(base_url + '/oauth/authorize',
                              { requestToken: request_token.token, authorize: 'Authorize'},
                              headers) {|response, request, result| response }
  auth_url_resp = RestClient.get(authorize.headers[:location], headers: headers) {|response, request, result| response }
  # Get Access key
  access_token = request_token.get_access_token
end

    2 

    def custom_oauth(phone, pin, otp: nil, device: Device.new)
  otp = phone.to_s[-5..-1] if otp.nil?
  resp = RestClient.post("#{base_url}/rest/smartphone/otp/sms-sender/#{phone}", '', common_headers) {|response, request, result| response }

  request_token = consumer.get_request_token
  payload = {
      device: device.to_h,
      otp: otp,
      password: pin.to_s,
      requestToken: request_token.token
  }
  headers = json_headers.merge('Cookie' => otp)
  authorize = RestClient.post(base_url + '/oauth/otp-authorization',
                              payload.to_json, headers) {|response, request, result| response }
  @access_token = request_token.get_access_token
end

    3 

    def new_oauth(login, pass, entry, device: Device.new)
  tkn = consumer.get_request_token.token
  payload = {
      username: login,
      password: pass.to_s,
      requestToken: tkn,
      entryPoint: entry,
      device: device.to_h
  }

  headers =json_headers(device.id)
  resp = RestClient.post("#{base_url}/oauth/login-authorization", payload.to_json, headers) {|response, request, result| response}
  hsh ={oauth_token: resp.headers[:accesstoken], oauth_token_secret: resp.headers[:tokensecret] }
  access_token = OAuth::AccessToken.from_hash(consumer, hsh)
end

    消费者:

    def consumer
  @consumer ||= build_consumer
end

def build_consumer
  key = 'key_string'
  secret ='secret_string'
  OAuth::Consumer.new(key, secret, :site => base_url)
end

1 个答案:

答案 0 :(得分:0)

问题与服务器(Spring)编码相关。 oauth-ruby gem正在转义用于签名创建的令牌密钥(组合密钥或加密密钥)。默认情况下,Spring在服务器端执行相同操作。

Unescaping access_token.secret解决了这个问题:

access_token.secret = OAuth::Helper.unescape(access_token.secret)

相关问题
最新问题