OAuth签名生成

时间:2016-11-04 01:23:53

标签: php wordpress magento oauth

我有一个与Wordpress集成的Magento 2。我在Wordpress中调用REST API调用,需要身份验证。我正在使用OAuth 1.0a。

看起来我在创建OAuth签名时遇到了麻烦。 Wordpress总是返回错误:

string(106) "{"code":"json_oauth1_signature_mismatch","message":"OAuth signature does not match","data":{"status":401}}"

创建OAuth签名的代码如下(我基于Magento内部的代码)

public function buildAuthorizationHeader(
        $params,
        $requestUrl,
        $signatureMethod = self::SIGNATURE_SHA1,
        $httpMethod = 'POST'
    ) {
        $headerParameters = [
            'oauth_nonce' => $this->_nonceGenerator->generateNonce(null),
            'oauth_timestamp' => $this->_nonceGenerator->generateTimestamp(),
            'oauth_version' => '1.0',
            'oauth_signature_method' => $signatureMethod
        ];
        $headerParameters = array_merge($headerParameters, $params);
        $headerParameters['oauth_signature'] = $this->_httpUtility->sign(
            $params,
            $signatureMethod,
            $headerParameters['oauth_consumer_secret'],
            $headerParameters['oauth_token_secret'],
            $httpMethod,
            $requestUrl
        );

        $authorizationHeader = $this->_httpUtility->toAuthorizationHeader($headerParameters);
        $authorizationHeader =  str_replace('realm="",', '', $authorizationHeader);
        return $authorizationHeader;
    }

关于我可能做错的任何线索。

提前致谢,

2 个答案:

答案 0 :(得分:0)

我没有将完整参数签名为子集。现在工作完美。我发布我的课,以防有人发现它有用:)

use Magento\Framework\App\Helper\AbstractHelper;

class OAuth extends AbstractHelper
{
    const SIGNATURE_SHA1 = 'HMAC-SHA1';

    /**
     * @var  \Zend_Oauth_Http_Utility
     */
    protected $_httpUtility;

    /**
     * @var \Magento\Framework\Oauth\NonceGeneratorInterface
     */
    protected $_nonceGenerator;

    public function __construct(
        \Magento\Framework\Oauth\NonceGeneratorInterface $nonceGenerator,
        \Zend_Oauth_Http_Utility $httpUtility = null
    ) {
        $this->_nonceGenerator = $nonceGenerator;
        // null default to prevent ObjectManagerFactory from injecting, see MAGETWO-30809
        $this->_httpUtility = $httpUtility ?: new \Zend_Oauth_Http_Utility();
    }

    public function buildAuthorizationHeader(
        $params,
        $requestUrl,
        $httpMethod = 'POST'
    ) {
        $headerParameters = [
            'oauth_nonce' => $this->_nonceGenerator->generateNonce(null),
            'oauth_timestamp' => $this->_nonceGenerator->generateTimestamp(),
            'oauth_version' => '1.0',
            'oauth_signature_method' => self::SIGNATURE_SHA1
        ];
        $headerParameters = array_merge($headerParameters, $params);
        $headerParameters['oauth_signature'] = $this->_httpUtility->sign(
            $headerParameters,
            self::SIGNATURE_SHA1,
            $headerParameters['oauth_consumer_secret'],
            $headerParameters['oauth_token_secret'],
            $httpMethod,
            $requestUrl
        );

        $authorizationHeader = $this->_httpUtility->toAuthorizationHeader($headerParameters);
        $authorizationHeader =  str_replace('realm="",', '', $authorizationHeader);
        return $authorizationHeader;
    }

}

答案 1 :(得分:0)

回答为时已晚,但将其发布以供其他参考。

使用Groovy生成OAuth 1.0签名:

import javax.crypto.spec.SecretKeySpec;
import javax.crypto.Mac;
import java.net.URLEncoder; 
import com.eviware.soapui.support.types.StringToStringMap;
def method = "POST";
def protocal = "https";
def host = "testurl.com";
def port = "8888";
def baseURI = "https://testurl.com:8888";
def api = "/getAccess";
def encodedURL = URLEncoder.encode(baseURI + api,"UTF-8");
def baseString = method + "&" + encodedURL + "&clientID=1234567890" + "&clientPassword=testpassword";
 SecretKeySpec key = new SecretKeySpec(("1232131231232132131232321321").getBytes("UTF-8"),"HmacSHA1"); 
 //1232131231232132131232321321 - Secret key
    Mac mac = Mac.getInstance("HmacSHA1");
    mac.init(key); 
    byte[] bytes = mac.doFinal(baseString.getBytes("UTF-8")); 
    StringBuilder sb = new StringBuilder();
for (byte b : bytes) {
    sb.append(String.format("%1\$02X", b));
}
log.info( sb.toString().toLowerCase());

在Java语言中:

var method = "POST";
var protocal = "https";
var host = "testUrl.com";
var port = "8888";
var baseURI = "https://testUrl.com:8888/";
var api = "/getAccess";
var encodedURL = encodeURIComponent(baseURI + api)
var baseString = method + "&" + encodedURL + "&clientID=" + "client-id" + "&clientPassword=" + "client-pass"
var signature = CryptoJS.HmacSHA1(baseString, "123123123123123123");
// 123123123123123123 - secret key
var hexSignature = signature.toString(CryptoJS.enc.Hex);
console.log(hexSignature);