我有一个与Wordpress集成的Magento 2。我在Wordpress中调用REST API调用,需要身份验证。我正在使用OAuth 1.0a。
看起来我在创建OAuth签名时遇到了麻烦。 Wordpress总是返回错误:
string(106) "{"code":"json_oauth1_signature_mismatch","message":"OAuth signature does not match","data":{"status":401}}"
创建OAuth签名的代码如下(我基于Magento内部的代码)
public function buildAuthorizationHeader(
$params,
$requestUrl,
$signatureMethod = self::SIGNATURE_SHA1,
$httpMethod = 'POST'
) {
$headerParameters = [
'oauth_nonce' => $this->_nonceGenerator->generateNonce(null),
'oauth_timestamp' => $this->_nonceGenerator->generateTimestamp(),
'oauth_version' => '1.0',
'oauth_signature_method' => $signatureMethod
];
$headerParameters = array_merge($headerParameters, $params);
$headerParameters['oauth_signature'] = $this->_httpUtility->sign(
$params,
$signatureMethod,
$headerParameters['oauth_consumer_secret'],
$headerParameters['oauth_token_secret'],
$httpMethod,
$requestUrl
);
$authorizationHeader = $this->_httpUtility->toAuthorizationHeader($headerParameters);
$authorizationHeader = str_replace('realm="",', '', $authorizationHeader);
return $authorizationHeader;
}
关于我可能做错的任何线索。
提前致谢,
答案 0 :(得分:0)
我没有将完整参数签名为子集。现在工作完美。我发布我的课,以防有人发现它有用:)
use Magento\Framework\App\Helper\AbstractHelper;
class OAuth extends AbstractHelper
{
const SIGNATURE_SHA1 = 'HMAC-SHA1';
/**
* @var \Zend_Oauth_Http_Utility
*/
protected $_httpUtility;
/**
* @var \Magento\Framework\Oauth\NonceGeneratorInterface
*/
protected $_nonceGenerator;
public function __construct(
\Magento\Framework\Oauth\NonceGeneratorInterface $nonceGenerator,
\Zend_Oauth_Http_Utility $httpUtility = null
) {
$this->_nonceGenerator = $nonceGenerator;
// null default to prevent ObjectManagerFactory from injecting, see MAGETWO-30809
$this->_httpUtility = $httpUtility ?: new \Zend_Oauth_Http_Utility();
}
public function buildAuthorizationHeader(
$params,
$requestUrl,
$httpMethod = 'POST'
) {
$headerParameters = [
'oauth_nonce' => $this->_nonceGenerator->generateNonce(null),
'oauth_timestamp' => $this->_nonceGenerator->generateTimestamp(),
'oauth_version' => '1.0',
'oauth_signature_method' => self::SIGNATURE_SHA1
];
$headerParameters = array_merge($headerParameters, $params);
$headerParameters['oauth_signature'] = $this->_httpUtility->sign(
$headerParameters,
self::SIGNATURE_SHA1,
$headerParameters['oauth_consumer_secret'],
$headerParameters['oauth_token_secret'],
$httpMethod,
$requestUrl
);
$authorizationHeader = $this->_httpUtility->toAuthorizationHeader($headerParameters);
$authorizationHeader = str_replace('realm="",', '', $authorizationHeader);
return $authorizationHeader;
}
}
答案 1 :(得分:0)
回答为时已晚,但将其发布以供其他参考。
使用Groovy生成OAuth 1.0签名:
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.Mac;
import java.net.URLEncoder;
import com.eviware.soapui.support.types.StringToStringMap;
def method = "POST";
def protocal = "https";
def host = "testurl.com";
def port = "8888";
def baseURI = "https://testurl.com:8888";
def api = "/getAccess";
def encodedURL = URLEncoder.encode(baseURI + api,"UTF-8");
def baseString = method + "&" + encodedURL + "&clientID=1234567890" + "&clientPassword=testpassword";
SecretKeySpec key = new SecretKeySpec(("1232131231232132131232321321").getBytes("UTF-8"),"HmacSHA1");
//1232131231232132131232321321 - Secret key
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(key);
byte[] bytes = mac.doFinal(baseString.getBytes("UTF-8"));
StringBuilder sb = new StringBuilder();
for (byte b : bytes) {
sb.append(String.format("%1\$02X", b));
}
log.info( sb.toString().toLowerCase());
在Java语言中:
var method = "POST";
var protocal = "https";
var host = "testUrl.com";
var port = "8888";
var baseURI = "https://testUrl.com:8888/";
var api = "/getAccess";
var encodedURL = encodeURIComponent(baseURI + api)
var baseString = method + "&" + encodedURL + "&clientID=" + "client-id" + "&clientPassword=" + "client-pass"
var signature = CryptoJS.HmacSHA1(baseString, "123123123123123123");
// 123123123123123123 - secret key
var hexSignature = signature.toString(CryptoJS.enc.Hex);
console.log(hexSignature);