美好的一天,我正在编写一个需要通过Twitter进行身份验证的iOS应用。当我向https://api.twitter.com/oauth/request_token发送请求时,我收到401错误消息“无法验证oauth签名和令牌”。
以下是我生成的基本字符串的示例:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3Dfy5lC1V4ojgaolKPnEsbg%26oauth_nonce%3Da55d09b40e3fc189addaf203ef7f2dc475ea2a69%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1315413303%26oauth_version%3D1.0
看不出有什么问题。我还在Twitter文档中使用示例基本字符串和消费者秘密检查了我的签名生成方法:https://dev.twitter.com/docs/auth/oauth 我得到了相同的签名。
我还检查了我的时间戳,但它在UTC纪元时间的一秒内。以下是我得到的响应标题:
Response:{
"Cache-Control" = "no-cache, no-store, must-revalidate, pre-check=0, post-check=0";
Connection = close;
"Content-Encoding" = gzip;
"Content-Length" = 62;
"Content-Type" = "text/html; charset=utf-8";
Date = "Wed, 07 Sep 2011 16:35:05 GMT";
Expires = "Tue, 31 Mar 1981 05:00:00 GMT";
"Last-Modified" = "Wed, 07 Sep 2011 16:35:05 GMT";
Pragma = "no-cache";
Server = hi;
"Set-Cookie" = "admobuu=10208a061552e8488e7953874e764745; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT, _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBMnvkQyAToHaWQiJThkNjJhNDI5YjI1MDEz%250AOWQxYTcxYTYyODg3NWQ2OTkyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--94b10215c29c55d20de023c624296349f461f69d; domain=.twitter.com; path=/; HttpOnly";
Status = "401 Unauthorized";
Vary = "Accept-Encoding";
"X-Content-Type-Options" = nosniff;
"X-Frame-Options" = SAMEORIGIN;
"X-Mid" = d09597bbd71f66cf5869d99b2f3cf994fbf7dfb9;
"X-Revision" = DEV;
"X-Runtime" = "0.00428";
"X-Transaction" = "1315413305-15807-4243";
}
这是我的Objective C代码:
// Strings
NSString *urlString = @TWITTER_REQUEST_TOKEN_URL;
NSString *urlEncoded = (NSString *)CFURLCreateStringByAddingPercentEscapes(NULL, (CFStringRef)urlString, NULL, (CFStringRef)@"!*'();:@&=+$,/?%#[]", kCFStringEncodingUTF8);
NSString *oauthCallback = @TWITTER_CALLBACK;
NSString *oauthConsumerKey = @TWITTER_KEY;
NSString *oauthConsumerSecret = @TWITTER_SECRET;
NSString *timestamp = [NSString stringWithFormat:@"%d",(long)[[NSDate date] timeIntervalSince1970]];
NSInteger randomNumber = arc4random();
NSString *randomString = [NSString stringWithFormat:@"%d",randomNumber];
NSString *oauthNonce = [HashService sha1DigestFromKey:timestamp andBaseString:randomString];
NSString *oauthSignatureMethod = @"HMAC-SHA1";
NSString *oauthVersion = @"1.0";
// Create base string and signature
NSMutableString *baseString = [NSMutableString stringWithFormat:@"POST&%@&",urlEncoded];
NSString *paramString = [NSString stringWithFormat:@"oauth_callback=%@&oauth_consumer_key=%@&oauth_nonce=%@&oauth_signature_method=%@&oauth_timestamp=%@&oauth_version=%@",oauthCallback,oauthConsumerKey,oauthNonce,oauthSignatureMethod,timestamp,oauthVersion];
NSString *paramStringEncoded = (NSString *)CFURLCreateStringByAddingPercentEscapes(NULL, (CFStringRef)paramString, NULL, (CFStringRef)@"!*'();:@&=+$,/?%#[]", kCFStringEncodingUTF8);
[baseString appendString:paramStringEncoded];
NSString *signingKey = [NSString stringWithFormat:@"%@&",oauthConsumerSecret];
NSString *oauthSignature = [HashService HmacSha1FromKey:signingKey andBaseString:baseString];
// Create request
NSURL *url = [NSURL URLWithString:urlString];
NSString *authHeader = [NSString stringWithFormat: @"OAuth oauth_nonce=\"%@\",oauth_callback=\"%@\",oauth_signature_method=\"%@\",oauth_timestamp=\"%@\",oauth_consumer_key=\"%@\",oauth_version=\"%@\",oauth_signature=\"%@\"",oauthNonce,oauthCallback,oauthSignatureMethod,timestamp,oauthConsumerKey,oauthVersion,oauthSignature];
ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
[request addRequestHeader:@"Authorization" value:authHeader];
request.requestMethod = @"POST";
[request startSynchronous];
我无法让它发挥作用。建议?
答案 0 :(得分:0)
终于开始工作了。创建Authorization标头时,oauth_signature需要进行URL编码。