我厌倦了将request-oauth库(基于python-request)移植到Python 3(借助2to3)但我在使用StatusNet(与Twitter相同的API)验证签名时遇到了问题。 / p>
当我向oauth/request_token
发出请求时,我没有问题,但oauth/access_token
我发生错误401 Invalid signature
。我不明白为什么,因为在我看来,我签的是正确的。
例如,使用python 2代码,cf hook.py和auth.py(来自git repo的原始代码),我得到:
signing_key = '0de1456373dfc9349dd38a48e61fc844&136d6b9a597ee57d4338254812681acd',
signing_raw = 'POST&http%3A%2F%2Fstatus2.dotzero.me%2Fapi%2Foauth%2Faccess_token&oauth_consumer_key%3Dec3ad931b294b51a5ff595c732acb7a5%26oauth_nonce%3D33448267%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1332279747%26oauth_token%3D2131043f3516bcb730d391ed2033a880%26oauth_verifier%3D8816492%26oauth_version%3D1.0'
oauth_hook.token.key = '2131043f3516bcb730d391ed2033a880'
oauth_hook.token.secret = '136d6b9a597ee57d4338254812681acd'
request.data_and_params = {'oauth_version': '1.0', 'oauth_signature': 'xyjxH5QcfZXnG111L7qANZ+ahRI=',
'oauth_token': '2131043f3516bcb730d391ed2033a880', 'oauth_nonce': '33448267',
'oauth_timestamp': '1332279747', 'oauth_verifier': '8816492',
'oauth_consumer_key': 'ec3ad931b294b51a5ff595c732acb7a5',
'oauth_signature_method': 'HMAC-SHA1'}
使用我的python 3端口,cf hook.py和auth.py,我得到:
signing_key = '0de1456373dfc9349dd38a48e61fc844&136d6b9a597ee57d4338254812681acd',
signing_raw = 'POST&http%3A%2F%2Fstatus2.dotzero.me%2Fapi%2Foauth%2Faccess_token&oauth_consumer_key%3Dec3ad931b294b51a5ff595c732acb7a5%26oauth_nonce%3D52360702%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1332278837%26oauth_token%3D2131043f3516bcb730d391ed2033a880%26oauth_verifier%3D8816492%26oauth_verifier%3D8816492%26oauth_version%3D1.0'
oauth_hook.token.key = '2131043f3516bcb730d391ed2033a880'
oauth_hook.token.secret = '136d6b9a597ee57d4338254812681acd'
request.data_and_params = {'oauth_nonce': '52360702', 'oauth_timestamp': '1332278837',
'oauth_verifier': '8816492', 'oauth_consumer_key': 'ec3ad931b294b51a5ff595c732acb7a5',
'oauth_signature_method': 'HMAC-SHA1', 'oauth_version': '1.0',
'oauth_token': '2131043f3516bcb730d391ed2033a880',
'oauth_signature': 'BRsb11dk++405uaq5pRS+CMUzbo='}
两者看起来都不错,但第一个成功,第二个返回401错误,签名无效。
在这两种情况下,我得到token.key
和token.secret
作为结果:
OAuthHook.consumer_key = self.ckey
OAuthHook.consumer_secret = self.csecret
oauth_hook = OAuthHook()
client = requests.session(hooks={'pre_request': oauth_hook})
response = client.post('%soauth/request_token' % (self.url), {'oauth_callback': 'oob'})
# new oauth_hook with the request token
oauth_hook = OAuthHook(response[b'oauth_token'][0],response[b'oauth_token_secret'][0])
他们,我去oauth/authorize?oauth_token=%s" % oauth_hook.token.key
获得授权应用并获得密码。之后,我可以做有问题的请求
...
response = client.post('%soauth/request_token' % (self.url), {'oauth_callback': 'oob'})
oauth_hook = OAuthHook(response[b'oauth_token'][0],response[b'oauth_token_secret'][0])
# get the pincode from %soauth/authorize?oauth_token=%s" % (self.url, oauth_hook.token.key)
oauth_hook.token.set_verifier(pincode)
client = requests.session(hooks={'pre_request': oauth_hook})
response = client.post("%soauth/access_token" % (self.url),
{'oauth_verifier': pincode})
auth.py文件中的签名代码是
def sign(self, request, consumer, token):
"""Builds the base signature string."""
key, raw = self.signing_base(request, consumer, token)
hashed = hmac.new(key.encode(), raw.encode(), sha1)
# Calculate the digest base 64.
return binascii.b2a_base64(hashed.digest())[:-1]
知道为什么它不能用py3k代码吗?
谢谢
答案 0 :(得分:1)
您可能需要验证请求中的Authorization标头字符串。通常它的格式为:
'授权' => ' OAuth的 境界="",oauth_timestamp =" 1243392158",oauth_nonce =" VsaPHb",oauth_consumer_key =" xxxxxxxxxxxxxxxxxx",组oauth_token =" XXXXXX-XXXX-XXXXXXXXXXXXXX",oauth_version =" 1.0",oauth_signature_method =" HMAC-SHA1",oauth_signature =" XXXXXXXXXXXXXXXXXXXX"'
在上面的标题值中,检查" oauth_signature "被正确解码。也就是说,它不应包含以下值:%3D 。您可以使用this tool解码字符串。
这对我有用。希望它可以帮到某人。
答案 1 :(得分:0)
找到答案! POST请求中有两个oauth_verifier
,导致签名错误......