使用HMAC-SHA1加密创建OAuth签名返回HTTP 401
问题
您好,我需要对需要OAuth加密的API进行身份validation。
我的方向正确,但我确信我的签名基本字符串有问题。 由于HMACSHA1 Hash基于Key和BaseString,因此我得到了错误的oauth_signature。
OAuth签名流程
至今
我已经能够收集所有必需的数据,其中包括:
- 消费者密钥
- 消费者秘密
- Acces Token
- Acces Secret
- Sha1Hased Value(基于Key和Message,其中Message是签名Base string)
- 签名基本字符串
问题
由于签名无效,我收到了HTTP(401错误请求)。
注意:我很确定这是我如何构建我的签名基本字符串 。 有关我使用的API文档的信息,请查看底部页面。
代码
GetOAuthToken (做实际请求)
public static string GetAuthorizationToken() { string TimeInSecondsSince1970 = ((int)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds).ToString(); string Nonce = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(TimeInSecondsSince1970 + TimeInSecondsSince1970 + TimeInSecondsSince1970)); HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(GetAppleApiUrl.GetUrl(AppleApiUrl.SESSION_TOKEN)); httpWebRequest.Method = "GET"; string consumer_secret = Uri.EscapeDataString(Settings.SettingsManager.consumer_secret); string token_secret = Uri.EscapeDataString(Settings.SettingsManager.access_secret); string signature_base_string = GetSignatureBaseString(TimeInSecondsSince1970, Nonce); string SHA1HASH = GetSha1Hash(consumer_secret + "&" + token_secret, signature_base_string); string Header = "OAuth realm=" + '"' + "ADM" + '"' + "," + "oauth_consumer_key=" + '"' + Settings.SettingsManager.consumer_key + '"' + "," + "oauth_token=" + '"' + Settings.SettingsManager.access_token + '"' + "," + "oauth_signature_method=" + '"' + "HMAC-SHA1" + '"' + "," + "oauth_signature= " + '"' + SHA1HASH + '"' + "," + "oauth_timestamp=" + '"' + TimeInSecondsSince1970 + '"' + "," + "oauth_nonce=" + '"' + Nonce + '"' + "," + "oauth_version=" + '"' + "1.0" + '"' + ","; httpWebRequest.Headers.Add(HttpRequestHeader.Authorization, Header); var Result = httpWebRequest.GetResponse(); return Result.ToString(); } GetSha1Hash
public static string GetSha1Hash(string key, string message) { var encoding = new System.Text.ASCIIEncoding(); byte[] keyBytes = encoding.GetBytes(key); byte[] messageBytes = encoding.GetBytes(message); string Sha1Result = string.Empty; using (HMACSHA1 SHA1 = new HMACSHA1(keyBytes)) { var Hashed = SHA1.ComputeHash(messageBytes); Sha1Result = Convert.ToBase64String(Hashed); } return Sha1Result; }
GetSignatureBaseString
public static string GetSignatureBaseString(string TimeStamp, string Nonce) { //1.Convert the HTTP Method to uppercase and set the output string equal to this value. string Signature_Base_String = "Get"; Signature_Base_String = Signature_Base_String.ToUpper(); //2.Append the '&' character to the output string. Signature_Base_String = Signature_Base_String + "&"; //3.Percent encode the URL and append it to the output string. string PercentEncodedURL = Uri.EscapeDataString(GetAppleApiUrl.GetUrl(AppleApiUrl.SESSION_TOKEN)); Signature_Base_String = Signature_Base_String + PercentEncodedURL; //4.Append the '&' character to the output string. Signature_Base_String = Signature_Base_String + "&"; //5.append parameter string to the output string. Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("oauth_consumer_key=" + Settings.SettingsManager.consumer_key); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_token=" + Settings.SettingsManager.access_token); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_signature_method=" +"HMAC-SHA1"); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_timestamp=" + TimeStamp); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_nonce=" + Nonce); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_version=" + "1.0"); return Signature_Base_String; }
结果(提琴手)
API文件
看起来您应该在Header字符串和GetSignatureBaseString方法中按字母顺序对参数进行排序,如本评论和Twitter OAuth文档中所述