这里是授权头使用:401响应Twitter的反向权威性
Authorization = "OAuth oauth_consumer_key=\"2D9rLD8Lu23hrchrh4VMBkQ6AZKHYi2yY2oeuoeutcFMdAs\", oauth_nonce=\"-486353546\", oauth_signature="x3NdGnJmBTUAICBRE9C44N8mFd4%3D", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"137663828056\", oauth_version=\"1.0\", x_auth_mode=\"reverse_auth\"";
这里的基本字符串我用:
https://api.twitter.com/oauth/access_token
下面是我从工作twitter documentation:
步骤1:获取特殊请求标记
首先,您使用您的应用程序的 使用者密钥向Twitter请求令牌URL发送HTTPS请求 https://api.twitter.com/oauth/request_token。除了传统的oauth_ *参数 参数外,还必须包含设置为值 reverse_auth的x_auth_mode。
举个例子,考虑下面的值的请求与令牌机密ydC2yUbFaScbSlykO0PmrMjXFeLraSi3Q2HfTOlGxQM签署 :
这里使用的令牌仅用于演示的目的,并不会为你 工作。
oauth_consumer_key JP3PyvG67rXRsnayOJOcQ oauth_nonce 1B7D865D-9E15-4ADD-8165-EF90D7A7D3D2 oauth_signature_method HMAC-SHA1 oauth_timestamp 1322697052 oauth_version 1.0 x_auth_mode reverse_auth 这些参数应导致的签名基本字符串,看起来 像这样:
POST & HTTPS%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token & oauth_consumer_key%3DJP3PyvG67rXRsnayOJOcQ%26oauth_nonce%3D1B7D865D-9E15-4ADD-8165-EF90D7A7D3D2%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1322697052%26oauth_version%3D1.0%26x_auth_mode% 3Dreverse_auth 这个调用应该导致看起来像这样的响应。注意 这个响应实际上看起来像一个OAuth头。
(换行添加为清楚起见):
的OAuth oauth_nonce = “xq2maKtilFhVTC1MSxVC4cQIJLd53O6w97YmrdOGSk8”, oauth_signature_method = “HMAC-SHA1”,oauth_timestamp = “1322697052”, oauth_consumer_key = “JP3PyvG67rXRsnayOJOcQ”, 组oauth_token =“5mgkU82W0PTA0DLgSIA5vFK6c08i8dXzrbLnX06vl38 ”, oauth_signature = “AOM%2FwW2kAowAeHBRvw7faH245p0%3D”, oauth_version = “1.0”
编辑:我STIL我得到401
。我用下面的代码来生成oauth_signature
,所以现在我的Authorization头看起来是这样的:OAuth oauth_timestamp="1376639141", oauth_nonce="BB2D2634F3-99A5-4B64-8CB34E-2314CE9E4FD7", oauth_version="1.0", oauth_consumer_key="mrcD8LuSNKJKFAchKHYi2yY2qwh5tcFMdAs", oauth_signature_method="HMAC-SHA1", oauth_signature="moer8H7xzluAdoAAAFZpv6n4noeu%3D"
NSString *OAuthorizationHeader(NSURL *url, NSString *method, NSData *body, NSString *_oAuthConsumerKey, NSString *_oAuthConsumerSecret, NSString *_oAuthToken, NSString *_oAuthTokenSecret)
{
NSString *_oAuthNonce = [NSString ab_GUID];
NSString *_oAuthTimestamp = [NSString stringWithFormat:@"%d", (int)[[NSDate date] timeIntervalSince1970]];
NSString *_oAuthSignatureMethod = @"HMAC-SHA1";
NSString *_oAuthVersion = @"1.0";
NSMutableDictionary *oAuthAuthorizationParameters = [NSMutableDictionary dictionary];
oAuthAuthorizationParameters[@"oauth_nonce"] = _oAuthNonce;
oAuthAuthorizationParameters[@"oauth_timestamp"] = _oAuthTimestamp;
oAuthAuthorizationParameters[@"oauth_signature_method"] = _oAuthSignatureMethod;
oAuthAuthorizationParameters[@"oauth_version"] = _oAuthVersion;
oAuthAuthorizationParameters[@"oauth_consumer_key"] = _oAuthConsumerKey;
if(_oAuthToken)
oAuthAuthorizationParameters[@"oauth_token"] = _oAuthToken;
// get query and body parameters
NSDictionary *additionalQueryParameters = [NSURL ab_parseURLQueryString:[url query]];
NSDictionary *additionalBodyParameters = nil;
if(body) {
NSString *string = [[[NSString alloc] initWithData:body encoding:NSUTF8StringEncoding] autorelease];
if(string) {
additionalBodyParameters = [NSURL ab_parseURLQueryString:string];
}
}
// combine all parameters
NSMutableDictionary *parameters = [[oAuthAuthorizationParameters mutableCopy] autorelease];
if(additionalQueryParameters) [parameters addEntriesFromDictionary:additionalQueryParameters];
if(additionalBodyParameters) [parameters addEntriesFromDictionary:additionalBodyParameters];
// -> UTF-8 -> RFC3986
NSMutableDictionary *encodedParameters = [NSMutableDictionary dictionary];
for(NSString *key in parameters) {
NSString *value = parameters[key];
encodedParameters[[key ab_RFC3986EncodedString]] = [value ab_RFC3986EncodedString];
}
NSArray *sortedKeys = [[encodedParameters allKeys] sortedArrayUsingFunction:SortParameter context:encodedParameters];
NSMutableArray *parameterArray = [NSMutableArray array];
for(NSString *key in sortedKeys) {
[parameterArray addObject:[NSString stringWithFormat:@"%@=%@", key, encodedParameters[key]]];
}
NSString *normalizedParameterString = [parameterArray componentsJoinedByString:@"&"];
NSString *normalizedURLString = [NSString stringWithFormat:@"%@://%@%@", [url scheme], [url host], [url path]];
NSString *signatureBaseString = [NSString stringWithFormat:@"%@&%@&%@",
[method ab_RFC3986EncodedString],
[normalizedURLString ab_RFC3986EncodedString],
[normalizedParameterString ab_RFC3986EncodedString]];
NSString *key = [NSString stringWithFormat:@"%@&%@",
[_oAuthConsumerSecret ab_RFC3986EncodedString],
(_oAuthTokenSecret) ? [_oAuthTokenSecret ab_RFC3986EncodedString] : @""];
NSData *signature = HMAC_SHA1(signatureBaseString, key);
NSString *base64Signature = [signature base64EncodedString];
NSMutableDictionary *authorizationHeaderDictionary = [[oAuthAuthorizationParameters mutableCopy] autorelease];
authorizationHeaderDictionary[@"oauth_signature"] = base64Signature;
NSMutableArray *authorizationHeaderItems = [NSMutableArray array];
for(NSString *key in authorizationHeaderDictionary) {
NSString *value = authorizationHeaderDictionary[key];
[authorizationHeaderItems addObject:[NSString stringWithFormat:@"%@=\"%@\"",
[key ab_RFC3986EncodedString],
[value ab_RFC3986EncodedString]]];
}
NSString *authorizationHeaderString = [authorizationHeaderItems componentsJoinedByString:@", "];
authorizationHeaderString = [NSString stringWithFormat:@"OAuth %@", authorizationHeaderString];
return authorizationHeaderString;
}
我通过这个方法的参数是 url
:https://api.twitter.com/oauth/request_token,method
:POST,body
:无,oAuthConsumerToken
:我的钥匙,oAuthConsumerSecret
:我的秘密,oAuthToken
:无,oAuthTokenSecret
:无。
编辑我想这oauth test console来验证我正确生成OAuth的签名,但现在看来,我需要会员的令牌和秘密:
看来我并不需要授权标头中的'oauth_signature'。看起来这应该是回应的一部分。 –
该文档声明您应该'在尝试使用端点之前熟悉签名过程',这表明您的初始请求仍需要签名。另外,如果您不打算签署请求,您为什么会生成签名基本字符串? –
谢谢,我添加了它,并且仍然得到了401。我正在写我在问题结束时如何生成签名。 –