PHP Oauth无效的签名问题
[英]PHP Oauth Invalid signature issue
问题描述
I am trying to start with OAuth 1.0 in PHP and I faced weird problem. 
我试图从PHP开始使用OAuth 1.0,我遇到了奇怪的问题。 I created pseudo-Consumer which generates signature according to specification and sends it with used parameters via POST to Provider. 我创建了伪消费者,它根据规范生成签名,并通过POST将其与使用过的参数一起发送给Provider。 Consumer uses: 消费者用途:
$oauth_consumer_key = '123';
$oauth_consumer_secret = '456';
$oauth_signature_method = 'HMAC-SHA1';
$oauth_timestamp = time();
$oauth_nonce = uniqid();
$oauth_version = '1.0';
$oauth_callback = 'http://localhost/oauth/callback';
$oauth = new OAuth($oauth_consumer_key, $oauth_consumer_secret);
$oauth->enableDebug();
$oauth_signature = $oauth->generateSignature('POST', $oauth_callback, array($oauth_consumer_key, $oauth_signature_method, $oauth_timestamp, $oauth_nonce, $oauth_version));
On Providers side everything seems to work as intended. 在供应商方面,一切似乎都按预期工作。 All values are received: 收到所有价值:
object(OAuthProvider)[1]
public 'consumer_key' => string '123' (length=3)
public 'consumer_secret' => string '456' (length=3)
public 'nonce' => string '5390610001c90' (length=13)
public 'token' => null
public 'token_secret' => null
public 'timestamp' => string '1401970944' (length=10)
public 'version' => string '1.0' (length=3)
public 'signature_method' => string 'HMAC-SHA1' (length=9)
public 'callback' => string 'http://localhost/oauth/callback' (length=31)
public 'request_token_endpoint' => boolean true
public 'signature' => string '8lNbnGTOen4TEOHS9KcpgCiBl+M=' (length=28)
But this is the end of honeymoon - attempt to verify signature causes error: signature_invalid . 但这是蜜月的结束 - 尝试验证签名原因错误: signature_invalid 。 This is what I used on Providers side: 这是我在提供商方面使用的:
$provider = new OAuthProvider();
$provider->isRequestTokenEndpoint(true);
$provider->consumerHandler('lookupConsumer');
$provider->timestampNonceHandler('timestampNonceChecker');
try
{
$request_verified = $provider->checkOAuthRequest();
}
catch(OAuthException $e)
{
echo $provider->reportProblem($e);
}
and what I receive as an problem report: 以及我收到的问题报告:
oauth_problem=signature_invalid&debug_sbs=POST&http%3A%2F%2Flocalhost%2Foauth%2Fcustom_auth%2Frequest_token.php&oauth_callback%3Dhttp%253A%252F%252Flocalhost%252Foauth%252Fcallback%26oauth_consumer_key%3D123%26oauth_nonce%3D5390610001c90%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1401970944%26oauth_version%3D1.0
As an addition what baffles me is that when I use generateSignature for the same constant parameters (for debugging I set timestamp and nonce to constant values) it gives me every time different value like if there still was some random element I am not aware of. 令我感到困惑的是,当我使用generateSignature作为相同的常量参数时(对于调试我将时间戳和随机数设置为常量值),它每次都给我不同的值,就像是否还有一些我不知道的随机元素。 As a validation sample - hash_hmac does not have such issue. 作为验证样本 - hash_hmac没有这样的问题。
Am I missing something or is there a problem with official PHP OAuth implementation ( http://pecl.php.net/package/oauth )? 我错过了某些东西,或者官方PHP OAuth实现是否存在问题( http://pecl.php.net/package/oauth )?
1 个解决方案
解决方案1
1 2016-01-29 22:08:07
I have been scratching my head with this exact question for almost a week now because of lack of documentation but this is what solved everything for me. 由于缺乏文档,我现在已经用这个确切的问题摸不着头脑了近一个星期但是这就解决了我的一切。
It seems the OAuth class does its own request signing. 似乎OAuth类自己的请求签名。 I had done the exact same steps as you to no avail but once I removed all the parameters and just called fetch/getRequestToken on my url it all worked. 我完成了与你完全相同的步骤但没有用,但是一旦我删除了所有参数,只是在我的网址上调用了fetch / getRequestToken就可以了。
My code that works 我的代码有效
$consumer_key = 'key';
$consumer_secret = 'secret';
$request_token_url = 'http://someurl.com/oauth/request-token';
$oauth = new OAuth($consumer_key, $consumer_secret);
$oauth->enableDebug(); //helpful debug
try {
$oauth->getRequestToken($request_token_url);
} catch (OAuthException $e) {
echo OAuthProvider::reportProblem($e); //easier to debug oauth exceptions
}
//this should hold the `request_token` and `request_token_secret` parameters for you to call getAccessToken
$response = json_decode($oauth->getLastResponse());
I have my own provider set up at http://someurl.com/oauth/request-token that looks like: 我在http://someurl.com/oauth/request-token上设置了自己的提供程序,如下所示:
$provider = new OAuthProvider();
$provider->consumerHandler(array($this,'consumerHandler'));
$provider->timestampNonceHandler(array($this,'timestampNonceHandler'));
$provider->tokenHandler(array($this,'tokenHandler'));
$provider->setRequestTokenPath('/oauth/request-token');
try {
$request_verified = $provider->checkOAuthRequest();
} catch(OAuthException $e) {
echo $provider->reportProblem($e);
}
//provider now holds all the required timestamp, nonce, and signature
I hope this helps, even though it's a year after 我希望这有所帮助,即使它是一年之后
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.