Ruby API请求中的Yahoo Oauth - 签名无效
[英]Yahoo Oauth in Ruby API Request - Signature Invalid
问题描述
I have already successfully gotten the access token and access secret. 
我已经成功获得了访问令牌和访问权限。 Now I'm trying to make an API request with the OAuth information. 现在我正在尝试使用OAuth信息发出API请求。
I'm following alongside the yahoo docs (not very helpful): https://developer.yahoo.com/oauth/guide/oauth-make-request.html https://developer.yahoo.com/oauth/guide/oauth-signing.html 我跟随雅虎文档(不是很有帮助): https : //developer.yahoo.com/oauth/guide/oauth-make-request.html https://developer.yahoo.com/oauth/guide/oauth -signing.html
Also, I'm trying to follow this example closely: https://gist.github.com/cheenu/1469815 另外,我试图密切关注这个例子: https : //gist.github.com/cheenu/1469815
Here is the code: (I split up the long url for convenience) 这是代码:(为方便起见我拆分了长网址)
require 'cgi'
require 'base64'
require 'openssl'
url = "http://fantasysports.yahooapis.com/fantasy/v2/game/nfl"
parameters = "format=json
&realm=yahooapis.com
&oauth_consumer_key=#{Rails.application.secrets.yhoo_consumer_key}
&oauth_nonce=#{SecureRandom.hex}
&oauth_signature_method=HMAC-SHA1
&oauth_timestamp=#{Time.now.to_i}
&oauth_token=#{ApiVar.final_oauth_token} #the access token
&oauth_version=1.0"
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters)
oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', ApiVar.final_oauth_secret + "&", base_string)}").chomp)
#ApiVar.final_oauth_secret is the access token secret - is that what I should be putting there?
testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature
p testable_url
response = HTTParty.get(testable_url)
My response gives me "signature_invalid." 我的回复给了我“signature_invalid”。
What am I doing wrong? 我究竟做错了什么?
Thank you! 谢谢!
2 个解决方案
解决方案1
3 已采纳 2014-08-20 00:17:31
url = "http://fantasysports.yahooapis.com/fantasy/v2/league/{league-key}/players"
parameters = "format=json&oauth_consumer_key=#{Rails.application.secrets.yhoo_consumer_key}&oauth_nonce=#{SecureRandom.hex}&oauth_signature_method=HMAC-SHA1&oauth_timestamp=#{Time.now.to_i}&oauth_token=#{ApiVar.final_oauth_token}&oauth_version=1.0&realm=yahooapis.com"
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(parameters)
secret = "#{Rails.application.secrets.yhoo_consumer_secret}&#{ApiVar.final_oauth_secret}"
oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', secret, base_string)}").chomp)
testable_url = url + '?' + parameters + '&oauth_signature=' + oauth_signature
p testable_url
response = HTTParty.get(testable_url)
#{Rails.application.secrets.yhoo_consumer_secret}&#{ApiVar.final_oauth_secret}" - correct secret key
The parameters have to be ordered alphabetically! 参数必须按字母顺序排序! Also, the secret key is the yahoo consumer secret plus the final oauth secret! 此外,秘密密钥是雅虎消费者秘密加上最后的oauth秘密!
解决方案2
0 2014-08-19 23:34:20
The first thing that I can see as problematic is that the paremeters have a lot of whitespace that you do not want. 我可以看到第一件有问题的事情是, 参数有很多你不想要的空白。 Try the following instead: 请尝试以下方法:
parameters = "format=json" +
"&realm=yahooapis.com" +
"&oauth_consumer_key=#{Rails.application.secrets.yhoo_consumer_key}" +
"&oauth_nonce=#{SecureRandom.hex}" +
"&oauth_signature_method=HMAC-SHA1" +
"&oauth_timestamp=#{Time.now.to_i}" +
"&oauth_token=#{ApiVar.final_oauth_token}" +
"&oauth_version=1.0"
The other issue is that I do not believe your secret key needs the ampersand symbol added to it when you're creating the signature: 另一个问题是,当您创建签名时,我不相信您的密钥需要添加&符号:
oauth_signature = CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', ApiVar.final_oauth_secret, base_string)}").chomp)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.