电子交易:请求访问令牌,我得到签名无效
[英]E-trade: requesting access token, I get signature invalid
问题描述
1st.
第一个。 step, getting url to verify, and verifier is ok.步骤,获取url进行验证,验证者ok。
Using the same method that in the request_token to sign the request, I get "unauthorized", "oauth_problem = signature invalid".使用与 request_token 中相同的方法对请求进行签名,我得到“未经授权”、“oauth_problem = signature invalid”。
I verify the code letter by letter, and I can't find the problem.我逐字验证代码,我找不到问题。
- step, request token -> OK步骤,请求令牌 -> 确定
- Get verifier code in the url -> OK在 url 中获取验证码 -> OK
- Generating the access_token, signature invalid.生成access_token,签名无效。
I had serveral functions, but I put the code readable in a single function to find the problem:我有几个函数,但我把可读的代码放在一个 function 中以找到问题:
public void GetAccessToken(string oauthVerifier)
{
IRestResponse response;
RestClient client = new RestClient(apiURI);
string timeStamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();
string atNonce = Guid.NewGuid().ToString();
RestRequest request = new RestRequest(GET_ACCESS_TOKEN_URL, Method.GET);
request.AddParameter("oauth_consumer_key", consumerKey);
request.AddParameter("oauth_timestamp", timeStamp);
request.AddParameter("oauth_nonce", atNonce);
request.AddParameter("oauth_signature_method", SIGNATURE_METHOD);
request.AddParameter("oauth_signature", "");
request.AddParameter("oauth_token", token);
request.AddParameter("oauth_verifier", oauthVerifier);
//var parameters = new SortedDictionary<string, string>();
var parameters = new SortedDictionary<string, string>
{
{"oauth_consumer_key", consumerKey},
{"oauth_timestamp", timeStamp},
{"oauth_nonce", atNonce},
{"oauth_signature_method", SIGNATURE_METHOD},
{ "oauth_token", token },
{ "oauth_verifier", oauthVerifier }
};
var sb = new StringBuilder();
sb.Append("GET");
sb.Append("&" + WebUtility.UrlEncode(apiURI + GET_ACCESS_TOKEN_URL));
sb.Append("&" + WebUtility.UrlEncode(NormalizeParameters(parameters)));
var signatureBase = sb.ToString();
var signatureKey = string.Format("{0}&{1}", WebUtility.UrlEncode(consumerSecret), WebUtility.UrlEncode(tokenSecret));
var hmac = new HMACSHA1(Encoding.ASCII.GetBytes(signatureKey));
string signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.ASCII.GetBytes(signatureBase)));
request.Parameters[4].Value = signature;
response = client.Execute(request);
}
The response variable get "unauthorized" because the "signature_invalid".响应变量因为“signature_invalid”而“未经授权”。
Any help is welcome, thank you in advance!欢迎任何帮助,在此先感谢您!
Update 1更新 1
Oauth documentation says that the signature have to be urlencoded too, then I after convert it to base 64 string, I urlencode it too: Oauth 文档说签名也必须进行 urlencoded,然后我将其转换为 base 64 字符串后,我也对其进行 urlencode:
request.Parameters[4].Value = WebUtility.UrlEncode(signature);
Whatever, still returning "signature invalid".无论如何,仍然返回“签名无效”。
Some light from the sky there?那里有来自天上的光? Thank you!谢谢!
2 个解决方案
解决方案1
0 2020-06-14 03:19:21
also review this header from E-Trade link, I might have missed out some specifics还从 E-Trade 链接查看这个 header,我可能错过了一些细节
Authorization: OAuth oauth_nonce="0bba225a40d1bbac2430aa0c6163ce44",oauth_timestamp="1344885636",oauth_consumer_key="c5bb4dcb7bd6826c7c4340df3f791188",oauth_token="VbiNYl63EejjlKdQM6FeENzcnrLACrZ2JYD6NQROfVI%3D",oauth_signature="%2FXiv96DzZabnUG2bzPZIH2RARHM%3D",oauth_signature_method="HMAC-SHA1"
`public void GetAccessToken(string oauthVerifier) { IRestResponse response; `public void GetAccessToken(string oauthVerifier) { IRestResponse 响应;
RestClient client = new RestClient(apiURI);
string timeStamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();
string atNonce = Guid.NewGuid().ToString();
RestRequest request = new RestRequest(GET_ACCESS_TOKEN_URL, Method.GET);
var parameters = new SortedDictionary<string, string>
{
{"oauth_consumer_key", consumerKey},
{"oauth_timestamp", timeStamp},
{"oauth_nonce", atNonce},
{"oauth_signature_method", SIGNATURE_METHOD},
{"oauth_token", token },
{"oauth_verifier", oauthVerifier }
};
var sb = new StringBuilder();
sb.Append("GET");
sb.Append("&" + WebUtility.UrlEncode(apiURI + GET_ACCESS_TOKEN_URL));
//does NormalizeParameters seperate by "&"
sb.Append("&" + WebUtility.UrlEncode(NormalizeParameters(parameters)));
var signatureBase = sb.ToString();
var signatureKey = string.Format("{0}&{1}", WebUtility.UrlEncode(consumerSecret), WebUtility.UrlEncode(tokenSecret));
var hmac = new HMACSHA1(Encoding.ASCII.GetBytes(signatureKey));
string signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.ASCII.GetBytes(signatureBase)));
//encode signature
signature = "oauth_signature=\"" + WebUtility.UrlEncode(signature) + "\""
//TODO: generate header_string seperated by ","
request.AddHeader("Authorization",$"OAuth {<<header_string>>},{signature}");
response = client.Execute(request);
}`
解决方案2
0 2020-06-15 16:31:44
Are you using the sandbox or live?你是用沙盒还是直播?
Getting it working in the sandbox first is a good step.首先让它在沙箱中工作是一个很好的步骤。
After that, you have to get the key from e-trade.之后,您必须从 e-trade 中获取密钥。
Also, I believe there are sites that will validate your oauth signature that would give you a more informative error.此外,我相信有些网站会验证您的 oauth 签名,这会给您提供更多信息的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.