[英]How to include query params in the base string signature OAuth1
I need to retrieve some data through the gravity forms API (which is installed as a plugin in a WordPress server).我需要通过重力 forms API(作为插件安装在 WordPress 服务器中)检索一些数据。 I must implement OAuth 1.0.
我必须实现 OAuth 1.0。 Some of the ruby gems available for this type of authentication don't work pretty well for me, so I decided to implement it myself.
一些可用于此类身份验证的 ruby gem 对我来说效果不佳,所以我决定自己实现它。
I'm able to sign the base string if I don't add extra params but once I add them I get the error Invalid signature - provided signature does not match.
如果我不添加额外的参数,我可以对基本字符串进行签名,但是一旦添加它们,我就会收到错误
Invalid signature - provided signature does not match.
My code looks like this:我的代码如下所示:
# This OAUTH implementation works without extra query params.
require 'httparty'
OAUTH_TOKEN = "API customer secret token"
OAUTH_PASSWORD = "API customer key token"
url = 'https://localhost/wp-json/gf/v2/entries'
params = "oauth_consumer_key=#{OAUTH_TOKEN}&oauth_nonce=#{SecureRandom.hex}&oauth_signature_method=HMAC-SHA1&oauth_timestamp=#{Time.now.to_i}&oauth_token=#{OAUTH_PASSWORD}&oauth_version=1.0"
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(params)
secret = "#{OAUTH_PASSWORD}&#{}"
oauth_signature = sign(secret, base_string)
testable_url = url + '?' + params + '&oauth_signature=' + oauth_signature
response = HTTParty.get(testable_url)
def sign( secret, base_string )
CGI.escape(Base64.encode64("#{OpenSSL::HMAC.digest('sha1', secret, base_string)}").chomp)
end
But once I add the query params I need, it crashes.但是一旦我添加了我需要的查询参数,它就会崩溃。
query_params = 'search={"field_filters":[{"key":"'+form['key']+'","value":"'+email+'","operator":"is"},{"key":"source_url","value":"'+form['source_url'].to_s+'","operator":"is"}]}'
I'm updating the base_string to include the query_params then I sign it again and I update the final url我正在更新 base_string 以包含 query_params 然后我再次签名并更新最终的 url
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(query_params) + '&' + CGI.escape(params)
oauth_signature = sign(secret, base_string)
testable_url = url + '?' + query_params + '&' + params + '&oauth_signature=' + oauth_signature
As a result I get the following URL结果我得到以下 URL
"https://localhost/wp-json/gf/v2/entries?search={\"field_filters\":[{\"key\":\"2\",\"value\":\"some@email.com\",\"operator\":\"is\"},{\"key\":\"source_url\",\"value\":\"https://localhost/some_url_i_need/\",\"operator\":\"is\"}]}&oauth_consumer_key=APICUSTOMERSECRET&oauth_nonce=81a6ce4dcabd5ec1059f66ca7ae727e3&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1607594914&oauth_token=APICUSTOMER_TOKEN&oauth_version=1.0&oauth_signature=LIZpR27KNHsw3iWArJjSs%2FsvIek%3D"
Which doesn't work due to the Invalid signature - provided signature does not match.
由于
Invalid signature - provided signature does not match.
error.错误。
As suggested in the documentation and other posts I've read ( https://stackoverflow.com/a/4789210 ), I've sorted the params (basically I added search
param I need at the end of the base string and that didn't solve my issue.正如我读过的文档和其他帖子( https://stackoverflow.com/a/4789210 )中所建议的那样,我已经对参数进行了排序(基本上我在基本字符串的末尾添加了我需要的
search
参数并且没有解决不了我的问题。
Note: It works in Postman, and the URL that Postman generates is pretty much like the one I get with Ruby.注意:它在 Postman 和 Postman 生成的 URL 中工作,与我使用 Z90446A21FC5615BC703DZ 得到的非常相似
One of your issue is that you forgot to escape the ampersand between your query_params
and regular params
:您的问题之一是您忘记转义
query_params
和常规params
之间的 & 符号:
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(query_params) + '&' + CGI.escape(params)
You have to turn that last '&'
into '%26'
or pull the concatenation into the CGI.escape
.您必须将最后一个
'&'
变成'%26'
或将串联拉入CGI.escape
。
base_string = 'GET&' + CGI.escape(url) + '&' + CGI.escape(query_params + '&' + params)
Watch out for empty params
though with this.不过要注意空
params
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.