为什么我的 Twitter oAuth 请求不起作用？ | Curl，接头

Question

    $callbackUrl = urlencode(self::CALLBACK_URL);

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,"https://api.twitter.com/oauth/request_token");
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, [
        'oauth_callback' => $callbackUrl,
        'oauth_consumer_key' => self::TWITTER_API_KEY
    ]);
    $timestamp = date("U"); // UTC UNIX time
    $oauth_nonce = preg_replace( '/[\W]/', '', base64_encode($timestamp));
    $headers = [
        "Authorization: OAuth oauth_consumer_key=\"".self::TWITTER_API_KEY."\"",
        "oauth_nonce: \"$oauth_nonce\"",
        "oauth_signature: \"oauth_signature\"",
        "oauth_signature_method: \"HMAC-SHA1\"",
        "oauth_timestamp: \"$timestamp\"",
        "oauth_version: \"1.0\"",
    ];
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    curl_setopt($ch, CURLOPT_STDERR, $fp);
    curl_setopt($ch, CURLINFO_HEADER_OUT , true);
    $curlResult = curl_exec($ch);
    if (curl_errno($ch)) {
        echo 'Curl Request Error:' . curl_error($ch);
        throw new CHttpException(404,'ERROR');
    }
    curl_close ($ch);

The Twitter Result: {"errors":[{"code":215,"message":"Bad Authentication data."}]}

Request:

    [url] => https://api.twitter.com/oauth/request_token
[content_type] => application/json; charset=utf-8
[http_code] => 400
[header_size] => 1395
[request_size] => 429
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.250341
[namelookup_time] => 0.028679
[connect_time] => 0.044366
[pretransfer_time] => 0.093077
[size_upload] => 344
[size_download] => 62
[speed_download] => 247
[speed_upload] => 1374
[download_content_length] => 62
[upload_content_length] => 344
[starttransfer_time] => 0.115261
[redirect_time] => 0
[redirect_url] => 0
[primary_ip] => 104.244.42.2
[certinfo] => Array
    (
    )

[primary_port] => 443
[local_ip] => 192.168.208.2
[local_port] => 48502
[request_header] => POST /oauth/request_token HTTP/1.1

I did everything like the Twitter Documentation but it returns 215. I think the Problem is on the headers part but i don't know what is wrong there.

I generated the nonce with random base64 Stuff like Twitter said that in there Documentation. The Time looks similar to the example Time from Twitter. I saw when the Time is 5 minutens above twitters the Request gets blocked. Is that the same Error Code then?

Answer 1

As per documentation , Authorization header should contains all the data. Your Authorization header contains only OAuth oauth_consumer_key .

Your actual header (bad format, because, for example, 'oauth' is an entry of the headers, but should be a property of Authorization - see below).

Authorization: OAuth oauth_consumer_key='xxx'
oauth_nonce: 'MTY0MzIwNjg5NQ'
oauth_signature: 'oauth_signature'
oauth_signature_method: 'HMAC-SHA1'
oauth_timestamp: '1643206895'
oauth_version: '1.0'

you should have

Authorization: OAuth oauth_consumer_key='xxx', oauth_nonce="MTY0MzIwNjg5NQ", oauth_signature="oauth_signature", ...

You need to concat all data in one string . But you could create an array to help to build it. Here is an example:

$authParams = implode(', ', [
    'oauth_consumer_key="' . self::TWITTER_API_KEY . '"',
    'oauth_nonce="' . $oauth_nonce . '"',
    'oauth_signature="oauth_signature"',
    'oauth_signature_method="HMAC-SHA1"',
    'oauth_timestamp="' . $timestamp . '"',
    'oauth_version="1.0"',
]);

$headers = [
    "Authorization: OAuth $authParams"
];
var_dump($headers);

Outputs something like:

array(1) {
  [0]=>
  string(197) "Authorization: OAuth oauth_consumer_key="xxx", oauth_nonce="MTY0MzIwNjg2MA", oauth_signature="oauth_signature", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1643206860", oauth_version="1.0""
}