Twitter Oauth URL编码不一致?
[英]Twitter Oauth URL encoding inconsistencies?
问题描述
I'm reading the walkthrough at http://dev.twitter.com/pages/auth but there seem to be an inconsistency in encoding the callback URL. 
我正在http://dev.twitter.com/pages/auth上阅读演练,但是在对回调URL进行编码时似乎不一致。 The callback is listed as: 回调列为:
oauth_callback - http://localhost:3005/the_dance/process_callback?service_provider_id=11 oauth_callback- http:// localhost:3005 / the_dance / process_callback?service_provider_id = 11
The signature base string is listed as: 签名基本字符串列出为:
POST&...oauth_callback%3D http%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11 %26oauth_consumer_key%3D... POST&... oauth_callback%3D http%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11 %26oauth_consumer_key%3D ...
The callback appears to be double encoded here. 回调似乎在这里是双重编码的。
The signed Authorization header is listed as: 签名的授权标头列出为:
OAuth oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", oauth_callback=" http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id%3D11 ", ... OAuth oauth_nonce =“ QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqq”“,oauth_callback =” http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id%3D11
Here, the callback appears to be single URL encoded. 在这里,回调似乎是单个URL编码的。 Why aren't they consistent? 他们为什么不一致?
1 个解决方案
解决方案1
6 已采纳 2010-07-20 17:33:50
The encoding is not inconsistent, the URL is just being used in two different situations with two different requirements. 编码不是不一致的,URL只是在两种有两种不同需求的不同情况下使用。
The URL starts off un-encoded in your app. 该网址开始时未在您的应用中进行编码。 The second example you posted is the value that will be passed to the server as a header, so it must be URL-encoded (that's once). 您发布的第二个示例是将作为标头传递到服务器的值,因此它必须经过URL编码(一次)。
The signed Authorization header is listed as: OAuth oauth_nonce="QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk", oauth_callback="http%3A%2F%2Flocalhost%3A3005%2Fthe_dance%2Fprocess_callback%3Fservice_provider_id%3D11", ...
Then, the values of all of the OAuth header parameters must be combined with the other required values to create the base string for signing. 然后,必须将所有OAuth标头参数的值与其他必需的值组合以创建用于签名的基本字符串。 The base string is created from the values as they are passed to the server . 基本字符串是根据将值传递到服务器时创建的 。 So you are taking the value you are passing to the server, your already-encoded URL, and combining it with other values, each of which must be URL encoded, to form a new string separated by & . 因此,您要使用传递给服务器的值(已编码的URL),并将其与其他值(每个值必须进行URL编码)组合起来,以形成一个新字符串,并用&分隔。
You can see why this must be done, as the third section of the base-string contains the query parameters which have values already URL encoded (like the oauth_callback ) and uses & as a separator. 您会看到为什么必须这样做,因为基本字符串的第三部分包含查询参数,这些查询参数的值已经过URL编码(如oauth_callback ),并使用&作为分隔符。 In order to combine this query parameter list (containing & ) into the base string safely (also using & as a separator), it must be URL encoded again before being concatenated. 为了将此查询参数列表(包含& )安全地组合到基本字符串中(也使用&用作分隔符),必须在连接前再次对其进行URL编码。 At this point the oauth_callback has been encoded twice, once on its own, and once as a part of a larger combined value: 此时, oauth_callback已被编码两次,一次被oauth_callback编码,一次被编码为较大组合值的一部分:
The signature base string is listed as: POST&...oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A3005%252Fthe_dance%252Fprocess_callback%253Fservice_provider_id%253D11%26oauth_consumer_key%3D...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.