[英]E-trade: requesting access token, I get signature invalid
第一个。 步骤,获取url进行验证,验证者ok。
使用与 request_token 中相同的方法对请求进行签名,我得到“未经授权”、“oauth_problem = signature invalid”。
我逐字验证代码,我找不到问题。
我有几个函数,但我把可读的代码放在一个 function 中以找到问题:
public void GetAccessToken(string oauthVerifier)
{
IRestResponse response;
RestClient client = new RestClient(apiURI);
string timeStamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();
string atNonce = Guid.NewGuid().ToString();
RestRequest request = new RestRequest(GET_ACCESS_TOKEN_URL, Method.GET);
request.AddParameter("oauth_consumer_key", consumerKey);
request.AddParameter("oauth_timestamp", timeStamp);
request.AddParameter("oauth_nonce", atNonce);
request.AddParameter("oauth_signature_method", SIGNATURE_METHOD);
request.AddParameter("oauth_signature", "");
request.AddParameter("oauth_token", token);
request.AddParameter("oauth_verifier", oauthVerifier);
//var parameters = new SortedDictionary<string, string>();
var parameters = new SortedDictionary<string, string>
{
{"oauth_consumer_key", consumerKey},
{"oauth_timestamp", timeStamp},
{"oauth_nonce", atNonce},
{"oauth_signature_method", SIGNATURE_METHOD},
{ "oauth_token", token },
{ "oauth_verifier", oauthVerifier }
};
var sb = new StringBuilder();
sb.Append("GET");
sb.Append("&" + WebUtility.UrlEncode(apiURI + GET_ACCESS_TOKEN_URL));
sb.Append("&" + WebUtility.UrlEncode(NormalizeParameters(parameters)));
var signatureBase = sb.ToString();
var signatureKey = string.Format("{0}&{1}", WebUtility.UrlEncode(consumerSecret), WebUtility.UrlEncode(tokenSecret));
var hmac = new HMACSHA1(Encoding.ASCII.GetBytes(signatureKey));
string signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.ASCII.GetBytes(signatureBase)));
request.Parameters[4].Value = signature;
response = client.Execute(request);
}
响应变量因为“signature_invalid”而“未经授权”。
欢迎任何帮助,在此先感谢您!
更新 1
Oauth 文档说签名也必须进行 urlencoded,然后我将其转换为 base 64 字符串后,我也对其进行 urlencode:
request.Parameters[4].Value = WebUtility.UrlEncode(signature);
无论如何,仍然返回“签名无效”。
那里有来自天上的光? 谢谢!
还从 E-Trade 链接查看这个 header,我可能错过了一些细节
Authorization: OAuth oauth_nonce="0bba225a40d1bbac2430aa0c6163ce44",oauth_timestamp="1344885636",oauth_consumer_key="c5bb4dcb7bd6826c7c4340df3f791188",oauth_token="VbiNYl63EejjlKdQM6FeENzcnrLACrZ2JYD6NQROfVI%3D",oauth_signature="%2FXiv96DzZabnUG2bzPZIH2RARHM%3D",oauth_signature_method="HMAC-SHA1"
`public void GetAccessToken(string oauthVerifier) { IRestResponse 响应;
RestClient client = new RestClient(apiURI);
string timeStamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();
string atNonce = Guid.NewGuid().ToString();
RestRequest request = new RestRequest(GET_ACCESS_TOKEN_URL, Method.GET);
var parameters = new SortedDictionary<string, string>
{
{"oauth_consumer_key", consumerKey},
{"oauth_timestamp", timeStamp},
{"oauth_nonce", atNonce},
{"oauth_signature_method", SIGNATURE_METHOD},
{"oauth_token", token },
{"oauth_verifier", oauthVerifier }
};
var sb = new StringBuilder();
sb.Append("GET");
sb.Append("&" + WebUtility.UrlEncode(apiURI + GET_ACCESS_TOKEN_URL));
//does NormalizeParameters seperate by "&"
sb.Append("&" + WebUtility.UrlEncode(NormalizeParameters(parameters)));
var signatureBase = sb.ToString();
var signatureKey = string.Format("{0}&{1}", WebUtility.UrlEncode(consumerSecret), WebUtility.UrlEncode(tokenSecret));
var hmac = new HMACSHA1(Encoding.ASCII.GetBytes(signatureKey));
string signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.ASCII.GetBytes(signatureBase)));
//encode signature
signature = "oauth_signature=\"" + WebUtility.UrlEncode(signature) + "\""
//TODO: generate header_string seperated by ","
request.AddHeader("Authorization",$"OAuth {<<header_string>>},{signature}");
response = client.Execute(request);
}`
你是用沙盒还是直播?
首先让它在沙箱中工作是一个很好的步骤。
之后,您必须从 e-trade 中获取密钥。
此外,我相信有些网站会验证您的 oauth 签名,这会给您提供更多信息的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.