一个小问题，关于twitter的oauth

0 0

一个小问题，关于twitter的oauth

fb，微博都用oauth2.0，偏偏twitter非要搞1.0的，真是麻烦
我用php写了一个oauth1.0的后台，运行的时候总是回复‘invaild token and signature’
我检查的signature的算法，没错啊，于是我就把twitterapi上面的实例拿来test，返回的结果还是这样。。。我郁闷啊。。。下面是用twitterapi上的实例做的test代码：

  <?php
  

  $url = "https://api.twitter.com/oauth/request_token";
  

  $consumer_secret="L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg";
  

  $consumer_key="cChZNFj6T5R0TigYB9yd1w";
  

  $timestamp=1318467427;
  

  $signature_method="HMAC-SHA1";
  

  $callback = "http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F";
  

  $nonce = "ea9ec8429b68d6b77cd5600adbbb0456";
  

  $version = "1.0";
  

  $signature = "F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D";
  

  //buildheadString
  

  $h = array("Authorization:OAuth oauth_callback=\"${callback}\", oauth_consumer_key=\"${consumer_key}\", oauth_nouce=\"${nouce}\", oauth_signature=\"${signature}\", oauth_signature_method=\"${signature_method}\", oauth_timestamp=\"${timestamp}\", oauth_version=\"${version}\"");
  

  //post
  

  $ch = curl_init();
  

  curl_setopt($ch, CURLOPT_URL, $url);
  

  curl_setopt($ch, CURLOPT_POST, true);
  

  curl_setopt($ch, CURLOPT_HEADER, false);
  

  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  

  curl_setopt($ch,CURLOPT_HTTPHEADER,$h);
  

  $data = curl_exec($ch);
  

  if ($data === false) {
  

  header('HTTP/1.1 400 Bad Request');
  

  exit;
  

  } else {
  

  

  echo $data;
  

  }
  

  ?>

附：本人php的水平不怎么样，都是看着用户手册写的。。。菜鸟中的菜鸟，各位高手海涵
改了timestamp好像也没用啊。。。

  <?php
  

  //readQuery
  

  $url="https://api.twitter.com/oauth/request_token";
  

  //echo $postParament;
  

  $consumer_secret="L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg";
  

  $consumer_key="cChZNFj6T5R0TigYB9yd1w";
  

  date_default_timezone_set("GMT");
  

  $timestamp=mktime(date('H'),date('i'),date('s'),date('m'),date('d'),date('y'));
  

  //echo $timestamp;
  

  $signature_method="HMAC-SHA1";
  

  if($_POST['signature_method']){
  

  $signature_method=$POST['signature_method'];
  

  }
  

  $callback = "http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F";
  

  $chart="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz";
  

  $nonce = substr( str_shuffle($chart),0,42);
  

  $version = "1.0";
  

  //build baseString
  

  $baseString = "oauth_callback=${callback}&oauth_consumer_key=${consumer_key}&oauth_nonce=${nonce}&oauth_signature_method=${signature_method}&oauth_timestamp=${timestamp}&oauth_version=${version}";
  

  $baseString = rawurlencode($baseString);
  

  $eurl = rawurlencode($url);
  

  $baseString = "POST&${eurl}&${baseString}";
  

  //signature
  

  $s_key = "${consumer_secret}&${token_secret}";
  

  //echo $s_key;
  

  $signature = rawurlencode(base64_encode(hash_hmac("sha1",$baseString,$s_key,true)));
  

  //buildheadString
  

  $h = array();
  

  $h[Authorization]="OAuth oauth_callback=\"${callback}\",oauth_consumer_key=\"${consumer_key}\",oauth_nouce=\"${nonce}\",oauth_signature=\"${signature}\",oauth_signature_method=\"${signature_method}\",oauth_timestamp=\"${timestamp}\",oauth_version=\"${version}\"";
  

  //post
  

  echo date("H:i:s \e\= e \T\= T \z\= Z");
  

  $ch = curl_init();
  

  curl_setopt($ch, CURLOPT_URL, $url);
  

  curl_setopt($ch, CURLOPT_POST, true);
  

  curl_setopt($ch, CURLOPT_HEADER, false);
  

  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  

  curl_setopt($ch,CURLOPT_HTTPHEADER,$h);
  

  $data = curl_exec($ch);
  

  if ($data === false) {
  

  header('HTTP/1.1 400 Bad Request');
  

  exit;
  

  } else {
  

  echo $data;
  

  }
  

  ?>

twitter php

13 years, 8 months ago

xusiji

xusiji 13 years, 8 months ago

唉，发现nonce的长度错了
应该是32的，我以为文档上说随机的base64 32byte是32个字符转换之后的
把16句改了，返回‘oauth/request_token Destop app should only callback'oob'’

answered 13 years, 8 months ago

Mr.Hao

Mr.Hao answered 13 years, 8 months ago