为什么此twitter oauth API令牌请求失败
[注意:下面所有oauth令牌/机密都是随机创建的;它们是 不是我真正的代币/秘密]为什么此twitter oauth API令牌请求失败,oauth,Oauth,[注意:下面所有oauth令牌/机密都是随机创建的;它们是 不是我真正的代币/秘密] curl-o/tmp/test.txt'https://api.twitter.com/oauth/request_token? oauth_时间戳=1345141469& 消费者密钥=UEIUyoBjBRomdvrVcUTn和oauth访问令牌密钥=YEPIEKSDFDYAOGSCIJMCAZCSFSBFLYKJSEYAVBUJEO和oauth访问令牌密钥=47849378%2DRZMWutyQGYPBLS
curl-o/tmp/test.txt'https://api.twitter.com/oauth/request_token?
oauth_时间戳=1345141469&
消费者密钥=UEIUyoBjBRomdvrVcUTn和oauth访问令牌密钥=YEPIEKSDFDYAOGSCIJMCAZCSFSBFLYKJSEYAVBUJEO和oauth访问令牌密钥=47849378%2DRZMWutyQGYPBLSQUOZUSGDDKVVRKJKOKSFIKNZC和oauth密钥=1345141469&
消费者_secret=ruoezmyraapkmxqypxnltougnmaqbfquepprlw&
oauth_版本=1%2e0&
oauth_签名方法=HMAC%2dSHA1&oauth_签名=H0KLECZNAAZ%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM'
[为了清晰起见,我添加了新行;实际命令是一行]
假设所有其他数据都有效,为什么上面的命令会让步
“验证oauth签名和令牌失败”(即使我使用
真实数据
特别是我的签名
“H0KLECZNAAZ%2bXoyrPRiUs37X3Zz%2bAcabMa5M4oDLkM”无效,还是我
做一些根本错误的事情
我用来生成这个的程序:
#!/bin/perl
use Digest::SHA;
%twitter_auth_hash = (
"oauth_access_token" => "47849378-rZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC",
"oauth_access_token_secret" => "YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO",
"consumer_key" => "UEIUyoBjBRomdvrVcUTn",
"consumer_secret" => "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW"
);
# if uncommented, pull my actual data
# require "bc-private.pl";
$twitter_auth_hash{"oauth_signature_method"} = "HMAC-SHA1";
$twitter_auth_hash{"oauth_version"} = "1.0";
$twitter_auth_hash{"oauth_timestamp"} = time();
$twitter_auth_hash{"oauth_nonce"} = time();
for $i (keys %twitter_auth_hash) {
push(@str,"$i=".urlencode($twitter_auth_hash{$i}));
}
$str = join("&",@str);
# thing to sign
$url = "GET $str";
# signing it
$sig = urlencode(Digest::SHA::hmac_sha256_base64($url, "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO"));
# full URL incl sig
$furl = "https://api.twitter.com/oauth/request_token?$str&oauth_signature=$sig";
# system("curl -o /tmp/testing.txt '$furl'");
print "FURL: $furl\n";
print "STR: $str\n";
print "SIG: $sig\n";
sub urlencode {
my($str) = @_;
$str=~s/([^a-zA-Z0-9])/"%".unpack("H2",$1)/iseg;
$str=~s/ /\+/isg;
return $str;
}
#!/bin/perl
使用摘要::SHA;
%twitter\u auth\u hash=(
“oauth_access_token”=>“47849378 rZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC”,
“oauth_access_token_secret”=>“Yepieksdfdyaogscijmcazcsfsfblykjseyaavbujeo”,
“消费者密钥”=>“UEIUyoBjBRomdvrVcUTn”,
“消费者机密”=>“Ruoezmyraapkmxqypxnltougnmaqbgfquepprlw”
);
#如果未注释,则提取我的实际数据
#需要“bc private.pl”;
$twitter\u auth\u hash{“oauth\u签名\u方法”}=“HMAC-SHA1”;
$twitter\u auth\u hash{“oauth\u版本”}=“1.0”;
$twitter_auth_hash{“oauth_timestamp”}=time();
$twitter_auth_hash{“oauth_nonce”}=time();
对于$i(关键字%twitter\u auth\u hash){
push(@str,“$i=“.urlencode($twitter_auth_hash{$i}));
}
$str=join(“&”,@str);
#要签字的东西
$url=“获取$str”;
#签字
$sig=urlencode(摘要::SHA::hmac_sha256_base64($url,“ruoezmyraapkmxqypxnltougnmaqbgfquepprlw&yepieksdfdyaogscijmcazcsfflykjseyaavbujeo”);
#完整URL包括sig
$furl=”https://api.twitter.com/oauth/request_token?$str&oauth_签名=$sig”;
#系统(“curl-o/tmp/testing.txt'$furl'”;
打印“FURL:$FURL\n”;
打印“STR:$STR\n”;
打印“SIG:$SIG\n”;
子URL编码{
我的($str)=@;
$str=~s/([^a-zA-Z0-9])/“%”。解包(“H2”,$1)/iseg;
$str=~s/\+/isg;
返回$str;
}
注意:我意识到还有很多其他可能的原因导致这一失败,
但现在的问题是:我是否正确发送了参数
我正确计算签名 Twitter要求你做一个测试 #!/bin/perl use Digest::SHA; %twitter_auth_hash = ( "oauth_access_token" => "47849378-rZlzmwutYqGypbLsQUoZUsGdDkVVRkjkOkSfikNZC", "oauth_access_token_secret" => "YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO", "consumer_key" => "UEIUyoBjBRomdvrVcUTn", "consumer_secret" => "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW" ); # if uncommented, pull my actual data # require "bc-private.pl"; $twitter_auth_hash{"oauth_signature_method"} = "HMAC-SHA1"; $twitter_auth_hash{"oauth_version"} = "1.0"; $twitter_auth_hash{"oauth_timestamp"} = time(); $twitter_auth_hash{"oauth_nonce"} = time(); for $i (keys %twitter_auth_hash) { push(@str,"$i=".urlencode($twitter_auth_hash{$i})); } $str = join("&",@str); # thing to sign $url = "GET $str"; # signing it $sig = urlencode(Digest::SHA::hmac_sha256_base64($url, "rUOeZMYraAapKmXqYpxNLTOuGNmAQbGFqUEpPRlW&YePiEkSDFdYAOgscijMCazcSfBflykjsEyaaVbuJeO")); # full URL incl sig $furl = "https://api.twitter.com/oauth/request_token?$str&oauth_signature=$sig"; # system("curl -o /tmp/testing.txt '$furl'"); print "FURL: $furl\n"; print "STR: $str\n"; print "SIG: $sig\n"; sub urlencode { my($str) = @_; $str=~s/([^a-zA-Z0-9])/"%".unpack("H2",$1)/iseg; $str=~s/ /\+/isg; return $str; }