Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/perl/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Perl 401需要授权:无法验证oauth签名和令牌_Perl_Curl_Twitter_Oauth - Fatal编程技术网
Fatal编程技术网
  • perl/
  • Perl 401需要授权:无法验证oauth签名和令牌

Perl 401需要授权:无法验证oauth签名和令牌

perl curl twitter oauth

Perl 401需要授权:无法验证oauth签名和令牌,perl,curl,twitter,oauth,Perl,Curl,Twitter,Oauth,我已尝试使用添加到我的应用程序中 我在过去成功地使用过它,但没有启用SSL,这显然是Twitter API现在所需要的。我有一个控制器动作,与大纲中的示例非常相似: sub twitter_authorize : Local { my($self, $c) = @_; my $nt = Net::Twitter->new(traits => [qw/API::RESTv1_1 OAuth/], %param); my $url = $nt->get_a

我已尝试使用添加到我的应用程序中

我在过去成功地使用过它,但没有启用SSL,这显然是Twitter API现在所需要的。我有一个控制器动作,与大纲中的示例非常相似:

sub twitter_authorize : Local {
    my($self, $c) = @_;

    my $nt = Net::Twitter->new(traits => [qw/API::RESTv1_1 OAuth/], %param);
    my $url = $nt->get_authorization_url(callback => $callbackurl);

    $c->response->cookies->{oauth} = {
        value => {
            token => $nt->request_token,
            token_secret => $nt->request_token_secret,
        },
    };

    $c->response->redirect($url);
}
但是,在调用
$nt->get\u authorization\u url()
时失败,并出现401未经授权的错误

查看文档,我尝试通过cURL运行请求,如下所示:

curl --request 'POST' 'https://api.twitter.com/oauth/request_token' --header 'Authorization: OAuth oauth_consumer_key="xxxx", oauth_nonce="xxxx", oauth_signature="xxxx", oauth_signature_method="HMAC-SHA1", oauth_timestamp="xxxx", oauth_callback="oob", oauth_version="1.0"' --verbose

* About to connect() to api.twitter.com port 443 (#0)
*   Trying 199.16.156.104... 

connected
* Connected to api.twitter.com (199.16.156.104) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
*    subject: C=US; ST=California; L=San Francisco; O=Twitter, Inc.; OU=Twitter Security; CN=api.twitter.com
*    start date: 2014-08-03 00:00:00 GMT
*    expire date: 2016-12-31 23:59:59 GMT
*    subjectAltName: api.twitter.com matched
*    issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3
*    SSL certificate verify ok.
> POST /oauth/request_token HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> Host: api.twitter.com
> Accept: */*
> Authorization: OAuth oauth_consumer_key="xxxx", oauth_nonce="xxxx", oauth_signature="xxxx", oauth_signature_method="HMAC-SHA1", oauth_timestamp="xxxx", oauth_callback="oob", oauth_version="1.0"
> 
< HTTP/1.1 401 Authorization Required
< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< content-length: 44
< content-security-policy-report-only: default-src https:; connect-src https:; font-src https: data:; frame-src https: http://*.twimg.com http://itunes.apple.com about: javascript:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' about: https:; style-src 'unsafe-inline' https:; report-uri https://twitter.com/i/csp_report?a=NVXW433SMFUWY%3D%3D%3D&ro=true;
< content-type: text/html; charset=utf-8
< date: Tue, 21 Oct 2014 10:29:57 UTC
< expires: Tue, 31 Mar 1981 05:00:00 GMT
< last-modified: Tue, 21 Oct 2014 10:29:57 GMT
< pragma: no-cache
< server: tsa_b
< set-cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCD2PQTJJAToHaWQiJTE3M2Q4OWIyZWE1Nzc1%250AZmYxMjRkYmUyZDVjOTBlYjQxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--b807e4ebb8d45756e9686971b951a549d0d83b61; domain=.twitter.com; path=/; secure; HttpOnly
< set-cookie: guest_id=v1%3A141388739758201626; Domain=.twitter.com; Path=/; Expires=Thu, 20-Oct-2016 10:29:57 UTC
< status: 401 Unauthorized
< strict-transport-security: max-age=631138519
< vary: Accept-Encoding
< x-connection-hash: 54a185631d5f0b3a3a9dc46fe1f40a57
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-mid: 0258025664ce095129d0cc294100d71a2e6e66ac
< x-runtime: 0.01294
< x-transaction: 6fad295009a89877
< x-ua-compatible: IE=edge,chrome=1
< x-xss-protection: 1; mode=block
< 
* Connection #0 to host api.twitter.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Failed to validate oauth signature and token
答复如下:

curl --request 'POST' 'https://api.twitter.com/oauth/request_token' --header 'Authorization: OAuth oauth_consumer_key="xxxx", oauth_nonce="xxxx", oauth_signature="xxxx", oauth_signature_method="HMAC-SHA1", oauth_timestamp="xxxx", oauth_callback="oob", oauth_version="1.0"' --verbose

* About to connect() to api.twitter.com port 443 (#0)
*   Trying 199.16.156.104... 

connected
* Connected to api.twitter.com (199.16.156.104) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
*    subject: C=US; ST=California; L=San Francisco; O=Twitter, Inc.; OU=Twitter Security; CN=api.twitter.com
*    start date: 2014-08-03 00:00:00 GMT
*    expire date: 2016-12-31 23:59:59 GMT
*    subjectAltName: api.twitter.com matched
*    issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3
*    SSL certificate verify ok.
> POST /oauth/request_token HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> Host: api.twitter.com
> Accept: */*
> Authorization: OAuth oauth_consumer_key="xxxx", oauth_nonce="xxxx", oauth_signature="xxxx", oauth_signature_method="HMAC-SHA1", oauth_timestamp="xxxx", oauth_callback="oob", oauth_version="1.0"
> 
< HTTP/1.1 401 Authorization Required
< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< content-length: 44
< content-security-policy-report-only: default-src https:; connect-src https:; font-src https: data:; frame-src https: http://*.twimg.com http://itunes.apple.com about: javascript:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' about: https:; style-src 'unsafe-inline' https:; report-uri https://twitter.com/i/csp_report?a=NVXW433SMFUWY%3D%3D%3D&ro=true;
< content-type: text/html; charset=utf-8
< date: Tue, 21 Oct 2014 10:29:57 UTC
< expires: Tue, 31 Mar 1981 05:00:00 GMT
< last-modified: Tue, 21 Oct 2014 10:29:57 GMT
< pragma: no-cache
< server: tsa_b
< set-cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCD2PQTJJAToHaWQiJTE3M2Q4OWIyZWE1Nzc1%250AZmYxMjRkYmUyZDVjOTBlYjQxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--b807e4ebb8d45756e9686971b951a549d0d83b61; domain=.twitter.com; path=/; secure; HttpOnly
< set-cookie: guest_id=v1%3A141388739758201626; Domain=.twitter.com; Path=/; Expires=Thu, 20-Oct-2016 10:29:57 UTC
< status: 401 Unauthorized
< strict-transport-security: max-age=631138519
< vary: Accept-Encoding
< x-connection-hash: 54a185631d5f0b3a3a9dc46fe1f40a57
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-mid: 0258025664ce095129d0cc294100d71a2e6e66ac
< x-runtime: 0.01294
< x-transaction: 6fad295009a89877
< x-ua-compatible: IE=edge,chrome=1
< x-xss-protection: 1; mode=block
< 
* Connection #0 to host api.twitter.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Failed to validate oauth signature and token

*即将()连接到api.twitter.com端口443(#0)
*正在尝试199.16.156.104。。。
有联系的
*连接到api.twitter.com(199.16.156.104)端口443(#0)
*已成功设置证书验证位置:
*卡菲尔:没有
CApath:/etc/ssl/certs
*SSLv3,TLS握手,客户端hello(1):
*SSLv3,TLS握手,服务器hello(2):
*SSLv3,TLS握手,证书(11):
*SSLv3,TLS握手,服务器完成(14):
*SSLv3、TLS握手、客户端密钥交换(16):
*SSLv3,TLS更改密码,客户端你好(1):
*SSLv3,TLS握手,完成(20):
*SSLv3,TLS更改密码,客户端你好(1):
*SSLv3,TLS握手,完成(20):
*使用AES128-SHA的SSL连接
*服务器证书:
*主题:C=美国;ST=加利福尼亚州;L=旧金山;O=推特公司。;OU=推特安全性;CN=api.twitter.com
*开始日期:2014-08-03 00:00:00 GMT
*到期日期:2016-12-31 23:59:59 GMT
*subjectAltName:api.twitter.com匹配
*发行人:C=美国;O=VeriSign公司。;OU=VeriSign信任网络;OU=使用条款https://www.verisign.com/rpa (c) 十,;CN=VeriSign 3级安全服务器CA-G3
*SSL证书验证正常。
>POST/oauth/request\u令牌HTTP/1.1
>用户代理:curl/7.19.7(x86_64-pc-linux-gnu)libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
>主持人:api.twitter.com
>接受:*/*
>授权:OAuth OAuth\u consumer\u key=“xxxx”、OAuth\u nonce=“xxxx”、OAuth\u signature=“xxxx”、OAuth\u signature\u method=“HMAC-SHA1”、OAuth\u timestamp=“xxxx”、OAuth\u callback=“oob”、OAuth\u version=“1.0”
>
奇怪的是,如果我从授权头中删除
oauth\u回调
键,它就可以正常工作,并且我得到了令牌。但是,API文档建议此参数是必需的。我如何传递
oauth\u回调
项有什么问题吗

我已经尝试将其设置为
oob
(这应该适用于“带外”访问)。我已经从API文档中复制了编码的URL。这两者都不起作用

由于它在没有oauth_回调的情况下工作,所以在我的机器上这不是一个时间问题,这是一个常见的报告问题。我没有尝试在没有回调的情况下发送Net::Twitter请求(我没有检查这是否可行),但我认为这也可以解决这个问题。但是,我确实需要请求具有有效的回调URL,否则在登录流的其余部分,用户将不会重定向回应用程序。

Adam

我遇到了一个类似的问题,在彻底调查了其他twitterapi包装库的工作后,发现oauth_回调需要编码两次

关于做回顾?我找到了下面的答案,非常简洁地解释了我遇到的问题

这可能是您遇到的问题吗?

谢谢您的提示。我暂停了Twitter登录,并与其他一些提供商合作,因为我想不出来。我将很快回到这里并检查编码。