OAuth 1.0a与PHP Pecl的实现-自定义签名（Fitbit）

我有一个OAuth的实现，它与Fitbit一起从Fitbit的服务中提取数据。但是，他们最近更新了服务，现在每当我尝试获取访问令牌时，请求都会失败

他们就新规定发表了以下声明：

The solution is to OAuth sign the requests to <https://api.fitbit.com/oauth/request_token> and <https://api.fitbit.com/oauth/access_token> in a similar manner that all other calls to the Fitbit API are signed. 

Requests to <https://api.fitbit.com/oauth/request_token> need to be signed with your application's consumer key and secret. 
Requests to <https://api.fitbit.com/oauth/access_token> need to be signed with your application's consumer key and secret and the oauth_token and oauth_verifier received from the authorization callback. 

我得到的OAuth错误是：

401
Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)
oauthoauth_signatureInvalid signature: FfvYDv5MSOfwcOwLZBJa0TlKS4Q=false

根据上述代码存储的签名表明，正确的签名应为：

[signature] => wlfzqPs4aEkTkHfqyaO65D/RW6o=

这是调试信息的“发送头”部分：

[headers_sent] => Authorization: OAuth oauth_session_handle="Frdnxw8oHe3BgNVi0Fy4jBXrZko%3D",
oauth_verifier="ss6nmke8elf3so66jg3auued49",
oauth_consumer_key="(my key)",
oauth_signature_method="HMAC-SHA1",
oauth_nonce="30463910852ea5cc2d04e60.71895372",
oauth_timestamp="1391090882",
oauth_version="1.0",
oauth_token="2cabd6beab341e332bdf8e522b6019ef",
oauth_signature="hULwWcQOl%2F8aYjh0YjR843iVXtA%3D"

我在文档中找不到任何解释如何为OAuth设置签名以用于其请求的内容。任何帮助都将不胜感激

---

如果您需要更多信息，请告诉我

我发现了这个问题

事实证明，我并没有保存交还的

oauth\u token\u secret

，而是使用了消费者秘密

一旦我更新了这个，这个过程就按预期运行了

[headers_sent] => Authorization: OAuth oauth_session_handle="Frdnxw8oHe3BgNVi0Fy4jBXrZko%3D",
oauth_verifier="ss6nmke8elf3so66jg3auued49",
oauth_consumer_key="(my key)",
oauth_signature_method="HMAC-SHA1",
oauth_nonce="30463910852ea5cc2d04e60.71895372",
oauth_timestamp="1391090882",
oauth_version="1.0",
oauth_token="2cabd6beab341e332bdf8e522b6019ef",
oauth_signature="hULwWcQOl%2F8aYjh0YjR843iVXtA%3D"