使用Codeigniter請求OAuth訪問憑據時出現401錯誤

Question

因此，我正在整理一個快速且骯髒的應用程序，以根據從RSS提要中提取的新項目自動向Tumblr添加新帖子。該應用程序在Codeigniter中，到目前爲止，我已經設法獲得請求憑據並將用戶發送給Tumblr進行授權。問題是，一旦他們重定向到應用程序，我做了訪問證書的請求，我收到以下錯誤：

Message: file_get_contents(http://www.tumblr.com/oauth/access_token?oauth_consumer_key=THECONSUMERKEY&oauth_nonce=9362afdd34f9ce1601fb9cf505ffa3cf&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1327440390&oauth_token=09mFsxCvsODDmSxPCyQNu4QKFMMXaAEEyPtBibPUyUTE1n2BsJ&oauth_verifier=hDfGgesf9EKIO5yFhiHxtnsbP42XEP1FISY2qyyWerzXf6fPTG&oauth_version=1.0&oauth_signature=yeFw8ACvVvKtD%2BQ%2FdzbLivDSm1Y%3D) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 401 Unauthorized 

這是我正在使用的代碼：

$oauthVerifier = $_GET["oauth_verifier"]; 
     $sigBase = "GET&" . rawurlencode($this->accessTokenUrl) . "&" 
       . rawurlencode("oauth_consumer_key=" . rawurlencode($this->consumerKey) 
         . "&oauth_nonce=" . rawurlencode($this->nonce) 
         . "&oauth_signature_method=" . rawurlencode($this->oauthSignatureMethod) 
         . "&oauth_timestamp=" . $this->oauthTimestamp 
         . "&oauth_token=" . rawurlencode($this->CI->session->userdata('requestToken')) 
         . "&oauth_verifier=" . rawurlencode($oauthVerifier) 
         . "&oauth_version=" . $this->oauthVersion); 
     $sigKey = $this->consumerSecret . "&"; 
     $oauthSig = base64_encode(hash_hmac("sha1", $sigBase, $sigKey, true)); 

     $requestUrl = $this->accessTokenUrl . "?" 
       . "oauth_consumer_key=" . rawurlencode($this->consumerKey) 
       . "&oauth_nonce=" . rawurlencode($this->nonce) 
       . "&oauth_signature_method=" . rawurlencode($this->oauthSignatureMethod) 
       . "&oauth_timestamp=" . rawurlencode($this->oauthTimestamp) 
       . "&oauth_token=" . rawurlencode($this->CI->session->userdata('requestToken')) 
       . "&oauth_verifier=" . rawurlencode($oauthVerifier) 
       . "&oauth_version=" . rawurlencode($this->oauthVersion) 
       . "&oauth_signature=" . rawurlencode($oauthSig); 

     $response = file_get_contents($requestUrl); 

有沒有很棒的點子？

Answer 1

UPDATE：流浪的＆符號實際上並不在原始代碼中（我的不好），但是當我嘗試修復它之後我做了一些事情。事實上，原始問題的原因是簽名密鑰中沒有請求令牌密鑰。

感謝指點，aitchnyu - 最後，問題是一個流浪的＆符。在簽名庫中，我在rawurlencode中的「oauth_consumer_key =」之前包含了＆符號，它應該出現在它之前。

這裏的老SIG基地：

"GET&" . rawurlencode($this->accessTokenUrl) 
       . rawurlencode("&oauth_consumer_key=" . rawurlencode($this->consumerKey) 
         . "&oauth_nonce=" . rawurlencode($this->nonce) 
         . "&oauth_signature_method=" . rawurlencode($this->oauthSignatureMethod) 
         . "&oauth_timestamp=" . rawurlencode($this->time) 
         . "&oauth_token=" . rawurlencode($token) 
         . "&oauth_verifier=" . rawurlencode($oauthVerifier) 
         . "&oauth_version=" . $this->oauthVersion); 

新一：

"GET&" . rawurlencode($this->accessTokenUrl) . "&" 
       . rawurlencode("oauth_consumer_key=" . rawurlencode($this->consumerKey) 
         . "&oauth_nonce=" . rawurlencode($this->nonce) 
         . "&oauth_signature_method=" . rawurlencode($this->oauthSignatureMethod) 
         . "&oauth_timestamp=" . rawurlencode($this->time) 
         . "&oauth_token=" . rawurlencode($token) 
         . "&oauth_verifier=" . rawurlencode($oauthVerifier) 
         . "&oauth_version=" . $this->oauthVersion); 

重要的區別！

Answer 2

這是不完整的，需要你追逐一些錯誤。

搞明白談話的相關部分：

TumApp to user: please go to Tumblr with one of my request tokens: GHF3F4F 

user to Tumblr: I authorize TumApp, and here is it's request token: GHF3F4F 

Tumblr to itself: let me authorize GHF3F4F, which TumApp can exchange for an access token 
     to user: redirect to Tumapp's callback 

Tumapp to itself: Great, user authorized me (by requesting my callback). Let me exchange my request token for an access token 
     to Tumblr: Hey, give me an access token for GHF3F4F 

Tumblr to Tumapp: Epic 401 fail! 

---

這裏有原因的tumblr將給予401

從http://oauth.net/core/1.0a/#http_codes

HTTP 401 Unauthorized 
    Invalid Consumer Key 
    Invalid/expired Token 
    Invalid signature 
    Invalid/used nonce 

一個我會推斷出發與令牌;消費者密鑰成功地爲您提供了一個請求令牌，並且該庫的簽名和隨機數由該庫生成。