我意識到這並不是什麼新鮮事,並且已經有很多關於這個主題的帖子。然而,non與我正在尋找的是完全相關的...所以,這裏是:Coldfusion Tumblr oAuth沮喪
我已經評論了這個話題的每一篇文章,似乎沒有什麼能爲我工作。以下是我正在做的事情的快速總結:
***我一直在這麼長時間,我失去了我的位置 - 我剛剛意識到我的oauth_signature現在從我的授權標題中缺失。我知道它在那裏之前...
BTW-我使用從哈利·克萊因在CF的OAuth應用程序(http://oauth.riaforge.org/):
<!--- set up the parameters --->
<cfset sConsumerKey = 'xxx'> <!--- Got these from Tumblr for my app --->
<cfset sConsumerSecret = 'xxx'> <!--- Got these from Tumblr for my app --->
<cfset OAUTH_VERIFIER = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account --->
<cfset token = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account --->
<cfset tokenSecret = 'xxx' /> <!--- Got these when doing oauth registration with tumblr for account --->
<!--- set up the required objects including signature method--->
<cfset oReqSigMethodSHA = CreateObject("component", "oauth.oauthsignaturemethod_hmac_sha1")>
<cfset oToken = CreateObject("component", "oauth.oauthtoken").init(sKey = token, sSecret = tokenSecret)>
<cfset oConsumer = CreateObject("component", "oauth.oauthconsumer").init(sKey = sConsumerKey, sSecret = sConsumerSecret)>
<cfset oReq = CreateObject("component", "oauth.oauthrequest").fromConsumerAndToken(
oConsumer = oConsumer,
oToken = oToken,
sHttpMethod = "GET",
sHttpURL = 'http://api.tumblr.com/v2/user/info')> <!--- For now, just trying to get the user info --->
<!--- The ultimate goal is to post to differnent blog accounts on tumblr --->
<cfset oReq.setParameter('oauth_verifier',oauth_verifier) /> <!--- Had to manually add in oauth_verifier if it is even needed --->
<cfset oReq.signRequest(
oSignatureMethod = oReqSigMethodSHA,
oConsumer = oConsumer,
oToken = oToken)> <!--- Sign the request --->
<cfhttp url="#oReq.GETNORMALIZEDHTTPURL()#" method="get">
<cfhttpparam type="header" name="authorization" value="#oReq.TOHEADER()#" />
</cfhttp>
<cfdump var="#cfhttp#" />
下面是一些什麼我已經得到了回來(我已經添加行打破,使其更清晰):
SIGNATUREBASESTRING:
GET&
http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo&
oauth_consumer_key%3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26
oauth_nonce%3D96A76129198ADF9B60874521D3FB718256B2D093%26
oauth_timestamp%3D1358463090%26
oauth_token%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26
oauth_verifier%3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26
oauth_version%3D1.0
AUTHORIZATION HEADER:
OAuth oauth_consumer_key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
oauth_timestamp="1358463090",
oauth_version="1.0",
oauth_nonce="96A76129198ADF9B60874521D3FB718256B2D093",
oauth_token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
oauth_verifier="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
每次我嘗試修改任何東西,它從來沒有工作。我總是從Tumblr獲得401非授權回覆,沒有任何解釋我做錯了什麼。
我已經在這幾天:請幫助
* 編輯2013年1月24日 **
1. Getting the access_token:
response from Tumblr to auth_token request (Success):
oauth_token=XXX&
oauth_token_secret=XXX&
oauth_callback_confirmed=true
2. Using access token to get user info:
sConsumerKey:
xxx
sConsumerSecret:
yyy
EndPoint:
http://api.tumblr.com/v2/user/info
COMMETHOD:
get
token:
XXX
tokenSecret:
XXX
Signature base string:
GET&
http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo&
oauth_consumer_key%3Dxxx&
oauth_nonce%3DDED2857752C210C71D81DFD549B7B13113DCA50F&
oauth_signature_method%3DHMAC-SHA1&
oauth_timestamp%3D1358993908&
oauth_token%XXX&
oauth_version%3D1.0
Signature:
emffJ8+2QvExJzRH0fgDM8l3jDQ=
Authorization Header:
OAuth oauth_consumer_key="xxx"&
oauth_nonce="DED2857752C210C71D81DFD549B7B13113DCA50F"&
oauth_signature="emffJ8%2B2QvExJzRH0fgDM8l3jDQ%3D"&
oauth_signature_method="HMAC-SHA1"&
oauth_timestamp="1358993908"&
oauth_token="XXX"&
oauth_version="1.0"
已驗證: 1組oauth_token是正確的。 2. oAuth標題按字母順序排序。 3.簽名基本字符串不包含參數,因爲沒有參數。 4.方法得到。 5. OAuth標題包含oauth_signature。
有些問題是: 1.是否還有其他頭文件需要包含(不知道CF是否自動添加) 2.任何人都可以驗證我的簽名基礎字符串嗎? 3.簽名基礎字符串中是否存在區分大小寫問題? (或其他地方)
編輯 - 2013年1月27日 誰能請確認此信息(我使用的實際值,因爲一切都將包括在應用程序本身後復位):
Given:
1. Signature Base String:
GET&
http%3A%2F%2Fapi.tumblr.com%2Fv2%2Fuser%2Finfo&
oauth_consumer_key%XXX%26
oauth_nonce%3DOAUTH7DC9F837D60483B9D10389C9BB0AEAF9%26
oauth_signature_method%3DHMAC-SHA1%26
oauth_timestamp%3D1359320053%26
oauth_token%XXX%26
oauth_version%3D1.0
2. Signing Key (consumer secret & auth_token_secret):
XXX&
XXX
Is this signature correct?
3. Signature:
2n+xbj9gbOrADeaQ3nORKNhOTUg=
Is this Authorization Header correct:
4. Authorization header (FYI- there is a space after each comma- is that ok?
And- is the encoding on the Signature ok?):
(Also, I've tried this in alphabetical order and not- same result)
OAuth oauth_signature="2n%2Bxbj9gbOrADeaQ3nORKNhOTUg%3D",
oauth_token="XXX",
oauth_consumer_key="XXX",
oauth_nonce="OAUTH7DC9F837D60483B9D10389C9BB0AEAF9",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1359320053",
oauth_version="1.0"
我希望有人能確認這是否正確。在後一種情況下,我會稍微調整一下,希望再次檢查。預先感謝所有。
阿蘭,你已經去掉了「敏感材料」仍然可以在[修訂歷史記錄(http://stackoverflow.com/posts/14389806/revisions) - 如果此信息是真正敏感的,你應該請求新的細節tumblr。 –
謝謝@PeterBoughton。我將用Tumblr註冊一個新應用程序,但不想宣傳舊信息。我沒有意識到有一個修訂歷史:欣賞頭! –