這裏是授權頭使用:401響應Twitter的反向權威性
Authorization = "OAuth oauth_consumer_key=\"2D9rLD8Lu23hrchrh4VMBkQ6AZKHYi2yY2oeuoeutcFMdAs\", oauth_nonce=\"-486353546\", oauth_signature="x3NdGnJmBTUAICBRE9C44N8mFd4%3D", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"137663828056\", oauth_version=\"1.0\", x_auth_mode=\"reverse_auth\"";
這裏的基本字符串我用:
https://api.twitter.com/oauth/access_token
下面是我從工作twitter documentation:
步驟1:獲取特殊請求標記
首先,您使用您的應用程序的 使用者密鑰向Twitter請求令牌URL發送HTTPS請求 https://api.twitter.com/oauth/request_token。除了傳統的oauth_ *參數 參數外,還必須包含設置爲值 reverse_auth的x_auth_mode。
舉個例子,考慮下面的值的請求與令牌機密ydC2yUbFaScbSlykO0PmrMjXFeLraSi3Q2HfTOlGxQM簽署 :
這裏使用的令牌僅用於演示的目的,並不會爲你 工作。
oauth_consumer_key JP3PyvG67rXRsnayOJOcQ oauth_nonce 1B7D865D-9E15-4ADD-8165-EF90D7A7D3D2 oauth_signature_method HMAC-SHA1 oauth_timestamp 1322697052 oauth_version 1.0 x_auth_mode reverse_auth 這些參數應導致的簽名基本字符串,看起來 像這樣:
POST & HTTPS%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token & oauth_consumer_key%3DJP3PyvG67rXRsnayOJOcQ%26oauth_nonce%3D1B7D865D-9E15-4ADD-8165-EF90D7A7D3D2%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1322697052%26oauth_version%3D1.0%26x_auth_mode% 3Dreverse_auth 這個調用應該導致看起來像這樣的響應。注意 這個響應實際上看起來像一個OAuth頭。
(換行添加爲清楚起見):
的OAuth oauth_nonce = 「xq2maKtilFhVTC1MSxVC4cQIJLd53O6w97YmrdOGSk8」, oauth_signature_method = 「HMAC-SHA1」,oauth_timestamp = 「1322697052」, oauth_consumer_key = 「JP3PyvG67rXRsnayOJOcQ」, 組oauth_token =「5mgkU82W0PTA0DLgSIA5vFK6c08i8dXzrbLnX06vl38 」, oauth_signature = 「AOM%2FwW2kAowAeHBRvw7faH245p0%3D」, oauth_version = 「1.0」
編輯:我STIL我得到401。我用下面的代碼來生成oauth_signature,所以現在我的Authorization頭看起來是這樣的:OAuth oauth_timestamp="1376639141", oauth_nonce="BB2D2634F3-99A5-4B64-8CB34E-2314CE9E4FD7", oauth_version="1.0", oauth_consumer_key="mrcD8LuSNKJKFAchKHYi2yY2qwh5tcFMdAs", oauth_signature_method="HMAC-SHA1", oauth_signature="moer8H7xzluAdoAAAFZpv6n4noeu%3D"
NSString *OAuthorizationHeader(NSURL *url, NSString *method, NSData *body, NSString *_oAuthConsumerKey, NSString *_oAuthConsumerSecret, NSString *_oAuthToken, NSString *_oAuthTokenSecret)
{
NSString *_oAuthNonce = [NSString ab_GUID];
NSString *_oAuthTimestamp = [NSString stringWithFormat:@"%d", (int)[[NSDate date] timeIntervalSince1970]];
NSString *_oAuthSignatureMethod = @"HMAC-SHA1";
NSString *_oAuthVersion = @"1.0";
NSMutableDictionary *oAuthAuthorizationParameters = [NSMutableDictionary dictionary];
oAuthAuthorizationParameters[@"oauth_nonce"] = _oAuthNonce;
oAuthAuthorizationParameters[@"oauth_timestamp"] = _oAuthTimestamp;
oAuthAuthorizationParameters[@"oauth_signature_method"] = _oAuthSignatureMethod;
oAuthAuthorizationParameters[@"oauth_version"] = _oAuthVersion;
oAuthAuthorizationParameters[@"oauth_consumer_key"] = _oAuthConsumerKey;
if(_oAuthToken)
oAuthAuthorizationParameters[@"oauth_token"] = _oAuthToken;
// get query and body parameters
NSDictionary *additionalQueryParameters = [NSURL ab_parseURLQueryString:[url query]];
NSDictionary *additionalBodyParameters = nil;
if(body) {
NSString *string = [[[NSString alloc] initWithData:body encoding:NSUTF8StringEncoding] autorelease];
if(string) {
additionalBodyParameters = [NSURL ab_parseURLQueryString:string];
}
}
// combine all parameters
NSMutableDictionary *parameters = [[oAuthAuthorizationParameters mutableCopy] autorelease];
if(additionalQueryParameters) [parameters addEntriesFromDictionary:additionalQueryParameters];
if(additionalBodyParameters) [parameters addEntriesFromDictionary:additionalBodyParameters];
// -> UTF-8 -> RFC3986
NSMutableDictionary *encodedParameters = [NSMutableDictionary dictionary];
for(NSString *key in parameters) {
NSString *value = parameters[key];
encodedParameters[[key ab_RFC3986EncodedString]] = [value ab_RFC3986EncodedString];
}
NSArray *sortedKeys = [[encodedParameters allKeys] sortedArrayUsingFunction:SortParameter context:encodedParameters];
NSMutableArray *parameterArray = [NSMutableArray array];
for(NSString *key in sortedKeys) {
[parameterArray addObject:[NSString stringWithFormat:@"%@=%@", key, encodedParameters[key]]];
}
NSString *normalizedParameterString = [parameterArray componentsJoinedByString:@"&"];
NSString *normalizedURLString = [NSString stringWithFormat:@"%@://%@%@", [url scheme], [url host], [url path]];
NSString *signatureBaseString = [NSString stringWithFormat:@"%@&%@&%@",
[method ab_RFC3986EncodedString],
[normalizedURLString ab_RFC3986EncodedString],
[normalizedParameterString ab_RFC3986EncodedString]];
NSString *key = [NSString stringWithFormat:@"%@&%@",
[_oAuthConsumerSecret ab_RFC3986EncodedString],
(_oAuthTokenSecret) ? [_oAuthTokenSecret ab_RFC3986EncodedString] : @""];
NSData *signature = HMAC_SHA1(signatureBaseString, key);
NSString *base64Signature = [signature base64EncodedString];
NSMutableDictionary *authorizationHeaderDictionary = [[oAuthAuthorizationParameters mutableCopy] autorelease];
authorizationHeaderDictionary[@"oauth_signature"] = base64Signature;
NSMutableArray *authorizationHeaderItems = [NSMutableArray array];
for(NSString *key in authorizationHeaderDictionary) {
NSString *value = authorizationHeaderDictionary[key];
[authorizationHeaderItems addObject:[NSString stringWithFormat:@"%@=\"%@\"",
[key ab_RFC3986EncodedString],
[value ab_RFC3986EncodedString]]];
}
NSString *authorizationHeaderString = [authorizationHeaderItems componentsJoinedByString:@", "];
authorizationHeaderString = [NSString stringWithFormat:@"OAuth %@", authorizationHeaderString];
return authorizationHeaderString;
}
我通過這個方法的參數是 url:https://api.twitter.com/oauth/request_token,method:POST,body:無,oAuthConsumerToken :我的鑰匙,oAuthConsumerSecret:我的祕密,oAuthToken:無,oAuthTokenSecret:無。
編輯我想這oauth test console來驗證我正確生成OAuth的簽名,但現在看來,我需要會員的令牌和祕密:
看來我並不需要授權標頭中的'oauth_signature'。看起來這應該是迴應的一部分。 –
該文檔聲明您應該'在嘗試使用端點之前熟悉簽名過程',這表明您的初始請求仍需要簽名。另外,如果您不打算簽署請求,您爲什麼會生成簽名基本字符串? –
謝謝,我添加了它,並且仍然得到了401。我正在寫我在問題結束時如何生成簽名。 –