0

我正在尝试创建一个应用程序以从 twitter 进行身份验证,但出现以下错误:

Failed to validate oauth signature and token

这是我的应用程序代码:

public class TwitCons {

    String sign_method ="HMAC-SHA1";

    public static String consumer_key ="^^^^^^^^^^^^^^^^^^^^";
    public static String consumer_secret="^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^";
    String request_uri = "https://api.twitter.com/oauth/request_token";
    String oauth_callback="http://127.0.0.1:8080/twitter/getToken";

    String getNonce(){
        Random ran = new Random(); 
        long nonce1 = ran.nextLong(); 

        Long nonce = Math.abs(new Long(nonce1)); 

        return nonce.toString();
    }


    String getTimestamp(){
        long time = System.currentTimeMillis();


        return String.valueOf(time/1000);
    }


    String getSignature(String request_uri ,String request_token,String nonce) throws UnsupportedEncodingException
    {
        String base="oauth_callback=http://127.0.0.1:8080/twitter/getToken&oauth_consumer_key="+consumer_key+"&oauth_nonce="+nonce+"&oauth_signature_method="+sign_method+"&oauth_timestamp="+getTimestamp()+"&oauth_token=&oauth_version=1.0";

        String baseString="POST&"+URLEncoder.encode(request_uri , "UTF-8")+"&"+URLEncoder.encode(base , "UTF-8");

        String signKey = consumer_secret +"&"+ request_token ;
        System.out.println(signKey +"\n"+baseString);

        try {
            SecretKeySpec signingKey = new SecretKeySpec(signKey.getBytes(),"HmacSHA1");
            Mac mac = Mac.getInstance(signingKey.getAlgorithm());
            mac.init(signingKey);
            byte[] rawHmac = mac.doFinal(baseString.getBytes());
            String result = new String(Base64.encodeBase64(rawHmac));
            System.out.println(URLEncoder.encode(result , "UTF-8"));
            return URLEncoder.encode(result , "UTF-8");
            //return result;

        } catch (GeneralSecurityException e) {
            return "";
        }




    }


}


public class Twitter extends TwitCons{

    public void getRequest() throws IllegalArgumentException, HttpException, IOException
    {

        HttpClient client = new HttpClient();
        PostMethod post = new PostMethod("https://api.twitter.com/oauth/request_token");
        String nonce=getNonce();
        String header = "oauth_callback=\""+URLEncoder.encode(oauth_callback ,"UTF-8")+"\","+
            "oauth_consumer_key=\""+consumer_key +"\","+
            "oauth_nonce=\""+nonce + "\","+
            "oauth_signature=\""+getSignature(request_uri,"",nonce) + "\","+ 
            "oauth_signature_method=\""+sign_method + "\","+
            "oauth_timestamp=\""+getTimestamp() + "\","+
            "oauth_version=\"1.0\""  ;

        post.addRequestHeader("Authorization", "OAuth "+header);
        client.executeMethod(post);

        System.out.println(post.getResponseBodyAsString()+"\n"+post.getRequestHeader("Authorization"));






    }

类有方法 getRequest 用于发出 twitter 请求以获取 request_token 和 token_secret

和第二类 TwitCons 有不同的方法和常量来获取请求令牌

4

2 回答 2

0

Twitter.getRequest()中,您的标题似乎错误。每个参数的值必须用双引号 ( ") 括起来:

StringBuilder headerBuilder = new StringBuilder("OAuth ");

headerBuilder.append("oauth_callback=\"").append(oauth_callback).append("\", ");
headerBuilder.append("oauth_consumer_key=\"").append(consumer_key).append("\", ");
headerBuilder.append("oauth_nonce=\"").append(nonce).append("\", ");
headerBuilder.append("oauth_signature=\"").append(getSignature(request_uri,"",nonce)).append("\", ");
headerBuilder.append("oauth_signature_method=\"").append(sign_method).append("\", ");
headerBuilder.append("oauth_timestamp=\"").append(getTimestamp()).append("\", ");
headerBuilder.append("oauth_version=\"1.0\"");

String header = headerBuilder.toString();

有关更多详细信息,请参阅 Twitter API 中的相应页面:https ://dev.twitter.com/docs/auth/authorizing-request

编辑:代码已修复,因为逗号前没有任何空格。

于 2012-07-09T13:42:56.733 回答
-1

oauth_token在你的String base. 请参阅https://dev.twitter.com/docs/auth/3-legged-authorization了解如何获得一个(如果您还不知道这一点并且没有忘记将它放在您的基本字符串中;))。

可能是您的签名计算错误,因为您包含&oauth_token=在您的base字符串中,但该密钥不是您请求的一部分。OAuth 1.0 规范只是说:

签名基本字符串是请求元素的一致可重现串联成单个字符串。

只删除字符串的那部分可能值得一试。

更新:

您可能必须在 Authorization 标头中对回调 URL 进行 urlencode,按字母顺序排列并将参数放在引号中,如 @air-dex 推荐的那样。尝试这个:

String oauth_callback = "http://127.0.0.1:8080/twitter/getToken";
String oauth_callback_encoded = URLEncoder.encode(oauth_callback, "UTF-8");

然后

String header = "oauth_callback=\"" + oauth_callback_encoded + "\", " +
            "oauth_consumer_key=\"" + consumer_key + "\", " +
            "oauth_nonce=\"" + nonce + "\", " +
            "oauth_signature=\"" + getSignature(request_uri, "", nonce) + "\", " +
            "oauth_signature_method=\"" + sign_method + "\", " +
            "oauth_timestamp=\"" + getTimestamp() + "\", " +
            "oauth_version=\"1.0\"";


String base = "oauth_consumer_key=" + consumer_key + 
            "&oauth_nonce=" + nonce + 
            "&oauth_signature_method=" + sign_method + 
            "&oauth_timestamp=" + getTimestamp() +
            "&oauth_version=1.0";
于 2012-07-08T14:56:25.617 回答