5

我想访问 QuickBlox 中的 API,但在此之前我们需要对我们的应用程序进行身份验证并获取会话令牌,并且使用会话令牌我们可以访问其他 API。但问题是,当我使用 QuickBlox 网站上提供的所需规范发送身份验证请求时,我收到错误消息:

{"errors":{"base":["意外签名"]}}

生成签名的参数是:

application_id=22&auth_key=wJHd4cQSxpQGWx5&nonce=33432&timestamp=1326966962

然后我们将其转换为 HMAC-SHA 格式:

hash_hmac( 'sha1', $signatureStr , $authSecret);

请帮我解决这个问题。

4

6 回答 6

2

以下是如何创建 QuickBlox 会话的完整示例:

<?php
// Application credentials
DEFINE('APPLICATION_ID', 92);
DEFINE('AUTH_KEY', "wJHdOcQSxXQGWx5");
DEFINE('AUTH_SECRET', "BTFsj7Rtt27DAmT");

// User credentials
DEFINE('USER_LOGIN', "emma");
DEFINE('USER_PASSWORD', "emma");

// Quickblox endpoints
DEFINE('QB_API_ENDPOINT', "https://api.quickblox.com");
DEFINE('QB_PATH_SESSION', "session.json");

// Generate signature
$nonce = rand();
$timestamp = time(); // time() method must return current timestamp in UTC but seems like hi is return timestamp in current time zone
$signature_string = "application_id=".APPLICATION_ID."&auth_key=".AUTH_KEY."&nonce=".$nonce."&timestamp=".$timestamp."&user[login]=".USER_LOGIN."&user[password]=".USER_PASSWORD;

echo "stringForSignature: " . $signature_string . "<br><br>";
$signature = hash_hmac('sha1', $signature_string , AUTH_SECRET);

// Build post body
$post_body = http_build_query(array(
                'application_id' => APPLICATION_ID,
                'auth_key' => AUTH_KEY,
                'timestamp' => $timestamp,
                'nonce' => $nonce,
                'signature' => $signature,
                'user[login]' => USER_LOGIN,
                'user[password]' => USER_PASSWORD
                ));

// $post_body = "application_id=" . APPLICATION_ID . "&auth_key=" . AUTH_KEY . "&timestamp=" . $timestamp . "&nonce=" . $nonce . "&signature=" . $signature . "&user[login]=" . USER_LOGIN . "&user[password]=" . USER_PASSWORD;

 echo "postBody: " . $post_body . "<br><br>";
// Configure cURL
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, QB_API_ENDPOINT . '/' . QB_PATH_SESSION); // Full path is - https://api.quickblox.com/session.json
curl_setopt($curl, CURLOPT_POST, true); // Use POST
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body); // Setup post body
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Receive server response

// Execute request and read responce
$responce = curl_exec($curl);

// Check errors
if ($responce) {
        echo $responce . "\n";
} else {
        $error = curl_error($curl). '(' .curl_errno($curl). ')';
        echo $error . "\n";
}

// Close connection
curl_close($curl);
?>
于 2013-05-28T09:25:21.090 回答
2

我在 php 上编写了代码片段,它会生成签名。效果很好

这是我的测试应用程序的凭据:

$application_id = 92;
$auth_key = "wJHdOcQSxXQGWx5";
$authSecret = "BTFsj7Rtt27DAmT";

$nonce = rand();
echo "<br>nonce: " . $nonce;

$timestamp = time();
echo "<br>timestamp: " . $timestamp ."<br>";

$stringForSignature = "application_id=".$application_id."&auth_key=".$auth_key."&nonce=".$nonce."&timestamp=".$timestamp;
echo $stringForSignature."<br>";

$signature = hash_hmac( 'sha1', $stringForSignature , $authSecret);
echo $signature;

希望这有帮助

于 2013-01-02T19:48:16.333 回答
2

问题解决了

我的请求参数有问题。

$params = "application_id=$application_id&auth_key=$auth_key&timestamp=$timestamp&nonce=$nonce&signature=$signature&**auth_secret=$authSecret**";

在这个参数中,我传递了一个额外的参数,my auth secret key它不应该存在。我删除了这个参数,现在它可以工作了。

于 2013-01-03T05:05:45.683 回答
0

您必须使用自己的应用程序参数:

  • application_id
  • 授权键

和随机“nonce”和当前时间戳(不是来自示例,您可以在此站点http://www.unixtimestamp.com/index.php上获取当前时间戳)

您的代码是正确的,但您必须设置正确的参数

于 2013-01-01T18:45:00.597 回答
0

我们使用 php,接下来的代码对我们很有效:

<?php

$userLogin = '{YOUR_QB_USER}';
$userPassword = '{YOUR_QB_PASSWORD}';

$body = [
    'application_id' => '{YOUR_QB_APPLICATION_ID}',
    'auth_key' => '{YOUR_QB_AUTH_KEY}',
    'nonce' => time(),
    'timestamp' => time(),
    'user' => ['login' => $userLogin, 'password' => $userPassword]
];
$built_query = urldecode(http_build_query($body));
$signature = hash_hmac('sha1', $built_query , '{YOUR_QB_APP_SECRET}');
$body['signature'] = $signature;
$post_body = http_build_query($body);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://{YOUR_QB_HOST}/session.json');
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
$token = json_decode($response, true)['session']['token'];
printf('Your token is: %s %s', $token, PHP_EOL);
于 2017-01-19T05:39:06.300 回答
0

1)您应该发送请求以正确的网址。

https://api.quickblox.com/auth.json _

而是 https://api.quickblox.com/session.json

2)您应该使用它来修复 SSL 问题。

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false)

于 2015-11-18T19:05:12.987 回答