7

我尝试通过https://api.twitter.com/oauth/request_token请求令牌,但总是收到 401 错误。

我通过 curl 进行测试(很容易看到会发生什么)。

这是一个请求示例:

curl --request 'POST' ' https://api.twitter.com/oauth/request_token ' --header '授权:OAuth oauth_callback="http%3A%2F%2Fwww.domain.tld%2Fblank.html", oauth_consumer_key ="cmGkcMsffqJlmra6RD1gw", oauth_nonce="hj05psxq62tx1PAe3V", oauth_signature="2ZNWTvzEmSix1G8PGImDxVKulFY=", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1373559256", oauth_version="1."

输出:

* About to connect() to api.twitter.com port 443 (#0)
*   Trying 199.16.156.72... connected
(...)
> POST /oauth/request_token HTTP/1.1
> User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: api.twitter.com
> Accept: */*
> Authorization: OAuth oauth_callback="http%3A%2F%2Fwww.domain.tld%2Fblank.html", oauth_consumer_key="cmGkcMsffqJlmra6RD1gw", oauth_nonce="hj05psxq62tx1PAe3V", oauth_signature="2ZNWTvzEmSix1G8PGImDxVKulFY=", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1373559256", oauth_version="1.0"
> 
< HTTP/1.1 401 Unauthorized
< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< content-length: 44
< content-type: text/html; charset=utf-8
< date: Thu, 11 Jul 2013 16:14:28 GMT
< expires: Tue, 31 Mar 1981 05:00:00 GMT
< last-modified: Thu, 11 Jul 2013 16:14:28 GMT
< pragma: no-cache
< server: tfe
< set-cookie: _twitter_sess=BAh7CDoHaWQiJWY5Y2RkMjc2ZjMwNjI1MmEwZjMwNDQ2YjMyZTMzZjcxOg9j%250AcmVhdGVkX2F0bCsI8CSDzj8BIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--6299ac6198a2aa6d31ddbf73e644178b151e0938; domain=.twitter.com; path=/; HttpOnly
< set-cookie: guest_id=v1%3A137355926844621784; Domain=.twitter.com; Path=/; Expires=Sat, 11-Jul-2015 16:14:28 UTC
< status: 401 Unauthorized
< strict-transport-security: max-age=631138519
< vary: Accept-Encoding
< x-frame-options: SAMEORIGIN
< x-mid: 4265bd602c73ff13a029debc2d8161132a3ac5b9
< x-runtime: 0.01201
< x-transaction: a8f4d7f44e9ee8ba
< x-ua-compatible: IE=10,chrome=1
< x-xss-protection: 1; mode=block
< 
* Connection #0 to host api.twitter.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

我检查过的常见问题:

  • 时间戳没问题
  • 唱歌方法应该没问题(使用来自 twitter doc 的示例值进行测试 + 使用http://quonos.nl/oauthTester/检查
  • 应用回调 url 已配置(与此请求中的 url 相同)
  • 该应用程序被允许用于使用 Twitter 登录

我的想法不多了...

4

1 回答 1

6

您是否尝试过在签名中编码“等于”字符 (=)?IE

oauth_signature="2ZNWTvzEmSix1G8PGImDxVKulFY%3D"

在计算签名后,您应该始终对签名进行百分比编码。

于 2013-07-12T07:35:23.363 回答