这是我使用的授权标头:
Authorization = "OAuth oauth_consumer_key=\"2D9rLD8Lu23hrchrh4VMBkQ6AZKHYi2yY2oeuoeutcFMdAs\", oauth_nonce=\"-486353546\", oauth_signature="x3NdGnJmBTUAICBRE9C44N8mFd4%3D", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"137663828056\", oauth_version=\"1.0\", x_auth_mode=\"reverse_auth\"";
这是我使用的基本字符串:
https://api.twitter.com/oauth/access_token
这是我正在使用的twitter 文档:
第 1 步:获取特殊请求令牌
首先,您使用应用程序的使用者密钥向 Twitter 请求令牌 URL https://api.twitter.com/oauth/request_token发出 HTTPS 请求 。除了常规的 oauth_* 签名参数之外,您还必须将 x_auth_mode 设置为值 reverse_auth。
例如,考虑使用令牌密钥 ydC2yUbFaScbSlykO0PmrMjXFeLraSi3Q2HfTOlGxQM 签名的具有以下值的请求:
此处使用的令牌仅用于演示目的,不适用于您。
oauth_consumer_key JP3PyvG67rXRsnayOJOcQ oauth_nonce 1B7D865D-9E15-4ADD-8165-EF90D7A7D3D2 oauth_signature_method HMAC-SHA1 oauth_timestamp 1322697052 oauth_version 1.0 x_auth_mode reverse_auth 这些参数应该会导致签名基础:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3DJP3PyvG67rXRsnayOJOcQ%26oauth_nonce%3D1B7D865D-9E15-4ADD-8165-EF90D7A7D3D2%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1322697052%26oauth_version%3D1.0%26x_auth_mode%3Dreverse_auth This call 应该会产生如下所示的响应。请注意,此响应实际上看起来像一个 OAuth 标头。
(为清楚起见添加了换行):
OAuth oauth_nonce="xq2maKtilFhVTC1MSxVC4cQIJLd53O6w97YmrdOGSk8", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1322697052", oauth_consumer_key="JP3PyvG67rXRsnayOJOcQ", oauth_token="5mgkU82W0PTA0DLgSIA5vFK6c08i8dXzrbLnX06vl38", oauth_signature="aOM%2FwW2kAowAeHBRvw7faH245p0%3D", oauth_version="1.0"
编辑:我仍然得到一个401
. 我使用以下代码生成oauth_signature
,所以现在我的 Authorization 标头如下所示:OAuth oauth_timestamp="1376639141", oauth_nonce="BB2D2634F3-99A5-4B64-8CB34E-2314CE9E4FD7", oauth_version="1.0", oauth_consumer_key="mrcD8LuSNKJKFAchKHYi2yY2qwh5tcFMdAs", oauth_signature_method="HMAC-SHA1", oauth_signature="moer8H7xzluAdoAAAFZpv6n4noeu%3D"
NSString *OAuthorizationHeader(NSURL *url, NSString *method, NSData *body, NSString *_oAuthConsumerKey, NSString *_oAuthConsumerSecret, NSString *_oAuthToken, NSString *_oAuthTokenSecret)
{
NSString *_oAuthNonce = [NSString ab_GUID];
NSString *_oAuthTimestamp = [NSString stringWithFormat:@"%d", (int)[[NSDate date] timeIntervalSince1970]];
NSString *_oAuthSignatureMethod = @"HMAC-SHA1";
NSString *_oAuthVersion = @"1.0";
NSMutableDictionary *oAuthAuthorizationParameters = [NSMutableDictionary dictionary];
oAuthAuthorizationParameters[@"oauth_nonce"] = _oAuthNonce;
oAuthAuthorizationParameters[@"oauth_timestamp"] = _oAuthTimestamp;
oAuthAuthorizationParameters[@"oauth_signature_method"] = _oAuthSignatureMethod;
oAuthAuthorizationParameters[@"oauth_version"] = _oAuthVersion;
oAuthAuthorizationParameters[@"oauth_consumer_key"] = _oAuthConsumerKey;
if(_oAuthToken)
oAuthAuthorizationParameters[@"oauth_token"] = _oAuthToken;
// get query and body parameters
NSDictionary *additionalQueryParameters = [NSURL ab_parseURLQueryString:[url query]];
NSDictionary *additionalBodyParameters = nil;
if(body) {
NSString *string = [[[NSString alloc] initWithData:body encoding:NSUTF8StringEncoding] autorelease];
if(string) {
additionalBodyParameters = [NSURL ab_parseURLQueryString:string];
}
}
// combine all parameters
NSMutableDictionary *parameters = [[oAuthAuthorizationParameters mutableCopy] autorelease];
if(additionalQueryParameters) [parameters addEntriesFromDictionary:additionalQueryParameters];
if(additionalBodyParameters) [parameters addEntriesFromDictionary:additionalBodyParameters];
// -> UTF-8 -> RFC3986
NSMutableDictionary *encodedParameters = [NSMutableDictionary dictionary];
for(NSString *key in parameters) {
NSString *value = parameters[key];
encodedParameters[[key ab_RFC3986EncodedString]] = [value ab_RFC3986EncodedString];
}
NSArray *sortedKeys = [[encodedParameters allKeys] sortedArrayUsingFunction:SortParameter context:encodedParameters];
NSMutableArray *parameterArray = [NSMutableArray array];
for(NSString *key in sortedKeys) {
[parameterArray addObject:[NSString stringWithFormat:@"%@=%@", key, encodedParameters[key]]];
}
NSString *normalizedParameterString = [parameterArray componentsJoinedByString:@"&"];
NSString *normalizedURLString = [NSString stringWithFormat:@"%@://%@%@", [url scheme], [url host], [url path]];
NSString *signatureBaseString = [NSString stringWithFormat:@"%@&%@&%@",
[method ab_RFC3986EncodedString],
[normalizedURLString ab_RFC3986EncodedString],
[normalizedParameterString ab_RFC3986EncodedString]];
NSString *key = [NSString stringWithFormat:@"%@&%@",
[_oAuthConsumerSecret ab_RFC3986EncodedString],
(_oAuthTokenSecret) ? [_oAuthTokenSecret ab_RFC3986EncodedString] : @""];
NSData *signature = HMAC_SHA1(signatureBaseString, key);
NSString *base64Signature = [signature base64EncodedString];
NSMutableDictionary *authorizationHeaderDictionary = [[oAuthAuthorizationParameters mutableCopy] autorelease];
authorizationHeaderDictionary[@"oauth_signature"] = base64Signature;
NSMutableArray *authorizationHeaderItems = [NSMutableArray array];
for(NSString *key in authorizationHeaderDictionary) {
NSString *value = authorizationHeaderDictionary[key];
[authorizationHeaderItems addObject:[NSString stringWithFormat:@"%@=\"%@\"",
[key ab_RFC3986EncodedString],
[value ab_RFC3986EncodedString]]];
}
NSString *authorizationHeaderString = [authorizationHeaderItems componentsJoinedByString:@", "];
authorizationHeaderString = [NSString stringWithFormat:@"OAuth %@", authorizationHeaderString];
return authorizationHeaderString;
}
我传递给这个方法的参数是
url
:https ://api.twitter.com/oauth/request_token ,method
:POST,body
:nil,:oAuthConsumerToken
我的密钥,oAuthConsumerSecret
:我的秘密,oAuthToken
:nil,oAuthTokenSecret
:nil。
编辑我尝试了这个oauth 测试控制台来验证我是否正确生成了 oauth 签名,但看来我需要会员的令牌和秘密: