2 
public function garminAction(){
    $url  =   'http://connectapitest.garmin.com/oauth-service-1.0/oauth/request_token';
    $oauth_consumer_key =   'XXXXXXXXX';
    $consumerSecret = 'XXXXXXXXX';
    $oauth_signature_method =   'HMAC-SHA1';
    $oauth_timestamp    =   time();
    $oauth_nonce    =   md5(mt_rand());
    $oauth_version  =   "1.0";
    $sig_string = urlencode($consumerSecret) . '&' . urlencode($oauth_consumer_key);
    $base_string1 =
    "POST&" .urlencode($url) . "&" .
    urlencode(
       "oauth_consumer_key=". $oauth_consumer_key
      . "&oauth_nonce=" . $oauth_nonce
      . "&oauth_signature_method=" . $oauth_signature_method
      . "&oauth_timestamp=" .$oauth_timestamp
      . "&oauth_version=" . $oauth_version
            );


    $oauthSig = base64_encode(hash_hmac("sha1", $base_string1, $sig_string, true));
    echo $oauthSig;
    $base_string =

    urlencode(
        "oauth_consumer_key=" . $oauth_consumer_key
        . "&oauth_signature_method=" . $oauth_signature_method
        . "&oauth_signature=" . $oauthSig
        . "&oauth_timestamp=" . $oauth_timestamp
        ."&oauth_version=" . $oauth_version
        . "&oauth_nonce=" . $oauth_nonce

    );

     $auth_header = "OAuth "
    . 'oauth_signature="' . rawurlencode($oauthSig) . '", '
    . 'oauth_version="' . rawurlencode($oauth_version) . '", '
    . 'oauth_nonce="' . rawurlencode($oauth_nonce) . '", '
    . 'oauth_signature_method="' . rawurlencode($oauth_signature_method) . '", '
    . 'oauth_consumer_key="' . rawurlencode($oauth_consumer_key) . '", '
    . 'oauth_timestamp="' . rawurlencode($oauth_timestamp) .'"';
    $ch = curl_init($url);

     curl_setopt($ch, CURLOPT_HTTPHEADER, [
         'Authorization: ' . $auth_header,
         'Content-Type: text/html'
     ]);
    curl_setopt($ch, CURLOPT_URL,$url); 
    curl_setopt($ch, CURLOPT_POSTFIELDS, $base_string);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $response = curl_exec($ch);
    echo $error = curl_errno ($ch);
    $error = curl_error($ch);
    echo $response;
    curl_close($ch);
    exit;

}

它的响应是:HTTP Status 401 - Invalid signature for signature method HMAC-SHA1

您能帮忙解决生成签名的问题吗?

4

2 回答 2

2

基本签名字符串中的参数也必须进行编码。

请参阅第 3.4.1.3.2 节。OAuth RFC 中的“参数规范化”。

于 2017-02-15T15:21:38.650 回答
0

这是一个适合我的示例(经过大量试验和错误以及 Garmin 的帮助):

<?php
session_start();

$oauth_consumer_key = "XXXXXXXXX";
$oauth_consumer_secret = "XXXXXXXXX";
$oauth_signature_method = "HMAC-SHA1";
$oauth_token = "XXXXXXXXX"; 
$oauth_token_secret = "XXXXXXXXX";

$oauth_timestamp = time();
$oauth_version = "1.0";
$oauth_nonce = time();
$url = "https://connectapi.garmin.com/oauth-service/oauth/request_token";

$base_string = "POST&" . rawurlencode($url) ."&" .
    rawurlencode("oauth_consumer_key=$oauth_consumer_key"
        . "&oauth_nonce=$oauth_nonce"
        . "&oauth_signature_method=$oauth_signature_method"
        . "&oauth_timestamp=$oauth_timestamp"
        . "&oauth_version=$oauth_version");

$oauth_signature = hash_hmac("SHA1", $base_string, $oauth_consumer_secret . "&", false);
$oauth_signature = rawurlencode(base64_encode(pack('H*', $oauth_signature)));

$authorization_HTTP_header = "$url?oauth_consumer_key=". rawurlencode($oauth_consumer_key).
    "&oauth_signature_method=".$oauth_signature_method.
    "&oauth_timestamp=".$oauth_timestamp.
    "&oauth_nonce=". $oauth_nonce .
    "&oauth_version=1.0".
    "&oauth_signature=" . $oauth_signature;



$curl = curl_init();
curl_setopt_array($curl, array(
  CURLOPT_URL => $authorization_HTTP_header,
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",

));


$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

?>
于 2020-02-18T14:31:59.783 回答