1

我正在尝试使用学校 API 为我学校的学生构建一个应用程序,并且在尝试获取请求令牌时,我收到“OAuth 验证失败:签名验证失败”错误。我使用express来访问API,我的代码如下:

function getToken(key, secret){


    var token;
    var parameters = {
        Authorization: 'OAuth',
        realm: 'Schoology API',
        oauth_consumer_key: key,
        oauth_nonce: nonce(20),
        oauth_timestamp: Math.floor(Date.now()/1000),
        oauth_signature_method: 'HMAC-SHA1',
        oauth_version: '1.0',

    }
    function generateBaseString(httpMethod, url, parameters){
        var encodeURL = encodeURIComponent(url);

        var paramList = [];
        var paramString = '';
        console.log("Unencoded key: " + parameters['oauth_consumer_key']);
        console.log("Encoded key: " + encodeURIComponent(parameters['oauth_consumer_key']));
        for(var k in parameters) {
            console.log(k + ' Added to base string: ' + encodeURIComponent(k) + "=" + encodeURIComponent(parameters[k]));
            paramList.push(encodeURIComponent(k) + "=" + encodeURIComponent(parameters[k]));
        }
        paramString = encodeURIComponent(paramList.sort().join('&'));

        return httpMethod + '&' + encodeURL + '&' + paramString;
    }


    base_string = generateBaseString('GET', 'https://api.schoology.com/v1/oauth/request_token', parameters);
    oauth_string = secret + '&';

    var signature = (new Buffer(hmacsha1(oauth_string, base_string))).toString('base64');
    console.log("Signature is " + signature);
    console.log("Base string is " + base_string);
    console.log("Oauth string is " + oauth_string);
    var header = {
        Authorization: 'OAuth',
        realm: parameters.realm,
        oauth_consumer_key: parameters.oauth_consumer_key,
        oauth_nonce: parameters.oauth_nonce,
        oauth_signature_method: parameters.oauth_signature_method,
        oauth_timestamp: parameters.oauth_timestamp,
        oauth_version: parameters.oauth_version,
        oauth_signature: signature,
        oauth_callback: 'oob'
    }


    var options = {
        hostname: 'api.schoology.com',
        port: 443,
        path: '/v1/oauth/request_token',
        method: 'GET',
        header: header,
    }

    var url =   'https://api.schoology.com/v1/oauth/request_token?' + 
                'Authorization=OAuth' +
                'realm=' + parameters.realm +
                '&oauth_consumer_key=' + parameters.oauth_consumer_key + 
                '&oauth_nonce=' + parameters.oauth_nonce +
                '&oauth_signature_method=' + parameters.oauth_signature_method +
                '&oauth_timestamp=' + parameters.oauth_timestamp +
                '&oauth_version=' + parameters.oauth_version +
                '&oauth_signature=' + signature +
                '&oauth_callback=' + 'oob'
    ;
    console.log("URL: " + url);
    // return
    var req = https.request(url, (res) => {
        console.log('statusCode:', res.statusCode);
        console.log('headers:', res.headers);

        let data = '';
        res.on('data', (d) => {
            console.log("DATA");
            data += d;
        });

        res.on('end', () => {
            token = JSON.parse(data);
        });
    });

    req.on('error', (e => {
        console.error("Error: " + e.message);
    }));

    req.end();


    return token;
}

响应标头包含 401 错误。使用 POST 返回 405 错误。有任何想法吗?

4

1 回答 1

2

我刚刚宣誓与 Schoology 合作——你有几个选择:

  1. 由于请求是通过 HTTPS(安全)发送的,因此它们将接受具有更简单<consumer-secret>&<token-secret>签名的 PLAINTEXT 签名方法。

  2. 如果您想使用 HMAC 签名方法,您发送的参数看起来与它们用于baseString. 如果您检查使用 401 获得的响应正文,您可以查看他们的服务器用作基本字符串的内容并将其与您的进行比较。

我怀疑将授权作为 url 参数发送是否可行。您需要构建一个字符串作为“授权”标头发送,如下所示:

OAuth realm="Schoology API",oauth_consumer_key="(your consumer key)",oauth_token="",oauth_nonce="(some random string)",oauth_timestamp="1599876905",oauth_signature_method="PLAINTEXT",oauth_version="1.0",oauth_signature="(your consumer secret)%26"
于 2020-09-12T20:37:49.367 回答