文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >PHP signature_invalid

PHP signature_invalid
EN

Stack Overflow用户
提问于 2010-08-18 18:17:46
回答 1查看 6.5K关注 0票数 3

我不知道为什么这不管用.我真的觉得应该是。请帮帮忙。

下面是我遇到的错误:

base_string:GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetRequestToken&oauth_callback%3Dhttp%253A%252F%252Fnoveis.net%252Fauthsub%252Findex.php%26oauth_consumer_key%CONSUMER HERE%26oauth_nonce%3D3bafa031c03f6d1590f2539091245270%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1282159845%26oauth_version%3D1.0%26scope%3Dhttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Flatitude

signature_invalid

这是我的代码:

代码语言:javascript
复制
<?php

$consumer = ''; // Would be consumer key
$secret = ''; // Would be secret
$callback = ''; // Would be callback URL

$mt = microtime();
$rand = mt_rand();
$nonce = md5($mt . $rand);
$time = time();

$url = 'https://www.google.com/accounts/OAuthGetRequestToken';
$path = '/accounts/OAuthGetRequestToken';

$scope = 'https://www.googleapis.com/auth/latitude';

$post = array(
    'oauth_callback' => $callback,
    'oauth_consumer_key' => $consumer,
    'oauth_nonce' => $nonce,
    'oauth_signature_method' => 'HMAC-SHA1',
    'oauth_timestamp' => $time,
    'oauth_version' => '1.0'
);

$post_string = '';
foreach ($post as $key => $value) {
    $post_string .= $key . '=' . urlencode($value) . '&';
}
$post_string = rtrim($post_string, '&');

$key_parts = array($consumer, $secret);

$key_parts = array_map('urlencode', $key_parts);
$key = implode('&', $key_parts);

$base_string = 'GET&' . urlencode($scope) . '&' . $post_string;
$signature = base64_encode(hash_hmac('sha1', $base_string, $key, true));
$post['oauth_signature'] = $signature;
$header_string = '';
foreach ($post as $key => $value) {
    $header_string .= $key . '="' . urlencode($value) . '", ';
}
$header_string = trim($header_string);
$header_string = rtrim($header_string, ',');

$header[] = 'GET ' . $path . '?scope=' . urlencode($scope) . ' HTTP/1.1';
$header[] = 'Host: www.google.com';
$header[] = 'Accept: */*';
//$header[] = 'Content-Type: application/x-www-form-urlencoded';
$header[] = 'Authorization: OAuth ' . $header_string;
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_URL, $url . '?scope=' . $scope);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
curl_close($ch);
print_r($result);
?>
security
oauth
google-api
php
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2010-08-19 23:48:05

我自己解决了问题。我一行行地,一点一点地,我明白了。问题是,我是在做我的消费者&秘密签名,而这应该只是我的秘密,然后它应该在授权头与需要在签名中的区别。

这是我的代码,如果它对其他人有帮助的话:

代码语言:javascript
复制
$consumer = '';
$secret = '';
$callback = '';
$sign_method = 'HMAC-SHA1';
$version = '1.0';
$scope = 'https://www.googleapis.com/auth/latitude';

function urlencodeRFC3986($string)
{
   return str_replace('%7E', '~', rawurlencode($string));
}


$mt = microtime();
$rand = mt_rand();
$nonce = md5($mt.$rand);
$time = time();

$url = 'https://www.google.com/accounts/OAuthGetRequestToken';
$path = '/accounts/OAuthGetRequestToken';

$post = array(
    'oauth_callback' => urlencodeRFC3986($callback),
    'oauth_consumer_key' => $consumer,
    'oauth_nonce' => $nonce,
    'oauth_signature_method' => $sign_method,
    'oauth_timestamp' => $time,
    'oauth_version' => $version,
    'scope' => urlencodeRFC3986($scope)
);

$post_string = '';
foreach($post as $key => $value)
{
    $post_string .= $key.'='.($value).'&';
}
$post_string = rtrim($post_string, '&');

$key_parts = array($secret);

$key_parts = urlencodeRFC3986($secret);
//$key = implode('&', $key_parts);
$key = $key_parts.'&';
$base_string = 'GET&'.urlencodeRFC3986($url).'&'.urlencodeRFC3986($post_string);
$signature = base64_encode(hash_hmac('sha1', $base_string, $key, true));


$post = array(
    'oauth_version' => $version,
    'oauth_nonce' => $nonce,
    'oauth_timestamp' => $time,
    'oauth_consumer_key' => $consumer,
    'oauth_callback' => $callback,
    'oauth_signature_method' => $sign_method,
    'oauth_signature' => $signature
);        

$header_string = '';
foreach($post as $key => $value)
{
    $header_string .= $key.'="'.urlencodeRFC3986($value).'", ';
}

$header_string = trim($header_string);
$header_string = rtrim($header_string, ',');

$header[] = 'GET '.$path.'?scope='.urlencodeRFC3986($scope).' HTTP/1.1';
$header[] = 'Host: www.google.com';
$header[] = 'Accept: */*';
//$header[] = 'Content-Type: application/x-www-form-urlencoded';
$header[] = 'Authorization: OAuth '.$header_string;


$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_URL, $url.'?scope='.$scope);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
curl_close($ch);
print_r($result);
die();
?>
票数 6
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/3515284

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档