我通过tumblr请求令牌和授权获取oauth令牌和秘密,但获取访问令牌的最后一步是继续获取错误oauth_signature does not match expected value。
// the code which is used for getting the access tokens
private async Task<bool> GetAccessTokensAsync()
{
string accesTokenUrl = "https://www.tumblr.com/oauth/access_token";
string accesTokenUrl2 = "https://www.tumblr.com/oauth/access_token";
string nonce = GetNonce();
string timeStamp = GetTimeStamp();
string BaseParameters = "oauth_consumer_key=" + aouthKey;
BaseParameters += "&" + "oauth_nonce=" + nonce;
BaseParameters += "&" + "oauth_signature_method=HMAC-SHA1";
BaseParameters += "&" + "oauth_timestamp=" + timeStamp;
BaseParameters += "&" + "oauth_token=" +"oauth token got after authorization";
BaseParameters += "&" + "oauth_version=1.0";
String protocol = "GET&";
protocol += Uri.EscapeDataString(accesTokenUrl) + "&" + Uri.EscapeDataString(BaseParameters);
string signature = GetSignature(protocol, aouthSecret);
HttpStringContent httpContent = new HttpStringContent("oauth_verifier=" + Uri.EscapeDataString("oauth verifier got after authorization"), Windows.Storage.Streams.UnicodeEncoding.Utf8);
httpContent.Headers.ContentType = Windows.Web.Http.Headers.HttpMediaTypeHeaderValue.Parse("application/x-www-form-urlencoded");
string authparams = "oauth_consumer_key=\"" + aouthKey + "\", oauth_nonce=\"" + nonce + "\", oauth_signature_method=\"" + "HMAC-SHA1" + "\", oauth_signature=\"" + Uri.EscapeDataString(signature) + "\", oauth_timestamp=\"" + timeStamp + "\", oauth_token=\"" + Uri.EscapeDataString("oauth token got after authorization") + "\", oauth_version=\"1.0\"";
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new Windows.Web.Http.Headers.HttpCredentialsHeaderValue("OAuth", authparams);
HttpResponseMessage respMe = await client.PostAsync(new Uri(accesTokenUrl),httpContent);
string response = await respMe.Content.ReadAsStringAsync();
Debug.WriteLine("response is " + response);
}
// the consumer key, consumer secret and the callback url.
string aouthKey = "######";
string aouthSecret = "####";
string callbackURL = "https://localhost";
//function for getting the nonce
string GetNonce()
{
Random rand = new Random();
int nonce = rand.Next(1000000000);
return nonce.ToString();
}
//function for generating the timestamp
string GetTimeStamp()
{
TimeSpan SinceEpoch = DateTime.UtcNow - new DateTime(1970, 1, 1);
return Math.Round(SinceEpoch.TotalSeconds).ToString();
}
// function for generating the signature from microsofts examples.
string GetSignature(string sigBaseString, string consumerSecretKey)
{
IBuffer KeyMaterial = CryptographicBuffer.ConvertStringToBinary(consumerSecretKey + "&", BinaryStringEncoding.Utf8);
MacAlgorithmProvider HmacSha1Provider = MacAlgorithmProvider.OpenAlgorithm("HMAC_SHA1");
CryptographicKey MacKey = HmacSha1Provider.CreateKey(KeyMaterial);
IBuffer DataToBeSigned = CryptographicBuffer.ConvertStringToBinary(sigBaseString,BinaryStringEncoding.Utf8);
IBuffer SignatureBuffer = CryptographicEngine.Sign(MacKey, DataToBeSigned);
string Signature = CryptographicBuffer.EncodeToBase64String(SignatureBuffer);
return Signature;
}
现在我尝试使用POST,使用twitter协议获取SORTING。 https://dev.twitter.com/web/sign-in/implementing https://dev.twitter.com/oauth/overview/creating-signatures#note-sorting
我甚至尝试使用在第一次请求期间获得的令牌密钥和用于签署请求的使用者密钥。
我已经匹配了初始请求期间获得的令牌以及授权后获得的令牌,并且它们都是相同的。但有一件事是,# = 是授权后获得的aouth验证程序的一部分。我已经习惯了,没有它,它没有任何区别。
由于