Question

我无法解决为什么这不起作用......我真的认为它应该是。请帮忙。

这是我得到的错误：

signature_invalid base_string：GET＆amp; https％3A％2F％2Fwww.google.com％2Faccounts％2FOAuthGetRequestToken＆amp; oauth_callback％3Dhttp％253A％252F％252Fnoveis.net％252Fauthsub％252Findex.php％26oauth_consumer_key％CONSUMER KEY HERE％26oauth_nonce％ 3D3bafa031c03f6d1590f2539091245270％26oauth_signature_method％3DHMAC-SHA1％26oauth_timestamp％3D1282159845％26oauth_version％3D1.0％26scope％3Dhttps％253A％252F％252Fwww.googleapis.com％252Fauth％252Flatitude

这是我的代码：

<?php

$consumer = ''; // Would be consumer key
$secret = ''; // Would be secret
$callback = ''; // Would be callback URL

$mt = microtime();
$rand = mt_rand();
$nonce = md5($mt . $rand);
$time = time();

$url = 'https://www.google.com/accounts/OAuthGetRequestToken';
$path = '/accounts/OAuthGetRequestToken';

$scope = 'https://www.googleapis.com/auth/latitude';

$post = array(
    'oauth_callback' => $callback,
    'oauth_consumer_key' => $consumer,
    'oauth_nonce' => $nonce,
    'oauth_signature_method' => 'HMAC-SHA1',
    'oauth_timestamp' => $time,
    'oauth_version' => '1.0'
);

$post_string = '';
foreach ($post as $key => $value) {
    $post_string .= $key . '=' . urlencode($value) . '&';
}
$post_string = rtrim($post_string, '&');

$key_parts = array($consumer, $secret);

$key_parts = array_map('urlencode', $key_parts);
$key = implode('&', $key_parts);

$base_string = 'GET&' . urlencode($scope) . '&' . $post_string;
$signature = base64_encode(hash_hmac('sha1', $base_string, $key, true));
$post['oauth_signature'] = $signature;
$header_string = '';
foreach ($post as $key => $value) {
    $header_string .= $key . '="' . urlencode($value) . '", ';
}
$header_string = trim($header_string);
$header_string = rtrim($header_string, ',');

$header[] = 'GET ' . $path . '?scope=' . urlencode($scope) . ' HTTP/1.1';
$header[] = 'Host: www.google.com';
$header[] = 'Accept: */*';
//$header[] = 'Content-Type: application/x-www-form-urlencoded';
$header[] = 'Authorization: OAuth ' . $header_string;
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_URL, $url . '?scope=' . $scope);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
curl_close($ch);
print_r($result);
?>

Answer 1

好吧，我解决了自己的问题。我逐行完成了这一行，我得到了它。问题是我正在做我的消费者＆amp;签名的秘密，当它应该只是我的秘密，然后是授权标题中的差异与签名中需要的差异。

这是我的代码，如果它可以帮助其他人：

$consumer = '';
$secret = '';
$callback = '';
$sign_method = 'HMAC-SHA1';
$version = '1.0';
$scope = 'https://www.googleapis.com/auth/latitude';

function urlencodeRFC3986($string)
{
   return str_replace('%7E', '~', rawurlencode($string));
}


$mt = microtime();
$rand = mt_rand();
$nonce = md5($mt.$rand);
$time = time();

$url = 'https://www.google.com/accounts/OAuthGetRequestToken';
$path = '/accounts/OAuthGetRequestToken';

$post = array(
    'oauth_callback' => urlencodeRFC3986($callback),
    'oauth_consumer_key' => $consumer,
    'oauth_nonce' => $nonce,
    'oauth_signature_method' => $sign_method,
    'oauth_timestamp' => $time,
    'oauth_version' => $version,
    'scope' => urlencodeRFC3986($scope)
);

$post_string = '';
foreach($post as $key => $value)
{
    $post_string .= $key.'='.($value).'&';
}
$post_string = rtrim($post_string, '&');

$key_parts = array($secret);

$key_parts = urlencodeRFC3986($secret);
//$key = implode('&', $key_parts);
$key = $key_parts.'&';
$base_string = 'GET&'.urlencodeRFC3986($url).'&'.urlencodeRFC3986($post_string);
$signature = base64_encode(hash_hmac('sha1', $base_string, $key, true));


$post = array(
    'oauth_version' => $version,
    'oauth_nonce' => $nonce,
    'oauth_timestamp' => $time,
    'oauth_consumer_key' => $consumer,
    'oauth_callback' => $callback,
    'oauth_signature_method' => $sign_method,
    'oauth_signature' => $signature
);        

$header_string = '';
foreach($post as $key => $value)
{
    $header_string .= $key.'="'.urlencodeRFC3986($value).'", ';
}

$header_string = trim($header_string);
$header_string = rtrim($header_string, ',');

$header[] = 'GET '.$path.'?scope='.urlencodeRFC3986($scope).' HTTP/1.1';
$header[] = 'Host: www.google.com';
$header[] = 'Accept: */*';
//$header[] = 'Content-Type: application/x-www-form-urlencoded';
$header[] = 'Authorization: OAuth '.$header_string;


$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_URL, $url.'?scope='.$scope);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
curl_close($ch);
print_r($result);
die();
?>

PHP Oauth signature_invalid

1 个答案: