oauth 签名无效 - Smugmug - PHP - cURL

Question

我收到 OAUTH 签名无效错误。有人可以检查我做错了什么。下面是我的 PHP 代码，我也浏览了很多文档和 auth 圣经网站，但下面的代码不起作用！请帮忙 ！！！出于安全原因，我删除了我的密钥和密钥。

================================================ ===============

   $host = "https://secure.smugmug.com/services/oauth/1.0a/getRequestToken?";
   $path            = ""; 
   $request_method  = "GET";
   $consumer_key    = "mykey";
   $consumer_secret = "mysecret";


   //collect the data (as an associative array)
   $oauth_data = array(
      'oauth_consumer_key'     => $consumer_key,
      'oauth_nonce'            => (string)mt_rand(), // a stronger nonce is recommended
      'oauth_signature_method' => 'HMAC-SHA1',
      'oauth_timestamp'        => time(),
      'oauth_callback'     => "http://mywebsite/callback",
      'oauth_version'          => '1.0'
   );


   $arr = array();

   //normalize the parameters - apply url encoding separately to each key/value pair
   foreach($oauth_data AS $key => $value)  {
      $encoded_key = rawurlencode($key);
      $encoded_val = rawurlencode($value);
      $arr[$encoded_key] = $encoded_val;
   }

   //normalize the parameters - sort the encoded data by key
   ksort($arr);

   //normalize the parameters - list the data members as string in <key>=<value> format and insert "&" between each pair
   // http_build_query automatically encodes, but our parameters are already encoded, 
   // so we urldecode to prevent double-encoding
   $querystring = urldecode(http_build_query($arr, '', '&'));

   //normalize the parameters - apply urlencoding to the resulting string
   $encoded_query_string = rawurlencode($querystring);


 $url = $host;

   // mash everything together for the text to hash
   $base_string = strtoupper($request_method). "&". rawurlencode($url).       "&". $encoded_query_string;


   $key = rawurlencode($consumer_secret)."&";

   // generate the hash
   $signature = rawurlencode(base64_encode(hash_hmac('sha1', $base_string, $key, true)));


   $url = $host . "&" . $querystring . "&oauth_signature=" . $signature;


    //  Initiate curl
  $ch = curl_init();

 // Disable SSL verification


  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);  
 // Will return the response, if false it print the response
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 // Set the url
curl_setopt($ch, CURLOPT_URL,$url);
  //curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type:  application/json')); 

   curl_setopt($ch, CURLOPT_HEADER, 1);

 curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json'));  

 $result=curl_exec($ch); 

 // Will dump a beauty json :3

 print_r($result);

 curl_close($ch); 

Answer 1

我不知道您是否仍然面临这个问题，但您可能想尝试不对 base64 签名进行编码。

改变这个：

// generate the hash
   $signature = rawurlencode(base64_encode(hash_hmac('sha1', $base_string, $key, true)));

到这里：

// generate the hash
   $signature = base64_encode(hash_hmac('sha1', $base_string, $key, true));

另外，您必须指定请求方法

// GET (should be your case, otherwise you are going to recieve a "Invalid Method" response)
curl_setopt($ch, CURLOPT_HTTPGET, true);
// POST
curl_setopt($ch, CURLOPT_POST, true);

确保它与您用于生成签名的方法相匹配。