douhua1760 2016-12-31 10:34
浏览 41

PHP oAuth签名无效 - Apple DEP

I am trying to get my auth_session_token from Apple's DEP system for a MDM Server I am working on with PHP. I am so close but for some reason keep getting the following response from Apple's server:

signature_invalidUnauthorized

I have tried a slue of different things from doing research online and trying different methods people have used regarding oAuth. But there sadly hasn't been anything specific regarding Apple's DEP servers oAuth.

A lot of people recommend using an oAuth class, but none of which support Apple's system. So it looks like it all needs to be done manually.

I have taken the approach of using cURL with my PHP code, this appears to work fine, minus the fact that I can't get the signature right.

Here is how I am trying to create the signature (and again I have tried a slue of different methods so this is my most recent attempt):

function rfc3986_encode($string) {
    $result = rawurlencode($string);
    $result = str_replace('%7E', '~', $result);
    $result = str_replace('=', '%3D', $result);
    $result = str_replace('+', '%2B', $result);

    return $result;
}

$consumer = "CK_REDACTED";
$secret = "CS_REDACTED";
$secret2 = "AS_REDACTED";
$token = "AT_REDACTED";
$sign_method = "HMAC-SHA1";
$version = "1.0";
$url = "REDACTED";
$path = "REDACTED";

$timestamp = strtotime('now');
$mt = microtime();
$rand = mt_rand();
$nonce = md5($mt.$rand);

$post = array(
    'oauth_consumer_key' => rfc3986_encode($consumer),
    'oauth_token' => rfc3986_encode($token),
    'oauth_signature_method' => rfc3986_encode($sign_method),
    'oauth_timestamp' => rfc3986_encode($timestamp),
    'oauth_nonce' => rfc3986_encode($nonce),
    'oauth_version' => rfc3986_encode($version)
);

$signatureParameters = array();
foreach ($post as $parameter => $value) {
    $signatureParameters[] = rfc3986_encode($parameter) . '=' . rfc3986_encode($value);
}

$signatureParameters = implode('&', $signatureParameters);

$baseString = "GET"
             ."&".rfc3986_encode($url)
             ."&".rfc3986_encode($signatureParameters);

$key = rfc3986_encode($consumer) ."&";

$signature = base64_encode(hash_hmac('sha1', $baseString, $key));
$RFC3986signature = rfc3986_encode($signature);

So $RFC3986signature is what I end up sending in the official request for the oauth_signature parameter, but it doesn't end up getting accepted.

Does anybody know how to solve this? I have tried signing with the different secrets and / or tokens from above as obtained from Apple when adding my server in the DEP Portal, tried using multiple codes / secrets separated by the & symbol, flipped them around, and so on...but same thing...

展开全部

  • 写回答

1条回答 默认 最新

  • dpsu84620 2016-12-31 19:33
    关注

    I was able to figure this out after long time testing and trying and restarting and frustration. Turns out in my signature, before generating it, I didn't have the parameters listed in alphabetical order, and thus the signature was a mismatch.

    So the key to this, when generating your signature, make absolutely sure your parameters are in alphabetical order!

    评论
编辑
预览

报告相同问题?

悬赏问题

  • ¥15 slopBed分析过程中 genomesize中染色体命名与样本的sample_FE.bdg中的染色体命名方式不一致如何解决
  • ¥15 llama.cpp项目中为什么超过上下文窗口就报错
  • ¥15 基于stc89c52单片机的延时小夜灯
  • ¥15 VQAV2现在都是怎么做evaluation的啊
  • ¥20 C#添加、更新MYSQL数据库问题
  • ¥15 ambari部署hadoop集群中的问题
  • ¥15 分析照片像素时,怎样剔除照片背景像素
  • ¥15 Cytoscape导入问题
  • ¥15 关于#lstm#的问题:我想利用一个地方的四组数据来预测第五组数据,如果想预测出另外一个地方(只有前四组数据)的第五组数据(相关搜索:预测模型)
  • ¥15 windows窗口外边框分区是什么?(qt应用)