doudeng3008 2014-12-03 10:30
浏览 137
已采纳

PHP Oauth 1.0提供程序,签名不匹配

I am trying to setup an Oauth server using the pecl-php oauth library http://php.net/manual/en/book.oauth.php

This code assumes that the client has already received a user verified access token, for simplicity sake I've not included any database calls and have hardcoded matching values into my client and provider.

Class OauthVerify
{
   private static $consumer_secret = 'f63ed7f7a8899e59d3848085c9668a0d';
   private static $token_secret = '72814e6059441037152eecef2e8559a748b84259';
   private $provider;

   public function __construct()
{
    $this->provider = new OAuthProvider();
    $this->provider->consumerHandler(array($this,'consumerHandler'));
    $this->provider->timestampNonceHandler(array($this,'timestampNonceHandler'));
    $this->provider->tokenHandler(array($this,'checkAccessToken'));

} 

  //Check the client request

   public function checkRequest()
{
    try {
        $this->provider->checkOAuthRequest();
    } catch (Exception $Exception) {
        return OAuthProvider::reportProblem($Exception);

    }
    return true;
}


   public static function timestampNonceHandler($Provider)
{
     //I'm leaving out this logic now, to keep it simple and for testing purposes
     return OAUTH_OK;
}

  public static function consumerHandler($Provider)
{
    //I'm leaving out this logic now, to keep it simple and for testing purposes

    $Provider->consumer_secret = self::$consumer_secret;
    return OAUTH_OK;
}

  public static function checkAccessToken($Provider)
{
    $Provider->token_secret = self::$token_secret;
    return OAUTH_OK;
}
}

The above code should give me the barebones I need to authenticate an Oauth request. Before any particular route is executed I call the $OauthVerify->checkRequest() method which checks if the client request is valid, however the server keeps throwing a 'signatures do not match' error. I don't think that the problem is with the clients as I've tried both postman (for chrome) and a PHP implementation and they both generate the same signature. I have however for interest sake included my client call.

$consumer_key = '87d6d61e87f0e30d8747810ae40041d1';
$consumer_secret = 'f63ed7f7a8899e59d3848085c9668a0d';
$token= 'b9d55b3ec4b755d3fe25d7a781da1dfd044b5155';
$token_secret = '72814e6059441037152eecef2e8559a748b84259';
$timestamp = '1417515075';
$nonce = '9QV4rn';
$version = '1.0';

$method = 'GET';
$url = 'https://localhost/micro/v1/nappi';

try {
     $oauth = new OAuth($consumer_key, $consumer_secret, OAUTH_SIG_METHOD_HMACSHA1,       OAUTH_AUTH_TYPE_URI);
     $oauth->enableDebug();
     $oauth->disableSSLChecks();
     $oauth->setNonce($nonce);
     $oauth->setTimestamp($timestamp);
     $oauth->setToken($token, $token_secret);
     $oauth->setVersion($version);
     $oauth->fetch("$url");
     $json = json_decode($oauth->getLastResponse());
     print_r($json);
 }
    catch(OAuthException $E) {
        print_r($E);
 }

I've burned a good couple of hours trying to figure this out, someone please help!

  • 写回答

1条回答 默认 最新

  • duanbinren8906 2014-12-05 09:52
    关注

    I finally managed to solve it, my .htaccess file had a rewrite rule that was processing a _url parameter for my framework. This parameter was ofcourse being included in the signature that the server generated. I simply instructed OAuth Provider to ignore the the _url parameter in my constructor: $this->provider->setParam('_url',NULL);, that was all it took, everything runs perfectly now.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计