开发者

My OAuth request signature differs from my service provider's one

开发者 https://www.devze.com 2023-01-25 09:57 出处:网络
I\'m developing an app using OAuth1.0a for iPad. My problem is that I can\'t get the right signature for my request_token request.

I'm developing an app using OAuth1.0a for iPad.

My problem is that I can't get the right signature for my request_token request. The service I want to connect with has a debugging tool that allows to check the signature you should have depending on your OAuth parameters.

The result is :

  • i get the right signature base code

  • i get different signatures

According to my understanding of OAuth, this means开发者_如何学运维 that :

  • my signature algorithm is bugged (HMAC-SHA1) (but I get it from a 3rd-party : https://github.com/jdg/oauthconsumer/tree/master/Crytpo/)

  • the service provider is wrong

Is there any free tool, possibly online, that can build a signature from a signature base code and a key to check who's right and who's wrong ?

Thanks for your help


Why not just use all of OAuthConsumer rather than just the HMAC-SHA1 component? It's well used, well tested code that is used in a number of different apps. I'd say that OAuthConsumer is "known good."

It seems unlikely that your service provider would be wrong (unless you're the only customer).

This leaves how you're using the crypto code.

Common problems that I've seen with OAuth signatures:

  • Not sorting the parameters
  • Missing out seemingly unimportant parameters
  • Not separating the parameters from the base URL
  • Using the wrong HTTP method
  • Redirects or aliases. You connect to server.com but the remote side thinks of itself as api.server.com

One other thing you could do is use the same client code to connect another OAuth service, Twitter for example. If your code reliably produces the correct signature for Twitter then it's likely that it would do the right thing for any other service. This would (likely) mean that the problem was, as you suggest, with your service. I say "likely" as each OAuth implementation seems to have its own quirks.


This is unlikely to be the problem, but try using the iOS built in HMAC method to generate your SHA:

http://developer.apple.com/library/ios/#documentation/System/Conceptual/ManPages_iPhoneOS/man3/CCHmac.3cc.html

What's more likely is that your signature base string is actually wrong. Have you confirmed your base string is spec compliant? There's a good interactive tool you can use to check your request here:

http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/


I've figured out what my problem was, my consumer key contains special characters ('+' and '=') and with these characters, the signature from my provider and from the OAuth iOS framework are different.

I've tried to take a look at the RFC to try to decide who was right but couldn't make a decision. So i'm just gonna try to hack the OAuth code to make it work with my provider. I'll share the trick on this page once I've found it.

So just be aware that special characters encoding might be tricky, and if you have an opinion about how special characters should be encoded to sign your signature base, feel free to share.

0

精彩评论

暂无评论...
验证码 换一张
取 消