使用 Yammer Api 时返回无效的 OAuth 签名
我正在尝试编写一个从 Yammer 提取数据的小型 Web 应用程序。我必须通过 Yammer 的 OAuth 桥来访问他们的数据。我尝试使用 Oauth php 库 并进行 3 次握手。但在最后一步,我收到一条错误消息,指出我的 OAuth 签名无效。
以下是一系列步骤:
第一部分涉及获取请求令牌 URL,这些是我传递的查询参数。
[oauth_version] =>; 1.0 [oauth_nonce] => 4e495b6a5864f5a0a51fecbca9bf3c4b [oauth_timestamp] => 1256105827 [oauth_consumer_key] =>我的消费者密钥 [oauth_signature_method] => HMAC-SHA1 [oauth_signature] => FML2eacPNH6HIGxJXnhwQUHPeOY=完成此步骤后,我将获得请求令牌,如下所示:
[oauth_token] =>; 6aMcbRK5wMqHgZQsdfsd [oauth_token_secret] => ro8AJxZ67sUDoiOTk8sl4V3js0uyof1uPJVB14asdfs [oauth_callback_confirmed] => true
然后,我尝试通过将参数传递到授权 url 来授权给定的令牌和令牌机密。它会将我带到 Yammer 的身份验证页面,在该页面中我允许我的应用程序与 Yammer 进行对话。
然后,Yammer 为我提供了一个 4 位数的代码,我必须将其放回到我的应用程序中,然后该应用程序会尝试获取永久访问令牌。我将以下信息传递到访问令牌 URL:
[oauth_version] =>; 1.0 [oauth_nonce] => 52b22495ecd9eba277c1ce6b97b00fdc [oauth_timestamp] => 1256106815 [oauth_consumer_key] =>我的消费者密钥 [callback_token] =>; 61A7 [oauth_token] => 6aMcbRK5wMqHgZQsdfsd [oauth_token_secret] => ro8AJxZ67sUDoiOTk8sl4V3js0uyof1uPJVB14asdfs [oauth_callback_confirmed] =>真的 [oauth_signature_method] => HMAC-SHA1 [oauth_signature] => V9YcMDq2rP7OiZTK1k5kb/otMzA=这里我应该接收 Oauth 永久访问令牌,但我得到的是无效的 Oauth 签名。我不知道我做错了什么。我使用相同的签名来签署请求。我应该使用新的令牌和密钥签署请求吗?我也尝试过,但没有成功。我什至尝试使用 signpost 库 在 java 中实现此功能,但陷入了完全相同的困境地方。帮助帮助!!
I am trying to write a small webapp that pulls data from Yammer. I have to go through Yammer's OAuth bridge to access their data. I tried using the Oauth php library and do the 3 way handshake. But at the last step, I get an error stating I have an invalid OAuth Signature.
Here are the series of steps:
The first part involves getting the request Token URL and these are the query parameters that I pass.
[oauth_version] => 1.0 [oauth_nonce] => 4e495b6a5864f5a0a51fecbca9bf3c4b [oauth_timestamp] => 1256105827 [oauth_consumer_key] => my_consumer_key [oauth_signature_method] => HMAC-SHA1 [oauth_signature] => FML2eacPNH6HIGxJXnhwQUHPeOY=Once this step is complete, I get the request Token as follows:
[oauth_token] => 6aMcbRK5wMqHgZQsdfsd
[oauth_token_secret] => ro8AJxZ67sUDoiOTk8sl4V3js0uyof1uPJVB14asdfs
[oauth_callback_confirmed] => trueI then try to authorize the given token and token secret by passing the parameters to the authorize url.It takes me to Yammer's authentication page where I have allow my app to talk to Yammer.
Yammer then gives me a 4 digit code that I have to put back into my application which then tries to acquire the permanent access token. I pass the following information to the access token URL:
[oauth_version] => 1.0 [oauth_nonce] => 52b22495ecd9eba277c1ce6b97b00fdc [oauth_timestamp] => 1256106815 [oauth_consumer_key] => myconsumerkey [callback_token] => 61A7 [oauth_token] => 6aMcbRK5wMqHgZQsdfsd [oauth_token_secret] => ro8AJxZ67sUDoiOTk8sl4V3js0uyof1uPJVB14asdfs [oauth_callback_confirmed] => true [oauth_signature_method] => HMAC-SHA1 [oauth_signature] => V9YcMDq2rP7OiZTK1k5kb/otMzA=Here I am supposed to receive the Oauth Permanent access token, but instead I get a Invalid Oauth signature. I dont know what I am doing wrong. I use the same signaures to sign the request. Should I sign the request using the new token and secret? I tried that as well but to no avail. I even tried implementing this in java using signpost library and got stuck at the exact same place. Help Help!!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
callback_token是 Yammer 在今年早些时候为响应 OAuth 安全建议而引入的东西。当 OAuth 1.0a 发布时,它被命名为oauth_verifier。然而,Yammer 仍然支持他们的解决方法,但可能会重命名并再次尝试确定。另外,以下是昨天来自Yammer开发网的信息:
我假设 Yammer OAuth 库可能需要根据此更改进行更新。我还没看呢。
编辑:我的python-yammer-oauth库仍然有效尽管 Yammer 改变了他们这边的事情。
编辑2:您可以尝试使用签名方法
PLAINTEXT而不是HMAC-SHA1吗?我在使用 Yammer 和 HMAC-SHA1 时遇到了问题。The
callback_tokenwas something Yammer introduced in response to an OAuth security advisory earlier this year. When OAuth 1.0a was released, it was instead namedoauth_verifier. However, it's not unlikely that Yammer still supports their workaround but rename it and try again to be sure.Also, the below is information from the Yammer Development Network yesterday:
I'm assuming that Yammer OAuth libraries might need to be updated per this change. I haven't taken a look at it yet.
Edit: My python-yammer-oauth library still works despite Yammer having changed things on their side.
Edit2: Could you try using signature method
PLAINTEXTinstead ofHMAC-SHA1? I've had problems with Yammer and HMAC-SHA1.我尝试使用 PLAINTEXT.. 但对于这种方法,即使请求令牌,它也会给我相同的“无效的 OAuth 签名”错误。
那么是否可以生成我们使用 HMAC-SHA1 的访问令牌并访问实际的 API 方法,即发布消息......我们使用 PLAINTEXT?
I tried by using PLAINTEXT.. but for this method its giving me the same "Invalid OAuth signature" error even for requesting the token.
So is it possible to generate the access token we use HMAC-SHA1 and for accessing the actual API method i.e. for posting the message.. we use PLAINTEXT?
刚刚发现问题!
我忘记在 CONSUMER_SECRET 末尾添加一个与号(“&”)。或许这也是你的问题?
just found the problem!
I had forgotten to add an ampersand ("&") at the end of CONSUMER_SECRET. Perhaps this is your issue as well?