facebook api 超过休息得到不正确的签名104

发布于 2024-08-29 01:23:22 字数 3107 浏览 6 评论 0原文

我正在尝试发送rest api Users.getLoggedInUser 我拥有所有秘密会话和所有身份验证 根据该网站: http://wiki.developers.facebook.com/index.php/Authorization_and_Authentication_for_Desktop_Applications 这是我的代码(cpp QT,但它可以是其他任何东西):

QString toAPISignature = 
                "api_key="
                +  API_KEY 
                + "call_id=" + strCallid 
                + "format=XML" 
                + "method=Users.getLoggedInUser"
                + "session_key="+ fbSessionKey  
                + "v=1.0"+m_fbSecretKey;

QByteArray hashedApiData= QCryptographicHash::hash(toAPISignature.toAscii(),
          QCryptographicHash::Md5);
QString APIMD5Signature(hashedApiData);


.....
.....
.....
// now set the api request
 QUrl api_url;
 api_url.setUrl(FB_REST_URL);
 api_url.addQueryItem("api_key",API_KEY);
 api_url.addQueryItem("session_key",fbSessionKey);
 api_url.addQueryItem("call_id",strCallid);
 api_url.addQueryItem("sig",APIMD5Signature);
 api_url.addQueryItem("format","XML");
 api_url.addQueryItem("method","Users.getLoggedInUser");
 api_url.addQueryItem("v","1.0");

then i init the request object :

QNetworkRequest request;
request.setHeader(QNetworkRequest::ContentTypeHeader,"application/x-www-form-urlencoded");
request.setRawHeader("User-Agent", "Facebook API Client 0.1");
request.setUrl(url);

do the get request :
QEventLoop loop;
QNetworkReply *reply = networkManager->get(request);
connect(reply, SIGNAL(finished()), &loop, SLOT(quit()));
loop.exec();
QByteArray data=reply->readAll();

这是我返回的 xml: 看看..为什么签名看起来像这样? 散列 MD5 看起来像一组数字吗?

<arg>
      <key>sig</key>
      <value>N{?¬???¬@?±B???????¶</value>
 </arg>

<?xml version="1.0" encoding="UTF-8"?>
<error_response xmlns="http://api.facebook.com/1.0/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd">
  <error_code>104</error_code>
  <error_msg>Incorrect signature</error_msg>
  <request_args list="true">
    <arg>
      <key>api_key</key>
      <value>bc5xxxxxxxxx57811</value>
    </arg>
    <arg>
      <key>session_key</key>
      <value>a99fdxxxxxxx5c2-100xxxxx455</value>
    </arg>
    <arg>
      <key>call_id</key>
      <value>1</value>
    </arg>
    <arg>
      <key>sig</key>
      <value>N{?¬???¬@?±B???????¶</value>
    </arg>
    <arg>
      <key>format</key>
      <value>XML</value>
    </arg>
    <arg>
      <key>method</key>
      <value>Users.getLoggedInUser</value>
    </arg>
    <arg>
      <key>v</key>
      <value>1.0</value>
    </arg>
  </request_args>
</error_response>

im trying to send rest api Users.getLoggedInUser
i have all the secret session and all the Authenticationi made
according to this site :
http://wiki.developers.facebook.com/index.php/Authorization_and_Authentication_for_Desktop_Applications
here is my code (cpp QT but it can be any thing else ) :

QString toAPISignature = 
                "api_key="
                +  API_KEY 
                + "call_id=" + strCallid 
                + "format=XML" 
                + "method=Users.getLoggedInUser"
                + "session_key="+ fbSessionKey  
                + "v=1.0"+m_fbSecretKey;

QByteArray hashedApiData= QCryptographicHash::hash(toAPISignature.toAscii(),
          QCryptographicHash::Md5);
QString APIMD5Signature(hashedApiData);


.....
.....
.....
// now set the api request
 QUrl api_url;
 api_url.setUrl(FB_REST_URL);
 api_url.addQueryItem("api_key",API_KEY);
 api_url.addQueryItem("session_key",fbSessionKey);
 api_url.addQueryItem("call_id",strCallid);
 api_url.addQueryItem("sig",APIMD5Signature);
 api_url.addQueryItem("format","XML");
 api_url.addQueryItem("method","Users.getLoggedInUser");
 api_url.addQueryItem("v","1.0");

then i init the request object :

QNetworkRequest request;
request.setHeader(QNetworkRequest::ContentTypeHeader,"application/x-www-form-urlencoded");
request.setRawHeader("User-Agent", "Facebook API Client 0.1");
request.setUrl(url);

do the get request :
QEventLoop loop;
QNetworkReply *reply = networkManager->get(request);
connect(reply, SIGNAL(finished()), &loop, SLOT(quit()));
loop.exec();
QByteArray data=reply->readAll();

and this is the xml im getting back:
look ..why the sig looks like this ?
does the hash MD5 suppose to look like set of numbers ?

<arg>
      <key>sig</key>
      <value>N{?¬???¬@?±B???????¶</value>
 </arg>

<?xml version="1.0" encoding="UTF-8"?>
<error_response xmlns="http://api.facebook.com/1.0/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd">
  <error_code>104</error_code>
  <error_msg>Incorrect signature</error_msg>
  <request_args list="true">
    <arg>
      <key>api_key</key>
      <value>bc5xxxxxxxxx57811</value>
    </arg>
    <arg>
      <key>session_key</key>
      <value>a99fdxxxxxxx5c2-100xxxxx455</value>
    </arg>
    <arg>
      <key>call_id</key>
      <value>1</value>
    </arg>
    <arg>
      <key>sig</key>
      <value>N{?¬???¬@?±B???????¶</value>
    </arg>
    <arg>
      <key>format</key>
      <value>XML</value>
    </arg>
    <arg>
      <key>method</key>
      <value>Users.getLoggedInUser</value>
    </arg>
    <arg>
      <key>v</key>
      <value>1.0</value>
    </arg>
  </request_args>
</error_response>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

明月松间行 2024-09-05 01:23:22

最大的问题是您需要将 hashedApiData QByteArray 转换为十六进制:

QString APIMD5Signature(hashedApiData.toHex());

这可能会为您完成,但您仍然可能会导致来回转换为字符串的问题,而您实际上不需要这样做。

以下是我如何处理创建 sig 并将帖子发布到 Facebook 的方法。 m_argMap 包含 POST 对(例如 <"format","XML">),但 POST 不需要但 sig 需要的密钥除外。 (我在那里使用 QVariant 是因为在 QMap 到达这里之前发生了一些预处理)。

QByteArray sigByteArray;
QByteArray postArgs;

// QMap is automatically sorted by keys
QMapIterator<QString, QVariant> i(m_argMap);
while (i.hasNext()) {
     i.next();
     sigByteArray.append(i.key() + "=" + i.value().toString() );
     postArgs.append(i.key() + "=" + i.value().toString() + "&");
}

sigByteArray.append(m_userInfo->getSecret());

QByteArray sig = QCryptographicHash::hash(sigByteArray,QCryptographicHash::Md5 );

postArgs.append("sig=");
postArgs.append(sig.toHex());

QByteArray exclude("&=");
QByteArray include;
postArgs = postArgs.toPercentEncoding(exclude,include,'%');

// qDebug() << postArgs;

QUrl url("http://api.facebook.com/restserver.php");

QNetworkRequest nr;
nr.setUrl(url);
nr.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");

m_reply = m_manager->post(nr,postArgs);

The big problem is that you need to convert the hashedApiData QByteArray to Hex:

QString APIMD5Signature(hashedApiData.toHex());

That may do it for you, but you can still cause problems converting back and forth to strings, which you really don't need to do.

Here's how I handle creating the sig and doing the post to facebook. The m_argMap contains the pairs for the POST (e.g. <"format","XML">) except for the secret which isn't needed for the POST but is needed for the sig. (I'm using a QVariant there due to some pre-processing that happens involving that QMap before it gets here).

QByteArray sigByteArray;
QByteArray postArgs;

// QMap is automatically sorted by keys
QMapIterator<QString, QVariant> i(m_argMap);
while (i.hasNext()) {
     i.next();
     sigByteArray.append(i.key() + "=" + i.value().toString() );
     postArgs.append(i.key() + "=" + i.value().toString() + "&");
}

sigByteArray.append(m_userInfo->getSecret());

QByteArray sig = QCryptographicHash::hash(sigByteArray,QCryptographicHash::Md5 );

postArgs.append("sig=");
postArgs.append(sig.toHex());

QByteArray exclude("&=");
QByteArray include;
postArgs = postArgs.toPercentEncoding(exclude,include,'%');

// qDebug() << postArgs;

QUrl url("http://api.facebook.com/restserver.php");

QNetworkRequest nr;
nr.setUrl(url);
nr.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");

m_reply = m_manager->post(nr,postArgs);
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文