OAuth签名验证失败
我在设置具有两条腿身份验证的 oauth 提供程序时遇到一些问题。
我正在使用 oauth-plugin gem 和 oauth gem,除了我的“更新”请求之外,一切正常。签名验证过程不断失败。
这就是我正在做的事情:
在客户端中,我使用
oauth = OAuth::AccessToken.new(OAuth::Consumer.new(app_key, app_secret, :site => @api_endpoint))
oauth.get("http://localhost/api/v1/users/1")
oauth.post("http://localhost/api/v1/users", {:email => "[email protected]"})
oauth.put("http://localhost/api/v1/users", {:tags => ["some", "new", "tags"]})
oauth.delete("http://localhost/api/v1/users/1")
get、post 和 delete 都可以顺利通过身份验证,但更新失败。
在服务器端,我设置了我的 ClientApplication 类
def self.verify_request(request, options = {}, &block)
begin
signature = OAuth::Signature.build(request, options, &block)
return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
value = signature.verify
value
rescue OAuth::Signature::UnknownSignatureMethod => e
false
end
end
签名。验证在我的更新请求上失败并传递了其他 3 个请求。有人知道发生了什么事吗?
I'm having some problem setting up an oauth provider with two-legged authentication.
I'm using the oauth-plugin gem and the oauth gem, everything works fine except for my "update" requests. The signature verification process keeps failing.
Here is what I'm doing:
In the client, I'm using
oauth = OAuth::AccessToken.new(OAuth::Consumer.new(app_key, app_secret, :site => @api_endpoint))
oauth.get("http://localhost/api/v1/users/1")
oauth.post("http://localhost/api/v1/users", {:email => "[email protected]"})
oauth.put("http://localhost/api/v1/users", {:tags => ["some", "new", "tags"]})
oauth.delete("http://localhost/api/v1/users/1")
get, post and delete all go through authentication fine, but update fails.
On the server side, I have my ClientApplication class set up
def self.verify_request(request, options = {}, &block)
begin
signature = OAuth::Signature.build(request, options, &block)
return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
value = signature.verify
value
rescue OAuth::Signature::UnknownSignatureMethod => e
false
end
end
signature.verify fails on my update requests and passes on the other 3 requests. Anybody know what's happening?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
事实证明,问题在于通过主体传递参数。
我将参数移动到带有 Addressable/uri 的 url 中,这解决了问题。
就长度而言,它会有点限制,但现在还可以。
Turns out the problem is with passing the params through the body.
I moved the params into the url with Addressable/uri, and that fixed the problem.
It's gonna be a little limiting in terms of length, but ok for now.