Google 访问令牌请求：令牌/签名无效

发布于 2024-11-29 01:16:44 字数 2567 浏览 2 评论 0原文

三天来我一直在热衷于实施我自己的 Google oAuth 方法。继续遇到障碍。不确定是什么变量在影响这个问题。我需要新鲜的眼光和正确的建议。我希望谷歌在“无效令牌”之外能更具体。我可以使用没有令牌秘密的方式签署请求，但我仍然会收到相同的错误。所以我不确定我的签名是否仍然无效或者我是否有太多的请求。我不知道。这绝对令人沮丧。

这是我对我认为应该有效的代码的最新尝试：

我获取请求令牌数据，并将其存储在数据库中（解码），然后再重定向用户进行授权。

Token: 4/M1ZCp6Y115rBqxYz3v1Dq9bbTCrr
Secret: f39Fuyg6MwlW35w4UIKNDBag
Verifier: kZt189Tk7tTrTiodhhk_QOxX

我获取所有三个并将它们传递到我的方法中以获取访问令牌。我发现我对令牌进行了双重编码，这导致令牌无效。现在我又收到了通常的无效签名。我不太确定怎么做。

访问令牌方法：

public function oAuthGetAccessToken($authToken, $authTokenVerifier, $authTokenSecret)
    {
        $nonce = self::generateNonce();
        $time = time();
        $url = 'https://www.google.com/accounts/OAuthGetAccessToken';

    $authParams = array(
                    'oauth_consumer_key' => 'anonymous',
                    'oauth_token' => $authToken,
                    'oauth_verifier' => $authTokenVerifier,
                    'oauth_signature_method' => 'HMAC-SHA1',
                    'oauth_timestamp' => $time,
                    'oauth_nonce' => $nonce,
                    'oauth_version' => '1.0'
                );
    $baseString = self::getBaseString('GET', $url, $authParams);

    $key = self::urlencodeRFC3986('anonymous') . '&' . self::urlencodeRFC3986($authTokenSecret);

    $signature = self::hmacsha1($key, $baseString);

    $postParams = array(
                'oauth_version' => '1.0',
                'oauth_nonce' => $nonce,
                'oauth_timestamp' => $time,
                'oauth_consumer_key' => 'anonymous',
                'oauth_token' => $authToken,
                'oauth_verifier' => $authTokenVerifier,
                'oauth_signature_method' => 'HMAC-SHA1',
                'oauth_signature' => $signature
                );

    $authHeaderString = '';
    foreach($postParams as $key => $value)
    {
        $authHeaderString .= $key .'="' . self::urlencodeRFC3986($value) . '", ';
    }

    $authHeaderString = rtrim($authHeaderString, ', ');

    $headers = array('Authorization: OAuth ' . $authHeaderString);

    $rest = new Rest();
    echo $rest->OAuthHttpGetRequest($url, $headers);
}



Base String: GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetAccessToken&oauth_consumer_key%3Danonymous%26oauth_nonce%3Dc0c072fadcc9e9de98e00f7478cd0607%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1313087177%26oauth_token%3D4%252FM1ZCp6Y115rBqxYz3v1Dq9bbTCrr%26oauth_verifier%3DkZt189Tk7tTrTiodhhk_QOxX%26oauth_version%3D1.0

原文

Been pouring over Implementing my own Google oAuth methods for three days now. Keep hitting snags. Not sure what variables are at play with the problem anymore. I need fresh eyes and proper advice. I wish Google was more specific outside of 'Invalid Token'. I can sign the request with NO token secret and i'll still get the same error. So I'm not sure if my signature is still invalid or if I have mad too many requests. I have no idea. It's absolutely frustrating.

Here is my latest attempt with code that I think should work:

I get my request token data, and store it in a database (decoded) before redirecting the user to authorize.

Token: 4/M1ZCp6Y115rBqxYz3v1Dq9bbTCrr
Secret: f39Fuyg6MwlW35w4UIKNDBag
Verifier: kZt189Tk7tTrTiodhhk_QOxX

I take all three and pass them into my method to get an access token. I discovered that I was double encoding my token, which was causing the token to be invalid. Now I am getting the usual invalid signature again. I'm not really all that sure how.

Access token method:

public function oAuthGetAccessToken($authToken, $authTokenVerifier, $authTokenSecret)
    {
        $nonce = self::generateNonce();
        $time = time();
        $url = 'https://www.google.com/accounts/OAuthGetAccessToken';

    $authParams = array(
                    'oauth_consumer_key' => 'anonymous',
                    'oauth_token' => $authToken,
                    'oauth_verifier' => $authTokenVerifier,
                    'oauth_signature_method' => 'HMAC-SHA1',
                    'oauth_timestamp' => $time,
                    'oauth_nonce' => $nonce,
                    'oauth_version' => '1.0'
                );
    $baseString = self::getBaseString('GET', $url, $authParams);

    $key = self::urlencodeRFC3986('anonymous') . '&' . self::urlencodeRFC3986($authTokenSecret);

    $signature = self::hmacsha1($key, $baseString);

    $postParams = array(
                'oauth_version' => '1.0',
                'oauth_nonce' => $nonce,
                'oauth_timestamp' => $time,
                'oauth_consumer_key' => 'anonymous',
                'oauth_token' => $authToken,
                'oauth_verifier' => $authTokenVerifier,
                'oauth_signature_method' => 'HMAC-SHA1',
                'oauth_signature' => $signature
                );

    $authHeaderString = '';
    foreach($postParams as $key => $value)
    {
        $authHeaderString .= $key .'="' . self::urlencodeRFC3986($value) . '", ';
    }

    $authHeaderString = rtrim($authHeaderString, ', ');

    $headers = array('Authorization: OAuth ' . $authHeaderString);

    $rest = new Rest();
    echo $rest->OAuthHttpGetRequest($url, $headers);
}



Base String: GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetAccessToken&oauth_consumer_key%3Danonymous%26oauth_nonce%3Dc0c072fadcc9e9de98e00f7478cd0607%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1313087177%26oauth_token%3D4%252FM1ZCp6Y115rBqxYz3v1Dq9bbTCrr%26oauth_verifier%3DkZt189Tk7tTrTiodhhk_QOxX%26oauth_version%3D1.0

分享到QQ

分享到微博