如何在 Android 中获取雅虎联系人
我想将雅虎集成到我的 Android 应用程序中以获取雅虎联系人。我使用了雅虎联系人 API,它打开一个 WebView 来登录。当我使用 ouath 程序和 ouath 签名方法 HMAC-SHA1 从 yahoo 导入联系人时。我遇到“签名无效”问题。
如果我使用签名方法“PLAINTEXT”,它在使用 yahoo 社交 API 期间的 oauth 身份验证期间工作正常,它会导致签名类型无效。对这个问题有什么想法吗?
我想要一些其他方式,通过它我不需要向用户显示 webview 并且身份验证在后台进行。登录后,我必须登录用户的联系人。有什么想法吗...???
================================================
以下是请求以及我得到的回复:
第一个请求:-
响应第一个请求:-
oauth_token=kkdhque&oauth_token_secret=43afb117c8880535d40d91ab6eb1cd9cf070b6bb&oauth_expires_in=3600&xoauth_request _auth_url=https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Frequest_auth%3Foauth_token%3Dkkdhque&oauth_callback_confirmed=true
第二个请求,用户在 webview 中输入用户名和密码。
https://api.login.yahoo.com/oauth/v2/request_auth ?oauth_token=k3qacet
第三个请求,用户在其中验证此应用程序可以在 webview 中使用我的电子邮件地址。
这会产生 oauth 验证器。
第四个请求,其中 webview 完成并且用户获取访问令牌或 (oauth_token)
回应第四个请求:-
oauth_token=A%3DhX_2we7E7jDnmFyp_8sBq2jECdy3Qq3joNFqb6S70DcHwqh81q19r3KFvSljXFrjVjk3gw8UOkMcvs7sYNd ZzbTDQhwYyPswES1HRhBv94wYFmCclOmXCL.XNOCgNQWkKbHha0puKPRnSY12tKASSPdmqYdynuw5c72sL6mb89Ord7hFmkn7mOq KeB5E0R.H1oM1vkxIc2_x3nhifZvHP1gHxG8rm3I2Qh4PsXl3sTeAOVp7xGjOVELdqjX4rxlvXwAHW8OHrZLniCiNNqtb9yhEDB GutFyos0gQikBZ3FQjS04Q0X6Vz53FwN58GWS6ok1IpppwYSaXVGxf6T3mtGZo90lNugbCAho5H9frYkV3dq9xM.LIiBdA3nPEJf ef3ZCciNSYHtk_0_k3jSChDIiDuKwx4wwaHUSygZq0cOSWGV6iWdnc9qitu7xLLzzO5YDFStmkZK2ks144RLVookPqsPOHew.zo vCCPup3oG3bOq4FKR9UAXaIfqtj6bMNauBpFiTmy8r9WIKJ5lKCJZux1oqCHECpSjhK98P2vTqVv08jU3.S15W6dPro9lwOVeMSt ACATvWE0wVumeOhg54.190zTvWxaCyNBSVKuKxlsOc8cDY6o_qhFtf.hiWLisVHKOpGkMhsdpECuaYACSDGkNO8iEEcGE5NAS1V HbuxWl6TW1pRQxBURDQWZiO.FPKAFQhz5gNjSbE14ygihPQVYYe_vJ0D.wdsOk4VY.aKovCe10vTl5N9t58ZhqJIH7pviYRuS8U- oauth_token_secret=50f8b0c3742c653270f4ab171e344a6cb525eca5&oauth_expires_in=3600 &oauth_session_handle=AGgtEE.0Q98PruZjCCh2K9YIlCw_faQSJbrMRUeMzledZ.Tgqrg-&oauth_authorization_expires_in=820695219&xoauth_yahoo_guid=NNZ4BOGR43W5RY6LMEXJVUZYUE
第五个请求(按顺序)获取我最终想要的用户的联系人列表。
<一href="http://social.yahooapis.com/v1/user/NNZ4BOGR43W5RY6LMEXJVUZYUE/profile?format=json&OAuth_realm=yahooapis.com&oauth_consumer_key=dj0yJmk9bmlsQzJxT Ehsd254JmQ9WVdrOU1rODBZbXBaTkhNbWNHbzlORGN6TmpNNE5EWXkmcz1jb25zdW1lcnNlY3JldCZ4PWE3&oauth_nonce=asf234hkldfkjjksdbfjkb&oauth_signature_method=HMAC-SHA1& oauth_timestamp=1326787922&oauth_token=A%3D3cDEMvjdhV1KBgctAVMkpK5rham6R WashDSWUpZZWcnCHhG9U5SKiPFRIFBqYWyIik8MI.ALFZMNc0tFbr55uYoHZKP_4BCKjmw99FvLlILhK vg7EqsUqxW4riEcnz0vFtHM07No_nt4KYKEYjuzuZVzOU8Ig14r8t97XfBksMUGuUvkkdKRyfnmcauz9 uCH.XA5s6OUzK5dSCUvrIgvnF6U7E.V8Dt0TRc_SAVn_wpm09qny5LrE5oGv1QL1c91PHztbr3IjXQct k4wGP8rOyCumfrs_IbV55.KvD18Ykw.oEUgFJRhjBxna5Dcn4YT1A0YziLkBmPayODSnh5i4QR_Y7rZK BxmKS06WTxO9xiJZVJi9a0eMWgHvkhT4G4inB7C8GakCSnq9NxXVO5jW.zJFJWMbzuxiNXvo4gKvCE03 hEtNPGPwvUK1RtZyMZgyBXzr26Lxpss8CMUL2qtdR6HFSLCTc5feltiLCfiez359Bzb6HIzz6XOwBlca La44qjBA5hBUYPvPj2NRyEAhHKJkKj2qzT_vm8pHX65nVGUtIq9765oP.yZMU75WewKcBtD1UdaOoYW9 ViKghJRajAy9AE9MHDe4M1VG0cRkO91vux77SbyNtm3y8NnUbCoTL9iL3ltFfABfg6xKW2c.IO4cQ0No wMjUqf.JqboY_ckjxUAXp9oP1tHkEZX1jb4GRv410chjR471ayKMZBjkgay.5XmN4Uq93C.h_hIa25wC BMKW9Zr1I512aZ3hyMePYHneHCz94c-&oauth_version=1.0&oauth_signature=e6797e 7744d52cf101fd9d4671514469429afe07&48ae3c65bf198592e4758005bb551c14e163fa61" rel="nofollow">http://social.yahooapis.com/v1/user/NNZ4BOGR43W5RY6LMEXJVUZYUE/profile?format=json&OAuth_realm=yahooapis.com&oauth_consumer_key=dj0yJmk9bm lsQzJxTEhsd254JmQ9WVdrOU1rODBZbXBaTkhNbWNHbzlORGN6TmpNNE5EWXkmcz1jb25zdW1lcnNly3 JldCZ4PWE3&oauth_nonce=asf234hkldfkjjksdbfjkb&oauth_signature_method=HMAC -SHA1&oauth_timestamp=1326787922&oauth_token=A%3D3cDEMvjdhV1KBgctAVMkpK5拉姆6RwashDSWUpZZWcnCHhG9U5SKiPFRIFBqYWyIik8MI.ALFZMNc0tFbr55uYoHZKP_4BCKjmw99FvL lILhKvg7EqsUqxW4riEcnz0vFtHM07No_nt4KYKEYjuzuZVzOU8Ig14r8t97XfBksMUGuUvkkdKRyfnmc auz9uCH.XA5s6OUzK5dSCUvrIgvnF6U7E.V8Dt0TRc_SAVn_wpm09qny5LrE5oGv1QL1c91PHztbr3IjX Qctk4wGP8rOyCumfrs_IbV55.KvD18Ykw.oEUgFJRhjBxna5Dcn4YT1A0YziLkBmPayODSnh5i4QR_Y7 rZKBxmKS06WTxO9xiJZVJi9a0eMWgHvkhT4G4inB7C8GakCSnq9NxXVO5jW.zJFJWMbzuxiNXvo4gKvCE 03hEtNPGPwvUK1RtZyMZgyBXzr26Lxpss8CMUL2qtdR6HFSLCTc5feltiLCfiez359Bzb6HIzz6XOwBlc aLa44qjBA5hBUYPvPj2NRyEAhHKJkKj2qzT_vm8pHX65nVGUtIq9765oP.yZMU75WewKcBtD1UdaOoYW9 ViKghJRajAy9AE9MHDe4M1VG0cRkO91vux77SbyNtm3y8NnUbCoTL9iL3ltFfABfg6xKW2c.IO4cQ0No wMjUqf.JqboY_ckjxUAXp9oP1tHkEZX1jb4GRv410chjR471ayKMZBjkgay.5XmN4Uq93C.h_hIa25wCB MKW9Zr1I512aZ3hyMePYHneHCz94c-&oauth_version=1.0&oauth_signature=e6797e77 44d52cf101fd9d4671514469429afe07&48ae3c65bf198592e4758005bb551c14e163fa61
第五个请求的响应
{ 错误: { lang: "en-US", 描述:“请提供有效的凭据。OAuth oauth_problem =“signature-invalid”,realm =“yahooapis.com”” } }
I want to integrate yahoo in my android application to get yahoo contacts. I used yahoo contacts API which opens a WebView to login. When i am importing contacts from yahoo using ouath procedure wtih ouath signature method HMAC-SHA1 . I got problem "Signature invalid."
If i use signature method "PLAINTEXT" its worked fine during oauth authentication by during using yahoo social API it results Signature type invalid. Any idea about this problem?
And I want some other way through which I dont need to show webview to user and authentication takes place in background. After login, I have to get logged in user's contacts. Any idea...???
==============================================
Here are the requests and responses that I got:
First Request:-
Response First Request:-
oauth_token=kkdhque&oauth_token_secret=43afb117c8880535d40d91ab6eb1cd9cf070b6bb&oauth_expires_in=3600&xoauth_request_auth_url=https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Frequest_auth%3Foauth_token%3Dkkdhque&oauth_callback_confirmed=true
Second Request in which user enter his user name and password in webview.
https://api.login.yahoo.com/oauth/v2/request_auth?oauth_token=k3qacet
Third request in which user authenticate that this application can use my email address in webview .
That results in oauth verifier.
Fourth reques in which webview is finished and user get access token or (oauth_token)
Response Fourth Request:-
oauth_token=A%3DhX_2we7E7jDnmFyp_8sBq2jECdy3Qq3joNFqb6S70DcHwqh81q19r3KFvSljXFrjVjk3gw8UOkMcvs7sYNdZzbTDQhwYyPswES1HRhBv94wYFmCclOmXCL.XNOCgNQWkKbHha0puKPRnSY12tKASSPdmqYdynuw5c72sL6mb89Ord7hFmkn7mOqKeB5E0R.H1oM1vkxIc2_x3nhifZvHP1gHxG8rm3I2Qh4PsXl3sTeAOVp7xGjOVELdqjX4rxlvXwAHW8OHrZLniCiNNqtb9yhEDBGutFyos0gQikBZ3FQjS04Q0X6Vz53FwN58GWS6ok1IpppwYSaXVGxf6T3mtGZo90lNugbCAho5H9frYkV3dq9xM.LIiBdA3nPEJfef3ZCciNSYHtk_0_k3jSChDIiDuKwx4wwaHUSygZq0cOSWGV6iWdnc9qitu7xLLzzO5YDFStmkZK2ks144RLVookPqsPOHew.zovCcPup3oG3bOq4FKR9UAXaIfqtj6bMNauBpFiTmy8r9WIKJ5lKCJZux1oqCHECpSjhK98P2vTqVv08jU3.S15W6dPro9lwOVeMStacATvWE0wVumeOhg54.190zTvWxaCyNBSVKuKxlsOc8cDY6o_qhFtf.hiWLisVHKOpGkMhsdpECuaYaCSDGkNO8iEEcGE5nAS1VHbuxWl6TW1pRQxBUrDQWZiO.FPKAFQhz5gNjSbE14ygihPQVYYe_vJ0D.wdsOk4VY.aKovCe10vTl5N9t58ZhqJIH7pviYRuS8U-
&oauth_token_secret=50f8b0c3742c653270f4ab171e344a6cb525eca5&oauth_expires_in=3600
&oauth_session_handle=AGgtEE.0Q98PruZjCCh2K9YIlCw_faQSJbrMRUeMzledZ.Tgqrg-&oauth_authorization_expires_in=820695219&xoauth_yahoo_guid=NNZ4BOGR43W5RY6LMEXJVUZYUE
Fifth request in order to get Contacts list of the users that i finaaly want ithis.
Response of Fifth request
{
error: {
lang: "en-US",
description: "Please provide valid credentials. OAuth oauth_problem="signature-invalid", realm="yahooapis.com""
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您收到“签名无效”的消息,则您的 OAuth 请求很可能未正确签名。 OAuth 1.0a及以下版本确实很让人头疼。 Alhamdulillaah 他们正在开发 AOuth2.0,它消除了很多迟缓的问题。
如果您不介意发布您的 OAuth 签名库、授权标头和请求,我可以详细帮助您。我见过人们最常犯的错误是他们使用非 GMT 时间戳,由于解析错误而使用返回令牌的子集(您可能不必担心这一点,因为雅虎令牌非常干净 [A-za-z0 -9]但不是每个人都这样 - 无论哪种方式,在登录过程的第一步中手动查看您的响应并确保您的代码正在解析整个标头),还要确保您发送所有 REST 的验证程序请求,是的其他时候,我见过人们的 HMCA 算法无法正常工作,或者他们忘记正确对其签名变量的 Base64 版本进行 URL 编码...还有什么...这就是我想到的全部。已经有一段时间了。
继续前进,您没有理由需要网络视图。发送和接收的信息只是 HTML 代码,因此您可以自己解析它或使用 290 万个 google 结果中的任何一个进行 html 解析器。您需要网络浏览器的唯一步骤是让用户登录其雅虎帐户,甚至该步骤也可以通过解析页面并获取来自动化[1] cb2_authenticity_token 或类似的,然后将其提交到 HTML [表单] 中的地址。它会将带有验证程序的页面发回给您,您也可以解析该验证程序,我已经通过 Twitter 成功完成了此操作。
无论如何,发布一些代码,我们可以进一步帮助您。
[1] 编辑注释,您必须拥有 yahoo L/P 才能自动执行此操作。
If you're getting Signature Invalid, your OAuth request is most likely incorrectly signed. OAuth 1.0a and below really is a headache. Alhamdulillaah they are working on AOuth2.0 which cleans up a lot of the retardedness.
If you don't mind posting your OAuth signature base, Authorization header and request, I can help you in detail. The most frequent errors I have seen people make are they use a non GMT timestamp, they use a subset of the returned token due to bad parsing (you probably wont have to worry about this since Yahoo tokens are pretty clean [A-za-z0-9] but not everyone is like that--either way, manually look at your response in the first step of the login process and ensure your code is parsing the entire header), also make sure you are sending in your verifier for all REST requests, yes the verifier you had to type to log in. Other times, I've seen people's HMCA algorithm not working properly, or they forget to properly URLencode the Base64 version of their signed variables... what else... tat's all that comes to mind. It's been a while.
Moving right along, there is no reason why you should require a webview. The information being sent and received is just HTML code so you can parse it yourself or use any of the 2.9mil google results for html parsers out there. The only step you need a web browser for is for the user to login into their Yahoo account, and even that step can be automated [1] by parsing the page and obtaining the cb2_authenticity_token or similar and then submitting that to the address in the HTML [form]. It will send you back the page with the verifier, which you can also parse out, and I have successfully done this with twitter.
Anyhow, post some code and we can help you further.
[1] Edit note, you would have to have the yahoo L/P for automating this though.