我正在尝试使用普通 PHP 从具有 oAuth 1.0 授权的 API 获取一些数据。我的代码如下,API 不断响应代码 401:无效签名。据我所知,生成签名的方法符合文档和Stack Overflow中的示例,所以我不确定我做错了什么。我的随机数可能有问题吗?
const consumer_key = "20CECD28B41A458E9E328BB45C26EACB";
const consumer_secret = "F485B390C5854A69A8DA17554E689D03";
const token = "5F3C117598A14BE8B7136659AB2251C0";
const token_secret = "647E14C4F7EF4DA5AA119D5C60E95114";
function generateNonce($timestamp){
$TimeReduced = substr($timestamp, 0, -2);
$string = $TimeReduced;
$hash = hash('sha1', $string, false);
return $hash;
}
function generateSignature($request, $timestamp, $nonce){
$base = $request['method']."&".rawurlencode($request['url'])."&"
.rawurlencode("oauth_consumer_key=".rawurlencode(consumer_key)
."&oauth_nonce=".rawurlencode($nonce)
."&oauth_signature_method=".rawurlencode("HMAC-SHA1")
."&oauth_timestamp=". rawurlencode($timestamp)
."&oauth_token=".rawurlencode(token)
."&oauth_version=".rawurlencode("1.0"));
$key = rawurlencode(consumer_secret).'&'.rawurlencode(token_secret);
$signature = base64_encode(hash_hmac('SHA1', $base, $key, true));
return $signature;
}
$ch = curl_init();
$request = array();
$request['url'] = 'https://someniceapi.com';
$request['method'] = 'GET';
curl_setopt($ch, CURLOPT_URL, $request['url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $request['method']);
$timestamp = time();
$nonce = generateNonce($timestamp);
$signature = generateSignature($request, $timestamp, $nonce);
$headers = array();
$headers[] = 'Authorization: OAuth oauth_consumer_key="'.consumer_key.'",oauth_token="'.token.'",oauth_signature_method="HMAC-SHA1",oauth_signature='.$signature.'",oauth_timestamp="'.$timestamp.'",oauth_nonce="'.$nonce.'",oauth_version="1.0"';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
您需要以“小写十六进制”形式对哈希值进行 Base64 编码,而不是二进制形式。
$signature = base64_encode(hash_hmac('SHA1', $base, $key, true));
hash_hmac 将第四个参数设置为 true,为您提供二进制形式。
$signature = base64_encode(hash_hmac('SHA1', $base, $key));
正是您所需要的。