问题
Possible Duplicate:
Get contacts using Yahoo Contacts API
I am developing a sysyem to get Yahoo contacts from users. I have completed all steps from http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html and I already got access token and token secret.
I am having problem to sign using HMAC-SHA1 algorithm, I have followed the steps from http://developer.yahoo.com/oauth/guide/oauth-signing.html to generate signing key but when I request contacts from a given user I get the error:
<yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
xml:lang='en-US'>
<yahoo:description>Please provide valid credentials. OAuth oauth_problem="signature_invalid", realm="yahooapis.com"</yahoo:description>
</yahoo:error>
Here is my code responsible to generate signing key:
$s = 'oauth_consumer_key='.rawurlencode($yahoo_consumer_key).'&';
$s .= 'oauth_nonce='.rawurlencode(uniqid()).'&';
$s .= 'oauth_signature_method='.rawurlencode('HMAC-SHA1').'&';
$s .= 'oauth_timestamp='.rawurlencode(time()).'&';
$s .= 'oauth_token='.rawurlencode($ouathToken).'&';
$s .= 'oauth_version='.rawurlencode('1.0').'&';
$s .= 'realm='.rawurlencode('yahooapis.com');
$baseString ='GET&'.rawurlencode('http://social.yahooapis.com/v1/user/'.$guid.'/contacts').'&'.rawurlencode($s);
$signingKey = rawurlencode($yahoo_consumer_secret).'&'.rawurlencode($ouathTokenSecret);
$signature = urlencode(base64_encode(hash_hmac('sha1', $baseString, $signingKey, true)));
curl_setopt_array($ch, array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => TRUE,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_HTTPGET => true,
CURLOPT_POST => false,
CURLOPT_URL => 'http://social.yahooapis.com/v1/user/'.$guid.'/contacts'.
'?realm=yahooapis.com'.
'&oauth_consumer_key='.$yahoo_consumer_key.
'&oauth_nonce='.uniqid().
'&oauth_signature_method=HMAC-SHA1'.
'&oauth_timestamp='.time().
'&oauth_token='.$ouathToken.
'&oauth_version=1.0'.
'&oauth_signature='.$signature
));
$result = curl_exec($ch);
Anyone can help telling me where is the mistake? Have not I generated signing key correctly?
Thank you.
回答1:
Looks like you are using urlencode in some places instead of rawurlencode throughout which will use things like "+" instead of "%20" for a space. The Yahoo documentation (not so great for this area) shows the "normalized" Header/URL string using rawurlencode instead of urlencode. Other than the way you are encoding the request, it looks good.
*Edited: I had mixed up rawurlencode and urlencode. Rawurlencode uses RFC 3986 which is required by OAuth: http://oauth.net/core/1.0/#encoding_parameters
You are also double encoding $s! Don't do this - when creating $s don't use rawurlencode at all and than encode it when you build $baseString or URL Encode it at the top when you create $s but then DON'T encode it a second time in $baseString.
来源:https://stackoverflow.com/questions/14259389/oauth-hmac-sha1-authentication-to-get-contacts-from-yahoo-contacts-api