我正在尝试在 android 上创建一个 flickr 应用程序,但在请求 token 的身份验证时卡住了。
生成签名
API key :-496a8ac6ca46325e6cef******
API secret :-685682a92***
基础字符串:-
GET&http%3A%2F%2Fwww.flickr.com%2Fservices%2Foauth%2Frequest_token&oauth_callback%3Dsoft%253A%252F%252Fcom.alice.testflickr%26oauth_consumer_key%3D496a8ac6ca46325e6cef%26oauth_nonce%3D39 4e61453f7b82cd633d229ac9b6454b%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1339654651 %26oauth_version%3D1.0
生成签名的方法:-
public String computeSignature(String baseString,String key)throws IllegalStateException, UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException{
//here key is the appsecret+"&"
byte[] byteHMAC = null;
Mac mac = Mac.getInstance("HmacSHA1");
SecretKeySpec spec = new SecretKeySpec(key.getBytes(),"HmacSHA1");
mac.init(spec);
byteHMAC = mac.doFinal(baseString.getBytes("UTF-8"));
return new String(Base64.encode(byteHMAC,Base64.NO_WRAP));
}
时间戳是 (System.currentTimeMillis)/1000
Nonce 是 Long.toString(System.nanoTime());
我请求这样的请求 token :-
http://www.flickr.com/services/oauth/request_token?oauth_nonce=12190496931948&oauth_timestamp=1339664498&oauth_consumer_key=496a8ac6ca46325e6cef&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=jg8CCdKb8gw%2BMJK0aJ6Brpba0G0%3D&oauth_callback=soft%3A%2F%2Fcom.alice.testflickr
但我总是得到
oauth_problem=signature_invalid&debug_sbs=GET&http%3A%2F%2Fwww.flickr.com%2Fservices%2Foauth%2Frequest_token&oauth_callback%3Dsoft%253A%252F%252Fcom.alice.testflickr%26oauth_consumer_key%3D496a8ac6ca46325e6cef%26oauth_nonce%3D12190496931948%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1339664498%26oauth_version%3D1.0
我生成签名的方式有问题还是这里有任何其他问题。 编辑:basestring 中timestamp 的值与请求相同
最佳答案
Flickr 文档说签名过程应该是这样的:
All API calls using an authentication token must be signed. In
addition, calls to the flickr.auth.* methods and redirections to the
auth page on flickr must also be signed.The process of signing is as follows.
Sort your argument list into alphabetical order based on the parameter name.
e.g.
foo=1, bar=2, baz=3 sorts to bar=2, baz=3, foo=1concatenate the shared secret and argument name-value pairs
e.g.
SECRETbar2baz3foo1calculate the md5() hash of this string
append this value to the argument list with the name api_sig, in hexidecimal string form
e.g.
api_sig=1f3870be274f6c49b3e31a0c6728957f
关于获取请求 token 时的 Android Flickr Oauth invalid_signature,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11030258/