个人中心
gpt4 book ai didi

java - http OAuth 请求

转载 作者:可可西里 更新时间:2023-11-01 17:12:23 26 4
gpt4 key购买 nike

我是网络编程的新手。我正在尝试在 Dropbox 上发出基于 OAuth 1.0 的 POST 请求。以下是我用来发出帖子请求的代码。我应该这样做吗?

HttpPost httpPost;
            Log.d("HTTP","Exec");
            httpPost = new HttpPost("https://api.dropbox.com/1/shares/dropbox/a.jpg");
            Log.d("HTTP","Execute");

            try {
                List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(9);
                nameValuePairs.add(new BasicNameValuePair("oauth_consumer_key", "2f2y1dyuqhp58ek"));
                nameValuePairs.add(new BasicNameValuePair("oauth_token", token));
                nameValuePairs.add(new BasicNameValuePair("oauth_nonce", String.valueOf(millis)));
                nameValuePairs.add(new BasicNameValuePair("oauth_timestamp", String.valueOf(millis)));
                nameValuePairs.add(new BasicNameValuePair("oauth_signature_method", "HMAC-SHA1"));
                nameValuePairs.add(new BasicNameValuePair("oauth_version", "1.0"));
                nameValuePairs.add(new BasicNameValuePair("oauth_signature", sw));//this is url encoded
                //nameValuePairs.add(new BasicNameValuePair("path", "/a.jpg"));
                //nameValuePairs.add(new BasicNameValuePair("root", "dropbox"));
                httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

                Log.d("HTTP","requesting");
                HttpResponse response = httpclient.execute(httpPost);

                HttpEntity entity = response.getEntity();
                InputStream is = entity.getContent();
            String result;
                BufferedReader reader = new BufferedReader(new InputStreamReader(is));
                 StringBuilder sb = new StringBuilder();
                 String line = null;
                 line = reader.readLine();
                 sb.append(line); 
                 result = sb.toString();
                 is.close();

                //String s=response.getEntity().getContent().;
                Log.d("resp", result);
                //tv.setText(response.toString());

            } catch (ClientProtocolException e) {
            } catch (IOException e) {
            }

签名基础字符串为:

POST&https%3A%2F%2Fapi.dropbox.com%2F1%2Fshares%2Fdropbox%2Fa.jpg&oauth_consumer_key%3D2f2y1dyuqhp58ek%26oauth_nonce%3D1340729641%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340729641%26oauth_token%3Dwz27t6thob0fbxl%26oauth_version%3D1.0

T任何线索可能是什么问题?我得到的响应是 logCat 中显示的“无效签名基本字符串”。

日志:

06-26 22:30:46.125: I/System.out(364): debugger has settled (1322)
06-26 22:30:49.203: I/ActivityManager(66): Displayed activity cloud.mobile/.MCActivity: 9393 ms (total 9393 ms)
06-26 22:30:49.243: W/ActivityManager(66): Launch timeout has expired, giving up wake lock!
06-26 22:30:57.124: D/HTTP(364): wz27t6thob0fbxl
06-26 22:30:59.197: D/HTTP(364): Exe
06-26 22:30:59.886: D/HTTP(364): 1340730059
06-26 22:31:00.824: D/HTTP(364): POST&https%3A%2F%2Fapi.dropbox.com%2F1%2Fshares%2Fdropbox%2Fa.jpg&oauth_consumer_key%3D2f2y1dyuqhp58ek%26oauth_nonce%3D1340730059%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340730059%26oauth_token%3Dwz27t6thob0fbxl%26oauth_version%3D1.0
06-26 22:31:00.824: D/HTTP(364): xLNJrQ5R9jxDTnZcpQ3HLkLBxxQ=
06-26 22:31:00.973: D/HTTP(364): Exe
06-26 22:31:00.983: D/HTTP(364): Exec
06-26 22:31:01.023: D/HTTP(364): Execute
06-26 22:31:01.664: D/HTTP(364): requesting
06-26 22:31:12.243: D/dalvikvm(364): GC_FOR_MALLOC freed 5195 objects / 296968 bytes in 185ms
06-26 22:31:25.063: I/global(364): Default buffer size used in BufferedReader constructor. It would be better to be explicit if an 8k-char buffer is required.
06-26 22:31:28.545: D/resp(364): {"error": "Invalid signature. Expected signature base string: POST&https%3A%2F%2Fapi.dropbox.com%2F1%2Fshares%2Fdropbox%2Fa.jpg&oauth_consumer_key%3D2f2y1dyuqhp58ek%26oauth_nonce%3D1340730059%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340730059%26oauth_token%3Dwz27t6thob0fbxl%26oauth_version%3D1.0"}

好吧,这个“预期的签名基本字符串(如上所示)”与我使用 HMAC-SHAH 生成并转换为 oauth_signature 的字符串完全相同。我错过了什么吗?

最佳答案

您计算 oauth_signature 值的方式可能有问题。因为你没有提供代码,所以我会在黑暗中试一试:

作为 Dropbox forums 中的某个人已经指出

Getting the OAuth signature stuff exactly right is always a huge pain. You should try hard to make sure the base string your library generates is just like the one the server is expecting. Once that's true, the only way you can screw up is to hmac with the wrong key(s).

问题可能是您将 HMAC-SHA1 指定为签名方法,但没有使用它正确地签署基本字符串。

OAuth Specification命名了三种不同的签名基本字符串的方法。使用 HMAC-SHA1 时您必须使用基本字符串和连接值作为输入参数来调用该方法。您可以在 Java 中找到使用此方法的示例实现 here .

由于 Dropbox 使用 SSL only API您也可以退回到使用方法 PLAINTEXT并直接提交Base String。

此外,您对 oauth_timestampoauth_nonce 使用相同的时间戳输入,即 not recommended , oauth_nonce 应该始终是唯一的。有关问题的更详细说明和使用全局计数器解决问题,请阅读 this article .

关于java - http OAuth 请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11212494/

26 4 0
文章推荐: http - 带有 WGET 的 NodeJS 文件下载器?
文章推荐: c++ - 如何使用 gtest 测试具有多个模板参数的 C++ 模板类?
文章推荐: c++ - 不理解 C++ 类型不匹配 : const Foo* to Foo* const&
文章推荐: c++ - 范围守卫/范围退出惯用语会标准化吗?
可可西里
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com