我希望从我的应用程序访问 SmugMug 的 API 以获取用户的相册和图像(用户已通过 ruby 的 OmniAuth 进行身份验证).
I'm looking to access SmugMug's API from my application to grab users' albums and images (the users have been authenticated via ruby's OmniAuth).
根据 SmugMug 的 OAuth API,OAuth 需要六个参数.
According to SmugMug's OAuth API, OAuth requires six parameters.
我可以使用 OmniAuth 获取令牌,并且时间戳应该很容易(Time.now.to_i 对吗?).有两件事我不知道如何生成——oauth_nonce 和 oauth_signature.
I can get the token with OmniAuth, and the timestamp should be easy (Time.now.to_i right?). There are two things that I don't know how to generate -- the oauth_nonce and the oauth_signature.
根据 oauth 文档,我通过时间戳生成随机数,但我到底要怎么做呢?是否需要一定的长度和限制在某些字符?
According to the oauth docs, I generate the nonce via the timestamp, but how exactly would I do that? Does it need to be a certain length and limited to certain characters?
当然还有签名.我将如何使用 ruby 生成 HMAC-SHA1 签名?我知道 oauth gem 可以做到,但我宁愿自己生成它以与 OmniAuth 一起使用.查看代码,我无法理解 oauth gem 如何生成 sig.
And of course the signature. How would I generate a HMAC-SHA1 sig with ruby? I know the oauth gem can do it, but I'd rather generate it myself to use with OmniAuth. Looking at the code, I'm having trouble deciphering how the oauth gem generates the sig.
def sign( key, base_string )
digest = OpenSSL::Digest::Digest.new( 'sha1' )
hmac = OpenSSL::HMAC.digest( digest, key, base_string )
Base64.encode64( hmac ).chomp.gsub( /
/, '' )
You don't have to generate the nonce from the timestamp, but it can make sense since the timestamp is obviously unique, so it makes a good starting input for any randomisation function.
I use this, (that I got from another question on here and modified)
def nonce
rand(10 ** 30).to_s.rjust(30,'0')
but you can use anything that generates a unique string.
请参阅 erikeldridge 在 github 上的这篇要点 和 OAuth 初学者指南 了解更多
See this gist by erikeldridge on github and Beginner’s Guide to OAuth for more
我发现在 Ruby 标准库中有更好的方法来生成随机字符串,SecureRandom.
I've since found there's a better way to generate random strings in the Ruby standard library, SecureRandom.
