本文介绍了OAuth 1.0将Consumer Secret转换为oauth_signature的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用我的MERN应用程序实现Twitter登录.在Twitter教程之后,我了解所有请求都应使用OAuth标头进行签名.如果我使用邮递员,则在授权选项卡中输入我的凭据(消费者密钥",消费者秘密"),该呼叫将起作用.事情是邮递员在发送呼叫之前将Consumer机密转换为和oauth_signature.现在,我想在Node.js中执行此工作流程.所有在线教程都使用复杂的护照策略,并使用了描述的请求模块.我知道要生成oauth_signature,必须先生成oauth_nonce,然后执行以下操作:百分比对将要签名的每个键和值进行编码.通过编码键[2]按字母顺序对参数列表[1]进行排序.对于每个键/值对:将编码的密钥附加到输出字符串.在输出字符串后附加'='字符.将编码后的值附加到输出字符串.如果还有更多的键/值对,请在输出字符串后附加一个'&'字符.

I am trying to implement Twitter login with my MERN application. Following twitter tutorials, i understand that all request should be signed with an OAuth headers. If i use postman, i enter my credentials (Consumer Key, Consumer Secret) in the authorization tab and the call works. The things is that postman transform the Consumer secret into and oauth_signature before sending the call. Now i want to do this workflow in Nodejs. All tutorials online use complicated passport strategies and the use of request module which is depricated. I understand that to generate oauth_signature one would have to generate an oauth_nonce and then do:Percent encode every key and value that will be signed.Sort the list of parameters alphabetically [1] by encoded key [2].For each key/value pair:Append the encoded key to the output string.Append the ‘=’ character to the output string.Append the encoded value to the output string.If there are more key/value pairs remaining, append a ‘&’ character to the output string.

我敢肯定,所有这一切都会重新发明轮子,并且很确定有一个模块可以执行此步骤,而无需所有护照和身份验证(这已经在我的应用程序中完成了),我只需要签署我的Twitter请求像邮递员一样.

I am sure doing all this would be reinventing the wheel and am pretty sure there is a module that does this step specifically without all the passport and authentication (which is already done in my app) i simply need to sign my twitter requests like Postman does nothing more.

我尝试了以下操作,但似乎仍在做错事

I tried the following but it seems am still doing something wrong

  var axios = require('axios');
  const jsSHA = require('jssha/sha1');
  //Am i using the right library??

      const callBackUL = 'https%3A%2F%2F127.0.0.1%3A3000%2Flogin';
      var oauth_timestamp = Math.round(new Date().getTime() / 1000.0);
      const nonceObj = new jsSHA('SHA-1', 'TEXT', { encoding: 'UTF8' });
      nonceObj.update(Math.round(new Date().getTime() / 1000.0));
      const oauth_nonce = nonceObj.getHash('HEX');
      const endpoint = 'https://api.twitter.com/oauth/request_token';
      const oauth_consumer_key = process.env.TWITTER_API_KEY;
      const oauth_consumer_secret = process.env.TWITTER_API_SECRET;

      var requiredParameters = {
        oauth_consumer_key,
        oauth_nonce,
        oauth_signature_method: 'HMAC-SHA1',
        oauth_timestamp,
        oauth_version: '1.0'
      };

      const sortString = requiredParameters => {
        var base_signature_string = 'POST&' + encodeURIComponent(endpoint) + '&';
        var requiredParameterKeys = Object.keys(requiredParameters);
        for (var i = 0; i < requiredParameterKeys.length; i++) {
          if (i == requiredParameterKeys.length - 1) {
            base_signature_string += encodeURIComponent(
              requiredParameterKeys[i] +
                '=' +
                requiredParameters[requiredParameterKeys[i]]
            );
          } else {
            base_signature_string += encodeURIComponent(
              requiredParameterKeys[i] +
                '=' +
                requiredParameters[requiredParameterKeys[i]] +
                '&'
            );
          }
        }
        return base_signature_string;
      };

      const sorted_string = sortString(requiredParameters);
      console.log('Sorted string:', sorted_string);

      const signing = (signature_string, consumer_secret) => {
        let hmac;
        if (
          typeof signature_string !== 'undefined' &&
          signature_string.length > 0
        ) {
          //console.log('String OK');
          if (
            typeof consumer_secret !== 'undefined' &&
            consumer_secret.length > 0
          ) {
            // console.log('Secret Ok');

            const secret = consumer_secret + '&';
            var shaObj = new jsSHA('SHA-1', 'TEXT', {
              hmacKey: { value: secret, format: 'TEXT' }
            });
            shaObj.update(signature_string);

            hmac = encodeURIComponent(shaObj.getHash('B64'));

            //var hmac_sha1 = encodeURIComponent(hmac);
          }
        }
        return hmac;
      };

      const signed = signing(sorted_string, oauth_consumer_secret);
      console.log(signed);

      var data = {};
      var config = {
        method: 'post',
        url: endpoint,
        headers: {
          Authorization: `OAuth oauth_consumer_key=${process.env.TWITTER_API_KEY},oauth_signature_method="HMAC-SHA1",oauth_timestamp=${oauth_timestamp},oauth_nonce=${oauth_nonce},oauth_version="1.0",oauth_callback=${callBackUL},oauth_consumer_secret=${signed}`,
          'Content-Type': 'application/json'
        },
        data: data
      };
      try {
        const response = await axios(config);
        console.log(JSON.stringify(response.data));
      } catch (err) {
        console.log(err.response.data);
      }

      next();
    });

推荐答案

已解决

var axios = require('axios');
  const jsSHA = require('jssha/sha1');

 const callBackUL = 'https%3A%2F%2F127.0.0.1%3A3000%2Flogin';
  var oauth_timestamp = Math.round(new Date().getTime() / 1000.0);
  const nonceObj = new jsSHA('SHA-1', 'TEXT', { encoding: 'UTF8' });
  nonceObj.update(Math.round(new Date().getTime() / 1000.0));
  const oauth_nonce = nonceObj.getHash('HEX');
  const endpoint = 'https://api.twitter.com/oauth/request_token';
  const oauth_consumer_key = process.env.TWITTER_API_KEY;
  const oauth_consumer_secret = process.env.TWITTER_API_SECRET;

  var requiredParameters = {
    oauth_callback: callBackUL,
    oauth_consumer_key,
    oauth_nonce,
    oauth_signature_method: 'HMAC-SHA1',
    oauth_timestamp,
    oauth_version: '1.0'
  };

  const sortString = requiredParameters => {
    var base_signature_string = 'POST&' + encodeURIComponent(endpoint) + '&';
    var requiredParameterKeys = Object.keys(requiredParameters);
    for (var i = 0; i < requiredParameterKeys.length; i++) {
      if (i == requiredParameterKeys.length - 1) {
        base_signature_string += encodeURIComponent(
          requiredParameterKeys[i] +
            '=' +
            requiredParameters[requiredParameterKeys[i]]
        );
      } else {
        base_signature_string += encodeURIComponent(
          requiredParameterKeys[i] +
            '=' +
            requiredParameters[requiredParameterKeys[i]] +
            '&'
        );
      }
    }
    return base_signature_string;
  };

  const sorted_string = sortString(requiredParameters);
  console.log('Sorted string:', sorted_string);

  const signing = (signature_string, consumer_secret) => {
    let hmac;
    if (
      typeof signature_string !== 'undefined' &&
      signature_string.length > 0
    ) {
      //console.log('String OK');
      if (
        typeof consumer_secret !== 'undefined' &&
        consumer_secret.length > 0
      ) {
        // console.log('Secret Ok');

        const secret = encodeURIComponent(consumer_secret) + '&';

        var shaObj = new jsSHA('SHA-1', 'TEXT', {
          hmacKey: { value: secret, format: 'TEXT' }
        });
        shaObj.update(signature_string);

        hmac = encodeURIComponent(shaObj.getHash('B64'));
      }
    }
    return hmac;
  };

  const signed = signing(sorted_string, oauth_consumer_secret);
  console.log(signed);

  var data = {};
  var config = {
    method: 'post',
    url: endpoint,
    headers: {
      Authorization: `OAuth oauth_consumer_key=${process.env.TWITTER_API_KEY},oauth_nonce=${oauth_nonce},oauth_signature=${signed},oauth_signature_method="HMAC-SHA1",oauth_timestamp=${oauth_timestamp},oauth_version="1.0",oauth_callback=${callBackUL}`,
      'Content-Type': 'application/json'
    },
    data: data
  };
  try {
    const response = await axios(config);
    console.log(JSON.stringify(response.data));
  } catch (err) {
    console.log(err.response.data);
  }

  next();

这篇关于OAuth 1.0将Consumer Secret转换为oauth_signature的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-22 13:57