问题描述

我正在使用 (OpenId+OAuth) 混合协议.

I am using (OpenId+OAuth) hybrid protocol.

在我使用所有 openid 和 oauth 扩展参数将用户重定向到https://www.google.com/accounts/o8/ud"后，用户能够看到我需要访问的登录屏幕和服务.成功登录后，我收到如下回复:

After I redirect user to "https://www.google.com/accounts/o8/ud" with all openid and oauth extension parameters, user is able to see login screen and services I need to access. On successfull login I receive response as following:

http://muUrl.com/...&openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0&openid.ext2.scope=http://docs.google.com/feeds/&openid.ext2.request_token=4/8GCHDIvtxhbg8gVkfYro7QIFakoB

我知道用户已正确登录并且粗体文本是授权令牌.然后我调用获取具有所有参数的访问令牌除了 oauth_verifier，因为这在混合模式下不可用.我使用 HMAC-SHA1 对基本字符串进行签名，密钥为consumersecret&"(token secret 暂不可用)

I understand user is properly logged in and text in bold is authorized token. Then I make call for obtaining access token with all parameters except oauth_verifier as that is not available in hybrid mode. I sign base string using HMAC-SHA1 with key as "consumersecret&" (token secret is yet not available)

我收到 400 个签名无效的错误请求.非常感谢您为解决此问题提供任何帮助或建议.

I get 400 bad request with signature invalid. Any help or suggestion is highly appreciated to resolve this issue.

推荐答案

请参阅 Bob 和我的评论.如果您面临与我相同的问题，则 % 转义可能是一个问题.混合模式下确实不需要oauth_verifier.

pls see Bob and my comments.% escaping can be an issue if you are facing same problem as mine. oauth_verifier is indeed not required in hybrid mode.

这篇关于Google GetAccessToken:错误请求 400的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！