我最初对签名和时间戳进行了硬编码,只是为了设置路由。现在我要回去为用户设置动态签名,我从Twitter API得到一个错误。
{"errors":[{"code":215,"message":"Bad Authentication data."}]}
我已经处理了签名和auth头,但仍然是相同的错误响应。
// Creates the timestamp in milliseconds
const timestamp = Math.round(Date.now() / 1000).toString();
// Percent encodes base url
const encodedBaseURL = encodeURIComponent(
`https://api.twitter.com/oauth/request_token`
);
// Percent encodes params
const encodedParams = encodeURIComponent(
`oauth_callback="http://localhost:3000/auth/twitter"&oauth_consumer_key="${process.env.TWITTER_CONSUMER_KEY}"&oauth_nonce="${timestamp}"&oauth_signature_method="HMAC-SHA1"&oauth_timestamp="${timestamp}"&oauth_version="1.0"`
);
// Combines the percent encoded string to match https://developer.twitter.com/en/docs/authentication/oauth-1-0a/creating-a-signature requirements
const oauth_signature = `POST&${encodedBaseURL}&${encodedParams}`;
// Creates signing key for hashing
const signingKey = `${encodeURIComponent(
process.env.TWITTER_CONSUMER_SECRET
)}&`;
console.log("sig", oauth_signature);
// Hashes string with signingKey then returns base64 string
const hashedSignature = createHmac("sha1", signingKey)
.update(oauth_signature)
.digest("base64");
console.log("hash", hashedSignature);
// Https request options object
const twitterOptions = {
hostname: "api.twitter.com",
port: 443,
path: "/oauth/request_token",
method: FETCH_METHODS.POST,
headers: {
Authorization: `OAuth oauth_callback="http%3A%2F%2Flocalhost%3A3000%2Fauth%2Ftwitter",oauth_consumer_key="${process.env.TWITTER_CONSUMER_KEY}",oauth_nonce="${timestamp}",oauth_signature="${hashedSignature}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="${timestamp}",oauth_version="1.0"`,
},
};
解决了问题。您必须在Authorization标头中对签名进行百分比编码。