我正在尝试使用 schoology API 为学校的学生构建应用,在尝试获取请求令牌时,出现"OAuth 验证失败:签名验证失败"错误。我正在使用快递来访问API,我的代码如下:
function getToken(key, secret){
var token;
var parameters = {
Authorization: 'OAuth',
realm: 'Schoology API',
oauth_consumer_key: key,
oauth_nonce: nonce(20),
oauth_timestamp: Math.floor(Date.now()/1000),
oauth_signature_method: 'HMAC-SHA1',
oauth_version: '1.0',
}
function generateBaseString(httpMethod, url, parameters){
var encodeURL = encodeURIComponent(url);
var paramList = [];
var paramString = '';
console.log("Unencoded key: " + parameters['oauth_consumer_key']);
console.log("Encoded key: " + encodeURIComponent(parameters['oauth_consumer_key']));
for(var k in parameters) {
console.log(k + ' Added to base string: ' + encodeURIComponent(k) + "=" + encodeURIComponent(parameters[k]));
paramList.push(encodeURIComponent(k) + "=" + encodeURIComponent(parameters[k]));
}
paramString = encodeURIComponent(paramList.sort().join('&'));
return httpMethod + '&' + encodeURL + '&' + paramString;
}
base_string = generateBaseString('GET', 'https://api.schoology.com/v1/oauth/request_token', parameters);
oauth_string = secret + '&';
var signature = (new Buffer(hmacsha1(oauth_string, base_string))).toString('base64');
console.log("Signature is " + signature);
console.log("Base string is " + base_string);
console.log("Oauth string is " + oauth_string);
var header = {
Authorization: 'OAuth',
realm: parameters.realm,
oauth_consumer_key: parameters.oauth_consumer_key,
oauth_nonce: parameters.oauth_nonce,
oauth_signature_method: parameters.oauth_signature_method,
oauth_timestamp: parameters.oauth_timestamp,
oauth_version: parameters.oauth_version,
oauth_signature: signature,
oauth_callback: 'oob'
}
var options = {
hostname: 'api.schoology.com',
port: 443,
path: '/v1/oauth/request_token',
method: 'GET',
header: header,
}
var url = 'https://api.schoology.com/v1/oauth/request_token?' +
'Authorization=OAuth' +
'realm=' + parameters.realm +
'&oauth_consumer_key=' + parameters.oauth_consumer_key +
'&oauth_nonce=' + parameters.oauth_nonce +
'&oauth_signature_method=' + parameters.oauth_signature_method +
'&oauth_timestamp=' + parameters.oauth_timestamp +
'&oauth_version=' + parameters.oauth_version +
'&oauth_signature=' + signature +
'&oauth_callback=' + 'oob'
;
console.log("URL: " + url);
// return
var req = https.request(url, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
let data = '';
res.on('data', (d) => {
console.log("DATA");
data += d;
});
res.on('end', () => {
token = JSON.parse(data);
});
});
req.on('error', (e => {
console.error("Error: " + e.message);
}));
req.end();
return token;
}
响应标头包含 401 错误。使用 POST 返回 405 错误。有什么想法吗?
我刚刚宣誓与Schoology合作 - 你有几个选择:
-
由于请求是发送HTTPS(安全(的,因此他们将接受具有更简单
<consumer-secret>&<token-secret>签名的明文签名方法。 -
如果要使用 HMAC 签名方法,则要发送的参数看起来不太像它们用于
baseString的参数。如果您检查 401 获得的响应正文,您可以看到他们的服务器用作基本字符串的内容,并将其与您的服务器进行比较。
我怀疑将授权作为 url 参数发送是否有效。您需要构建一个字符串作为"授权"标头发送,如下所示:
OAuth realm="Schoology API",oauth_consumer_key="(your consumer key)",oauth_token="",oauth_nonce="(some random string)",oauth_timestamp="1599876905",oauth_signature_method="PLAINTEXT",oauth_version="1.0",oauth_signature="(your consumer secret)%26"