Yahoo API와 두려운 oauth_problem = "signature_invalid"

Question

여기에 여러 가지 다른 스레드를 읽고 실제로 설득력있는 대답을 줄 수있는 것을 찾지 못하는 것 같습니다.

나는 https://developer.yahoo.com/oauth/guide/oauth-accesstoken.html에 이르기까지 모든 문서를 읽었으며 지금은 누구나 로그인 한 사용자에 대한 멋진 자격 증명과 사용자 ID를 가지고 있습니다. 지금까지는 https와 평문의 서명 방법을 사용했습니다.

이제 사용자에 대한 정보를 받고 HMACS-SHA1 요청을 서명하는 방법을 사용해야합니다.

기본적으로 여기에 나와있는 다른 많은 사람들처럼 유효한 자격 증명을 제공해주세요. . OAuth를 oauth_problem = "signature_invalid"영역 = "yahooapis.com" "오류 메시지가

이 내 코드입니다 :

function getYahooUser($userID, $oauthToken, $oauthSecret) 
{ 
    // $url = 'https://social.yahooapis.com/v1/user/' . $userID .'/profile?'; 
    $ch = curl_init(); 

    $s = 'oauth_consumer_key='.config::yahooConsumerKey.'&'; 
    $s .= 'oauth_nonce='.generateRandomString().'&'; 
    $s .= 'oauth_signature_method=HMAC-SHA1&'; 
    $s .= 'oauth_timestamp='.time().'&'; 
    $s .= 'oauth_token='.$oauthToken.'&'; 
    $s .= 'oauth_version=1.0&'; 
    $s .= 'realm=yahooapis.com'; 

    $baseString ='GET&'.rawurlencode('https://social.yahooapis.com/v1/user/'.$userID.'/profile').'&'.rawurlencode($s); 
    $signingKey = rawurlencode(config::yahooConsumerSecret).'&'.rawurlencode($oauthSecret); 
    $signature = rawurlencode(base64_encode(hash_hmac('sha1', $baseString, $signingKey, true))); 



    curl_setopt_array($ch, array(
     CURLOPT_RETURNTRANSFER => true, 
     CURLOPT_FOLLOWLOCATION => TRUE, 
     CURLOPT_SSL_VERIFYPEER => false, 
     CURLOPT_SSL_VERIFYHOST => 0, 
     CURLOPT_HTTPGET => true, 
     CURLOPT_POST  => false, 
     CURLOPT_URL => 'https://social.yahooapis.com/v1/user/'.$userID.'/profile'. 
      '?realm=yahooapis.com'. 
      '&oauth_consumer_key='.config::yahooConsumerKey. 
      '&oauth_nonce='.generateRandomString(). 
      '&oauth_signature_method=HMAC-SHA1'. 
      '&oauth_timestamp='.time(). 
      '&oauth_token='.$oauthToken. 
      '&oauth_version=1.0'. 
      '&oauth_signature='.$signature 
    )); 

$output = curl_exec($ch); 
    var_dump($output); 

    return $output; 

} 

사람이 내가 잘못 뭐하는 거지의 아이디어가 않습니다

Answer 1

진심으로, 야후 API는

확인 https://developer.yahoo.com/forum/OAuth-General-Discussion-YDN-SDKs/token-rejected/1259915145000-8648ab55-f852-38ed-91c9-bf7e37f7d76c

네트워크 https://github.com/joechung/oauth_yahoo에서 사용할 수 조 Chungs의 OAuth를 예제의 조합과 야후 개발자에서이 포스트를 사용하여 해결 .... 충격이다

트릭은 서명 생성에 추가하기 전에 gettoken 요청에서 가져온 인증 토큰을 디코딩하는 것입니다. YahooCurl.php

function doYahoo() //returns a url for the user to click to start auth 
{ 

    require('Yahoo/YahooCurl.php'); 
    new YahooCurl; 
    $yahooReply = getYahooRequestToken(); 
    $yahooReplyToArray = explode("&", $yahooReply); 
    $yahooOauthToken = $yahooReplyToArray[0]; 
    $yahooOauthToken = substr($yahooOauthToken, 12); 

    $yahooOauthTokenSecret = $yahooReplyToArray[1]; 
    $yahooOauthTokenSecret = substr($yahooOauthTokenSecret,19); 


    $expire = time() + 60 * 60 * 24 * 7; 
    setcookie("yahooSecret", $yahooOauthTokenSecret, $expire, "/", null); 

    $YahooURL = 'https://api.login.yahoo.com/oauth/v2/request_auth?oauth_token=' . $yahooOauthToken; 
    return $YahooURL; 

} 

if(isset($_GET['yahoo'])) 
{ 

    $yahoooAuthToken = $_GET['oauth_token']; 
    $yahoooAuthVerifier = $_GET['oauth_verifier']; 

    require('Yahoo/YahooCurl.php'); 
    new YahooCurl; 

    $yahooReply = getYahooAccessToken($yahoooAuthVerifier, $yahoooAuthToken, $_COOKIE['yahooSecret']); 
    $yahooReplyToArray = explode("&", $yahooReply); 
    $yahoooAuthToken = $yahooReplyToArray[0]; 
    $yahoooAuthToken = substr($yahoooAuthToken,12); 
    $yahoooAuthToken = urldecode($yahoooAuthToken); 
    $yahoooAuthTokenSecret = $yahooReplyToArray[1]; 
    $yahoooAuthTokenSecret = substr($yahoooAuthTokenSecret,19); 
    $YahooUserID = $yahooReplyToArray[5]; 
    $YahooUserID = substr($YahooUserID,18); 
    $YahooRefreshToken = $yahooReplyToArray[3]; 
    $YahooRefreshToken = substr($YahooRefreshToken,21); 

    $expire = time() + 60 * 60 * 24 * 7; 
    setcookie("yahooRefresh", $YahooRefreshToken, $expire, "/", null); 

    $yahooUserData = getYahooUser($YahooUserID,$yahoooAuthToken,$yahoooAuthTokenSecret); 

    //do what you want with $yahooUserData 
} 

과 : 당신은 다음 같은 문제가있는 경우

이, 그냥 내 설정을 사용자 변수 : PARAMS

주요 기능을 내 완전한 야후 기능이 포함되어있다

class YahooCurl 
{ 
    public $YahooRequestToken; 
} 

function getYahooRequestToken() 
{ 

    $params = array(
     'oauth_nonce' => urlencode(generateRandomString()), 
     'oauth_timestamp' => time(), 
     'oauth_consumer_key' => config::yahooConsumerKey, 
     'oauth_signature_method' => 'plaintext', 
     'oauth_signature' => config::yahooConsumerSecret . '%26', 
     'oauth_version' => '1.0', 
     'oauth_callback' => config::yahooCallBackDomain); 

    $url = 'https://api.login.yahoo.com/oauth/v2/get_request_token'; 
    $postData = ''; 


    foreach ($params as $k => $v) { 
     $postData .= $k . '=' . $v . '&'; 
    } 
    rtrim($postData, '&'); 

    //var_dump($postData); 

    $ch = curl_init(); 
    curl_setopt($ch, CURLOPT_URL, $url); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
    curl_setopt($ch, CURLOPT_HEADER, false); 
    curl_setopt($ch, CURLOPT_POST, count($postData)); 
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); 

    $output = curl_exec($ch); 
    curl_close($ch); 
    return $output; 
} 

function generateRandomString($length = 6) 
{ 
    $characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; 
    $randomString = ''; 
    for ($i = 0; $i < $length; $i++) { 
     $randomString .= $characters[rand(0, strlen($characters) - 1)]; 
    } 
    return $randomString; 
} 

function getYahooAccessToken($oauthVerifier, $oauthToken, $oauthSecret) 
{ 

    $url = 'https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=' .urlencode(config::yahooConsumerKey) . 
     '&oauth_signature_method=' . urlencode('plaintext') . 
     '&oauth_version=' . urlencode('1.0') . 
     '&oauth_verifier=' . urlencode($oauthVerifier) . 
     '&oauth_token=' . urlencode($oauthToken) . 
     '&oauth_timestamp=' . urlencode(time()) . 
     '&oauth_nonce=' .urlencode(generateRandomString()) . 
     '&oauth_signature=' . config::yahooConsumerSecret . '%26' . $oauthSecret; 

    $ch = curl_init(); 

    curl_setopt($ch,CURLOPT_URL,$url); 
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,true); 
// curl_setopt($ch,CURLOPT_HEADER, false); 

    $output=curl_exec($ch); 

    curl_close($ch); 
    return $output; 
} 

function getYahooUser($userID, $oauthToken, $oauthSecret) 
{ 

    $ch = curl_init(); 

    $url = 'https://social.yahooapis.com/v1/user/'. $userID . '/profile'; 
    $params['oauth_consumer_key'] = config::yahooConsumerKey; 
    $params['oauth_nonce'] = generateRandomString(); 
    $params['oauth_signature_method'] = 'HMAC-SHA1'; 
    $params['oauth_timestamp'] = time(); 
    $params['oauth_token'] = $oauthToken; 
    $params['oauth_version'] = '1.0'; 
    $params['oauth_signature'] = 
     oauth_compute_hmac_sig('GET', $url, $params, 
      config::yahooConsumerSecret, $oauthSecret); 

    $query_parameter_string = oauth_http_build_query($params); 
    $request_url = $url . ($query_parameter_string ? 
      ('?' . $query_parameter_string) : ''); 


    curl_setopt($ch, CURLOPT_URL, $request_url); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); 

    $output = curl_exec($ch); 
    var_dump($output); 

    return $output; 

} 

    function oauth_compute_hmac_sig($http_method, $url, $params, $consumer_secret, $token_secret) 
    { 

     $base_string = signature_base_string($http_method, $url, $params); 
     $signature_key = rfc3986_encode($consumer_secret) . '&' . rfc3986_encode($token_secret); 
     $sig = base64_encode(hash_hmac('sha1', $base_string, $signature_key, true)); 
     return $sig; 
    } 

function oauth_http_build_query($params, $excludeOauthParams=false) 
{ 
    $query_string = ''; 
    if (! empty($params)) { 

     // rfc3986 encode both keys and values 
     $keys = rfc3986_encode(array_keys($params)); 
     $values = rfc3986_encode(array_values($params)); 
     $params = array_combine($keys, $values); 

     // Parameters are sorted by name, using lexicographical byte value ordering. 
     // http://oauth.net/core/1.0/#rfc.section.9.1.1 
     uksort($params, 'strcmp'); 

     // Turn params array into an array of "key=value" strings 
     $kvpairs = array(); 
     foreach ($params as $k => $v) { 
      if ($excludeOauthParams && substr($k, 0, 5) == 'oauth') { 
       continue; 
      } 
      if (is_array($v)) { 
       // If two or more parameters share the same name, 
       // they are sorted by their value. OAuth Spec: 9.1.1 (1) 
       natsort($v); 
       foreach ($v as $value_for_same_key) { 
        array_push($kvpairs, ($k . '=' . $value_for_same_key)); 
       } 
      } else { 
       // For each parameter, the name is separated from the corresponding 
       // value by an '=' character (ASCII code 61). OAuth Spec: 9.1.1 (2) 
       array_push($kvpairs, ($k . '=' . $v)); 
      } 
     } 

     // Each name-value pair is separated by an '&' character, ASCII code 38. 
     // OAuth Spec: 9.1.1 (2) 
     $query_string = implode('&', $kvpairs); 
    } 

    return $query_string; 
} 

function rfc3986_encode($raw_input) 
{ 
    if (is_array($raw_input)) { 
     return array_map('rfc3986_encode', $raw_input); 
    } else if (is_scalar($raw_input)) { 
     return str_replace('%7E', '~', rawurlencode($raw_input)); 
    } else { 
     return ''; 
    } 
} 

function signature_base_string($http_method, $url, $params) 
{ 
    // Decompose and pull query params out of the url 
    $query_str = parse_url($url, PHP_URL_QUERY); 
    if ($query_str) { 
     $parsed_query = oauth_parse_str($query_str); 
     // merge params from the url with params array from caller 
     $params = array_merge($params, $parsed_query); 
    } 

    // Remove oauth_signature from params array if present 
    if (isset($params['oauth_signature'])) { 
     unset($params['oauth_signature']); 
    } 

    // Create the signature base string. Yes, the $params are double encoded. 
    $base_string = rfc3986_encode(strtoupper($http_method)) . '&' . 
     rfc3986_encode(normalize_url($url)) . '&' . 
     rfc3986_encode(oauth_http_build_query($params)); 



    return $base_string; 
} 

function normalize_url($url) 
{ 
    $parts = parse_url($url); 

    $scheme = $parts['scheme']; 
    $host = $parts['host']; 
    $port = '443'; 
    $path = $parts['path']; 

    if (! $port) { 
     $port = ($scheme == 'https') ? '443' : '80'; 
    } 
    if (($scheme == 'https' && $port != '443') 
     || ($scheme == 'http' && $port != '80')) { 
     $host = "$host:$port"; 
    } 

    return "$scheme://$host$path"; 
} 


function oauth_parse_str($query_string) 
{ 
    $query_array = array(); 

    if (isset($query_string)) { 

     // Separate single string into an array of "key=value" strings 
     $kvpairs = explode('&', $query_string); 

     // Separate each "key=value" string into an array[key] = value 
     foreach ($kvpairs as $pair) { 
      list($k, $v) = explode('=', $pair, 2); 

      // Handle the case where multiple values map to the same key 
      // by pulling those values into an array themselves 
      if (isset($query_array[$k])) { 
       // If the existing value is a scalar, turn it into an array 
       if (is_scalar($query_array[$k])) { 
        $query_array[$k] = array($query_array[$k]); 
       } 
       array_push($query_array[$k], $v); 
      } else { 
       $query_array[$k] = $v; 
      } 
     } 
    } 

    return $query_array; 
} 

희망이 있으면 도움이 될 것입니다.