1. 首頁
  2. 問答
  3. Dropbox OAuth簽名是什麼?

Dropbox OAuth簽名是什麼?

2011-12-20 110 views
2

我正在開發DropBox API的應用程序,並且無法爲我的生活找到有關在身份驗證期間進入第一個令牌請求的「簽名」的意圖的任何信息。Dropbox OAuth簽名是什麼?

其他人知道嗎?

來源

2011-12-20 Tom Halley

+0

如果你仍然有問題可能考慮使用現有的庫,如DropNet? (http://dkdevelopment.net/what-im-doing/dropnet/) – dkarzon 2012-01-03 03:14:19

+0

最後,我決定去開發定義的OAuth庫 – 2012-01-05 18:04:22

回答

3

如果是OAuth的那麼簽名是你希望的

  • OAuthVersion
  • OAuthNonce
  • 時間戳
  • ConsumerKey
  • 是SignatureMethod(如HMACSHA1)
  • 任何參數的組合發送
  • HTTP方法

例如這裏是一些代碼,做它

/// <summary> 
    /// Generate the signature base that is used to produce the signature 
    /// </summary> 
    /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param> 
    /// <param name="consumerKey">The consumer key</param>   
    /// <param name="token">The token, if available. If not available pass null or an empty string</param> 
    /// <param name="tokenSecret">The token secret, if available. If not available pass null or an empty string</param> 
    /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param> 
    /// <param name="signatureType">The signature type. To use the default values use <see cref="OAuthBase.SignatureTypes">OAuthBase.SignatureTypes</see>.</param> 
    /// <returns>The signature base</returns> 
    public static string GenerateSignatureBase(Uri url, string consumerKey, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, string signatureType, SortedList<String, String> customParameters, out string normalizedUrl, out string normalizedRequestParameters) 
    { 
     if (token == null) 
     { 
      token = string.Empty; 
     } 

     if (tokenSecret == null) 
     { 
      tokenSecret = string.Empty; 
     } 

     if (string.IsNullOrEmpty(consumerKey)) 
     { 
      throw new ArgumentNullException("consumerKey"); 
     } 

     if (string.IsNullOrEmpty(httpMethod)) 
     { 
      throw new ArgumentNullException("httpMethod"); 
     } 

     if (string.IsNullOrEmpty(signatureType)) 
     { 
      throw new ArgumentNullException("signatureType"); 
     } 

     normalizedUrl = null; 
     normalizedRequestParameters = null; 

     List<QueryParameter> parameters = GetQueryParameters(url.Query); 
     parameters.Add(new QueryParameter(OAuthVersionKey, OAuthVersion)); 
     parameters.Add(new QueryParameter(OAuthNonceKey, nonce)); 
     parameters.Add(new QueryParameter(OAuthTimestampKey, timeStamp)); 
     parameters.Add(new QueryParameter(OAuthSignatureMethodKey, signatureType)); 
     parameters.Add(new QueryParameter(OAuthConsumerKeyKey, consumerKey)); 

     foreach (String key in customParameters.Keys) 
     { 
      parameters.Add(new QueryParameter(key, UrlEncode(customParameters[key]))); 
     } 


     if (!string.IsNullOrEmpty(token)) 
     { 
      parameters.Add(new QueryParameter(OAuthTokenKey, token)); 
     } 

     parameters.Sort(new QueryParameterComparer()); 

     normalizedUrl = string.Format("{0}://{1}", url.Scheme, url.Host); 
     if (!((url.Scheme == "http" && url.Port == 80) || (url.Scheme == "https" && url.Port == 443))) 
     { 
      normalizedUrl += ":" + url.Port; 
     } 
     normalizedUrl += url.AbsolutePath; 
     normalizedRequestParameters = NormalizeRequestParameters(parameters); 

     StringBuilder signatureBase = new StringBuilder(); 
     signatureBase.AppendFormat("{0}&", httpMethod.ToUpper()); 
     signatureBase.AppendFormat("{0}&", UrlEncode(normalizedUrl)); 
     signatureBase.AppendFormat("{0}", UrlEncode(normalizedRequestParameters)); 

     return signatureBase.ToString(); 
    } 

    /// <summary> 
    /// Generate the signature value based on the given signature base and hash algorithm 
    /// </summary> 
    /// <param name="signatureBase">The signature based as produced by the GenerateSignatureBase method or by any other means</param> 
    /// <param name="hash">The hash algorithm used to perform the hashing. If the hashing algorithm requires initialization or a key it should be set prior to calling this method</param> 
    /// <returns>A base64 string of the hash value</returns> 
    public static string GenerateSignatureUsingHash(string signatureBase, HashAlgorithm hash) 
    { 
     return ComputeHash(hash, signatureBase); 
    } 

     /// <summary> 
    /// Helper function to compute a hash value 
    /// </summary> 
    /// <param name="hashAlgorithm">The hashing algoirhtm used. If that algorithm needs some initialization, like HMAC and its derivatives, they should be initialized prior to passing it to this function</param> 
    /// <param name="data">The data to hash</param> 
    /// <returns>a Base64 string of the hash value</returns> 
    private static string ComputeHash(HashAlgorithm hashAlgorithm, string data) 
    { 
     if (hashAlgorithm == null) 
     { 
      throw new ArgumentNullException("hashAlgorithm"); 
     } 

     if (string.IsNullOrEmpty(data)) 
     { 
      throw new ArgumentNullException("data"); 
     } 

     byte[] dataBuffer = System.Text.Encoding.ASCII.GetBytes(data); 
     byte[] hashBytes = hashAlgorithm.ComputeHash(dataBuffer); 

     return Convert.ToBase64String(hashBytes); 
    } 

/// <summary> 
    /// Generates a signature using the specified signatureType 
    /// </summary>  
    /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param> 
    /// <param name="consumerKey">The consumer key</param> 
    /// <param name="consumerSecret">The consumer seceret</param> 
    /// <param name="token">The token, if available. If not available pass null or an empty string</param> 
    /// <param name="tokenSecret">The token secret, if available. If not available pass null or an empty string</param> 
    /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param> 
    /// <param name="signatureType">The type of signature to use</param> 
    /// <returns>A base64 string of the hash value</returns> 
    public static string GenerateSignature(Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, SignatureTypes signatureType, SortedList<String, String> parameters, out string normalizedUrl, out string normalizedRequestParameters) 
    { 
     normalizedUrl = null; 
     normalizedRequestParameters = null; 

     switch (signatureType) 
     { 
      case SignatureTypes.PLAINTEXT: 
       return HttpUtility.UrlEncode(string.Format("{0}&{1}", consumerSecret, tokenSecret)); 
      case SignatureTypes.HMACSHA1: 


       string signatureBase = GenerateSignatureBase(url, consumerKey, token, tokenSecret, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, parameters, out normalizedUrl, out normalizedRequestParameters); 

       HMACSHA1 hmacsha1 = new HMACSHA1(); 
       hmacsha1.Key = Encoding.ASCII.GetBytes(string.Format("{0}&{1}", UrlEncode(consumerSecret), string.IsNullOrEmpty(tokenSecret) ? "" : UrlEncode(tokenSecret))); 

       return GenerateSignatureUsingHash(signatureBase, hmacsha1); 
      case SignatureTypes.RSASHA1: 
       throw new NotImplementedException(); 
      default: 
       throw new ArgumentException("Unknown signature type", "signatureType"); 
     } 
    }

但檢查出http://oauth.net/core/1.0a/瞭解詳情。

來源

2011-12-20 05:59:28

+1

生成基地,然後創建哈希,這是你的簽名 – 2011-12-20 06:00:06

+0

是否有必要包含所有這些信息的組合? – 2014-10-15 12:12:35

+0

是的。必須按規範中的規定包含所有內容,因爲這是OAuth服務器將如何檢查簽名,方法是在另一端執行相同的計算。 – 2014-10-15 15:27:30

相關問題

 相關問題