0

我从 Withings API 获取用户数据访问令牌时遇到问题(api 文档的第 3 步): http ://oauth.withings.com/api/doc#api-OAuth_Authentication-access_token

服务返回“无效签名”错误。

这是我的方法:

private static String getSignature(String url, String params, String authSecret) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException {
    StringBuilder base = new StringBuilder();
    base.append("GET&");
    base.append(url);
    base.append("&");
    base.append(params);

    byte[] keyBytes;
    if (authSecret != null) {
        keyBytes = (secret + "&" + authSecret + "&").getBytes(ENC);
    } else {
        keyBytes = (secret + "&").getBytes(ENC);
    }

    SecretKey key = new SecretKeySpec(keyBytes, HMAC_SHA1);

    Mac mac = Mac.getInstance(HMAC_SHA1);
    mac.init(key);
    Base64 base64 = new Base64();
    return new String(base64.encode(mac.doFinal(base.toString().getBytes(ENC))), ENC).trim();
}
public static AuthResponse getAccessToken(AuthRequest request) {
    try {
        CloseableHttpClient httpclient = HttpClients.createDefault();
        String url = "https://oauth.withings.com/account/access_token";
        URIBuilder builder = new URIBuilder(url);
        List<NameValuePair> valuePairs = new ArrayList<>();

        valuePairs.add(new BasicNameValuePair("oauth_consumer_key", key));
        valuePairs.add(new BasicNameValuePair("oauth_nonce", "" + (int) (Math.random() * 100000000)));
        valuePairs.add(new BasicNameValuePair("oauth_signature_method", "HMAC-SHA1"));
        valuePairs.add(new BasicNameValuePair("oauth_timestamp", "" + (System.currentTimeMillis() / 1000)));
        valuePairs.add(new BasicNameValuePair("oauth_token", request.getOauthToken()));
        valuePairs.add(new BasicNameValuePair("oauth_version", "1.0"));
        valuePairs.add(new BasicNameValuePair("userid", request.getUserId()));

        String signature = getSignature(URLEncoder.encode(url, ENC), URLEncoder.encode(URLEncodedUtils.format(valuePairs, ENC), ENC), request.getOauthTokenSecret());

        valuePairs.add(new BasicNameValuePair("oauth_signature", signature));

        builder.addParameters(valuePairs);

        URI uri = builder.build();

        HttpGet httpget = new HttpGet(uri);

        HttpResponse response = httpclient.execute(httpget);
        BufferedReader reader = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));

        StringBuilder sb = new StringBuilder();
        String result;

        while ((result = reader.readLine()) != null) {
            sb.append(result);
        }

        return null;
    } catch (Exception e) {
        throw new RuntimeException("*Error during getAccessToken request");
    }
}

我还尝试不使用“authSecret”参数来生成签名(如在 withings 规范中),尝试更改顺序并按字母顺序放置“oauth_signature”参数,但我没有成功 有人能帮帮我吗?PS:在Api文档的前两个步骤中,我使用此签名生成器成功获得了oauth_token、oauth_token_secret、userid。

4

1 回答 1

0

为了使 STEP3 正常工作,您必须从该行中删除第二个“&”:

keyBytes = (secret + "&" + authSecret + "&").getBytes(ENC);

所以它变成:

keyBytes = (secret + "&" + authSecret).getBytes(ENC);
于 2017-01-18T11:29:02.780 回答