开发者

Signature for OAuth

问答 作者:

I'm trying to set up my own OAuth provider, but now I'm stuck at signing requests. Is this the right way for signing?

function ge开发者_开发问答nerateSignature($consumerSecret, $requestURI, $requestData, $requestMethod) {
    $signature = '';
    $signature .= strtoupper($requestMethod) . '&';
    $signature .= urlencode($requestURI) . '&';
    asort($requestData);
    $query = http_build_query($requestData);
    $signature .= urlencode($query);
    echo oauthHMACsha1($consumerSecret, $signature);

}

function HMACsha1($key, $data) {
    $blocksize = 64;
    $hashfunc = 'sha1';
    if (strlen($key) > $blocksize) $key = pack('H*', $hashfunc($key));
    $key = str_pad($key, $blocksize, chr(0x00));
    $ipad = str_repeat(chr(0x36), $blocksize);
    $opad = str_repeat(chr(0x5c), $blocksize);
    $hmac = pack('H*',$hashfunc(($key^$opad).pack('H*', $hashfunc(($key ^ $ipad) . $data))));
    return $hmac;
}

function oauthHMACsha1($key, $data) {
    return base64_encode(HMACsha1($key, $data));
}

Or can it be easier/more efficient? And why is signing important?

Have you seen hash_hmac php function?

继续阅读:digital-signatureoauthphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9