javascript OAuth nonce 值
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10051494/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
OAuth nonce value
提问by Niraj
I am working with the FatSecret REST API
我正在使用FatSecret REST API
Im using the OAuthSimplejavascript library to generate the signed url. Here's the code I have -
我使用OAuthSimplejavascript 库来生成签名的 url。这是我的代码 -
params['oauth_timestamp'] = Math.floor(new Date().getTime()/1000);
params['oauth_nonce'] = '1234';
params['oauth_version'] = '1.0';
var paramStr = '';
for(var key in params){
paramStr += key+"="+params[key]+"&";
}
paramStr = paramStr.substring(0,paramStr.length-1);
var oauth = OAuthSimple();
oauth.setAction('GET');
var o = oauth.sign(
{
path:this.requestURL,
parameters: paramStr,
signatures:{
api_key:this.apiKey,
shared_secret:this.sharedSecret,
access_token: this.accessToken,
access_secret: this.accessSecret
}
});
console.log(o.signed_url);
return o.signed_url;
params is an associative array containing all the non oauth related parameters for this call. When I use this signed url I get an "invalid/used nonce"
params 是一个关联数组,包含此调用的所有非 oauth 相关参数。当我使用这个签名的 url 时,我得到一个“无效/使用过的随机数”
The OAuth Testing Tooluses the same OAuthSimple library and if I put in all the same parameters (including the timestamp) it generates exactly the same url.
该OAuth的测试工具使用相同的OAuthSimple库,如果我把所有相同的参数(包括时间戳)它产生完全相同的网址。
The only difference is that the url generated by the testing tool works and gives me the full response from the server. The url generated by my code does't.
唯一的区别是测试工具生成的 url 有效,并为我提供了来自服务器的完整响应。我的代码生成的网址没有。
I tried various nonce values including sending a MD5 of the timestamp but I get the same error. The reason I'm using 1234 right now is that the testing tool uses 1234 by default and that seems to work.
我尝试了各种随机数值,包括发送时间戳的 MD5,但我得到了同样的错误。我现在使用 1234 的原因是测试工具默认使用 1234,这似乎有效。
Any help is appreciated. Thanks in advance.
任何帮助表示赞赏。提前致谢。
回答by A T
Updating @Saravanan's answer with something that works on current browsers:
使用适用于当前浏览器的内容更新 @Saravanan 的答案:
function genNonce() {
const charset = '0123456789ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvwxyz-._~'
const result = [];
window.crypto.getRandomValues(new Uint8Array(32)).forEach(c =>
result.push(charset[c % charset.length]));
return result.join('');
}
console.info(genNonce());
回答by Saravanan Soupramaniane
The nonce value as per twitter documentation:
根据 twitter 文档的 nonce 值:
The value for this request was generated by base64 encoding 32 bytes of random data, and stripping out all non-word characters, but any approach which produces a relatively random alphanumeric string should be OK here.
此请求的值是通过 base64 编码 32 个字节的随机数据并去除所有非单词字符生成的,但是任何产生相对随机的字母数字字符串的方法在这里都应该可以。
Based on the above notes, I use the following javascript code to generate nonce value each time I send a request:
基于上述说明,我每次发送请求时都使用以下 javascript 代码生成 nonce 值:
var nonceLen = 32;
return crypto.randomBytes(Math.ceil(nonceLen * 3 / 4))
.toString('base64') // convert to base64 format
.slice(0, nonceLen) // return required number of characters
.replace(/\+/g, '0') // replace '+' with '0'
.replace(/\//g, '0'); // replace '/' with '0'
Try this if it works!
试试这个,如果它有效!
回答by Uttam Panara
Try this
This works every time
试试这个
每次都有效
var nonce = Math.random().toString(36).replace(/[^a-z]/, '').substr(2);
var nonce = Math.random().toString(36).replace(/[^az]/, '').substr(2);
