我得到的 signature_base 正确吗?

Am I getting the signature_base correct?

我正在正确登录并获得密码,所以我仍然认为这是进步。
有人可以检查我正在加密的字符串吗?
'bad request' 还有什么意思?

首先,我得到了AccessToken,
生成此签名库

'GET&https%3A%2F%2Fetws.etrade.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3D565e334127934d65aa4375d0cd2770a1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146468%26oauth_version%3D1.0'

然后调用 SignContext 执行这一行

signingContext.SignatureBase = authContext.GenerateSignatureBase();   

生成此签名库

'GET&https%3A%2F%2Fetws.etrade.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3D565e334127934d65aa4375d0cd2770a1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146468%26oauth_version%3D1.0'

然后它得到了别针。

然后调用 ExchangeRequestTokenForAccessToken
生成此签名库

'GET&https%3A%2F%2Fetws.etrade.com%2Foauth%2Faccess_token&oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3De63bba497c24492ab0d60366526c781a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146597%26oauth_token%3D6WHEWvcaVYx59bRxzic%252FXJGGYrz4TGdH5uvlfNCdkOY%253D%26oauth_verifier%3DNHD85%26oauth_version%3D1.0'

然后它使用这个签名基础再次对上下文签名

'GET&https%3A%2F%2Fetws.etrade.com%2Foauth%2Faccess_token&oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3De63bba497c24492ab0d60366526c781a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146597%26oauth_token%3D6WHEWvcaVYx59bRxzic%252FXJGGYrz4TGdH5uvlfNCdkOY%253D%26oauth_verifier%3DNHD85%26oauth_version%3D1.0'

然后我尝试获取 A
的报价 有了这个签名基础

'GET&https%3A%2F%2Fetws.etrade.com%2Fmarket%2Frest%2Fquote%2FA&detailFlag%3DALL%26oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3D4a3640c5fc5c40b490c475a2e6c0228e%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146666%26oauth_token%3D77vmxV1reXdgDJewWspVKmOduwdDsZGVvLfZBUtBSms%253D%26oauth_version%3D1.0'

检索报价失败,returns:

8/7/2017 5:57:46 PM - Header Start 8/7/2017 5:58:18 PM - Authorization: OAuth
oauth_token='77xmvV1reXdgDJewWspVKmOduwdDsZGVvLfZUBtBSms%3D',oauth_nonce='4a3640c5fc5c40b490c475a2e6c0228e',oauth_consumer_key='c5164d11e1a0a23901d75e7aa1993085',oauth_signature_method='HMAC-SHA1',oauth_timestamp='1502146666',oauth_version='1.0',oauth_signature='2OihTU%2BphJjPuvp82lR8Z2QhE24%3D' 8/7/2017 5:58:18 PM - Header End 8/7/2017 5:58:18 PM - System.Net.WebException: The remote server returned an error: (400) Bad Request. at System.Net.HttpWebRequest.GetResponse()
at EquityMetrics.Retrieve.ETradeModel.GetResponse(OAuthSession session, String url) in C:{path}\Model\ETradeModel.cs:line 94
8/7/2017 5:58:18 PM - Pragma: no-cache apiServerName: 11w44m3
nnCoection: close Transfer-Encoding: chunked Cache-Control: no-cache, no-store Content-Type: application/xml Date: Mon, 07 Aug 2017 22:58:18 GMT Server: Apache

根据 Oauth 1.0 spec,授权 header 应该使用 ascii 值 34,这是一个双引号,而不是单引号。参数也应该按名称的字母顺序排序。在上面的错误消息中,它似乎使用了单引号和未排序的参数。它应该如下所示(为了便于阅读而添加了换行符):

Authorization: OAuth 
oauth_token="77xmvV1reXdgDJewWspVKmOduwdDsZGVvLfZUBtBSms%3D",  
oauth_nonce="4a3640c5fc5c40b490c475a2e6c0228e",  
oauth_consumer_key="c5164d11e1a0a23901d75e7aa1993085",
oauth_signature="2OihTU%2BphJjP",  
oauth_signature_method="HMAC-SHA1",  
oauth_timestamp="1502146666",  
oauth_version="1.0"

从浏览器点击 URL 后,我开始收到更好的错误消息,这导致了解决方案。但如何做到这一点并不明显。

为此header:

Authorization: OAuth oauth_consumer_key="c6154d11e1a0a29301d75e7aa1993085",oauth_nonce="simTGhOB4T7",oauth_signature="Dij6ZXwcBda78Rk54K3k3UUfGMc%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1505152250",oauth_token="DnMnZQTQUqaJxAFJNwTy76lEaP5toiWt2QeI4POZnKY%3D",oauth_version="1.0"

在浏览器中使用此 URL 以获得更好的错误消息:

https://etws.etrade.com/market/rest/quote/A?oauth_consumer_key=c6154d11e1a0a29301d75e7aa1993085&oauth_nonce=simTGhOB2T7&oauth_signature=Dij6ZXwcBda78Rk54K3k3UUfGMc%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1505152250&oauth_token=DnMnZQTQUqaJxAFJNwTy76lEaP5toiWt2QeI4POZnKY%3D&oauth_version=1.0

OTOH,排序顺序似乎并不重要,在签名的基础之外,如规范中所述。