在 Python 中从 Quickblox 进行身份验证和获取会话令牌
Posted
技术标签:
【中文标题】在 Python 中从 Quickblox 进行身份验证和获取会话令牌【英文标题】:Authentication and getting a session token from Quickblox in Python 【发布时间】:2013-07-31 05:07:58 【问题描述】:我正在通过 REST API 进行操作。两个问题
1) 我想将一些现有数据推送到 Quickblox 自定义对象。我需要多少个 REST 调用? (我不太清楚涉及计算机安全的整个事件状态。)是否首先(a)获取会话令牌。然后就跟着创建新记录here?
2) 我正在尝试获取会话令牌,但我收到了 "errors":"base":["Unexpected signature"] 作为响应。这是我生成随机数、签名和获取会话令牌的代码:
# Of course these are not really 0, x, and y's.
appId = '0000'
authKey = 'XXXXXXXXXXX'
authSecret = 'YYYYYYYYYYYYYY'
def getNonce():
import random
return random.random()
def createSignature(nonce):
import hashlib
import hmac
import binascii
import time
stringForSignature = 'application_id=id&auth_key=auth_key&nonce=nonce×tamp=timestamp'.format(id=appId,
auth_key=authKey, nonce=nonce, timestamp=time.time())
hmacObj = hmac.new(authKey, stringForSignature, hashlib.sha1)
return binascii.b2a_base64(hmacObj.digest())[:-1] # -1 to get rid of \n
def getSessionToken():
import time
epoch = "%s" % int(time.time())
nonce = getNonce()
params = 'application_id': appId,
'auth_key': authKey,
'timestamp': epoch,
'nonce': nonce,
'signature': createSignature(nonce)
jsonData = json.dumps(params)
httpHeaders = 'Content-Type': 'application/json',
'QuickBlox-REST-API-Version': '0.1.0'
r = requests.post('https://api.quickblox.com/session.json', data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
response = json.loads(responseJson)
getSessionToken()
我想是生成签名的方式导致了问题?
【问题讨论】:
我想在调用 hmac.new 时使用 authSecret 而不是 authKey?但我更换了它,我仍然得到相同的响应。 【参考方案1】:Here 是我问题的答案。事实证明,timestamp 应该只是整数,hamc 应该使用密钥,并且应该使用https://api.quickblox.com/auth.json 而不是 session。而且我的签名没有使用正确的编码。
【讨论】:
【参考方案2】:我在您的代码中发现了以下问题:
功能。 RANDOM - 我们需要整数值(不在 0 和 1 之间) 功能。时间戳。您计算“时间戳”两次。最好使用一次“时间戳” (def createSignature) - 正如您已经知道的那样...您的代码使用了我们需要的其他算法。我建议您使用以下代码,上面的错误已被修改。 结果,您将获得以下身份验证: - - - - - 要求 - - - - - - - - - - - - - - - - --------- 请求用户授权 --------- --------- 带设备参数的请求 ----------
# -*- encoding: utf-8 -*-
# Link: http://quickblox.com/developers/Authentication_and_Authorization#Signature_generation
import json
import requests
import sha
import hmac
#========== YOUR DATA =======================
application_id = 'XXXX'
authorization_key = 'xxxxxxx-XXX-XX'
authorization_secret = 'XXXXXXXXXXXXXXXXXX'
var_login = 'user1'
var_password = 'password1'
# ===========================================
platform = "ios" # like you want
udid = "7847674035" # like you want
def getTimestampNonce():
import random
import time
return str(time.time()), str(random.randint(1, 10000))
def createSignatureSimple(timestamp, nonce):
stringForSignature = 'application_id=id&auth_key=auth_key&nonce=nonce×tamp=timestamp'.format(id=application_id,
auth_key=authorization_key, nonce=nonce, timestamp=timestamp)
return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()
def getParamsSimple():
timestamp, nonce = getTimestampNonce()
return 'application_id': application_id,
'auth_key': authorization_key,
'timestamp': timestamp,
'nonce': nonce,
'signature': createSignatureSimple(timestamp, nonce)
def createSignatureUser(timestamp, nonce):
stringForSignature = 'application_id=id&auth_key=auth_key&nonce=nonce×tamp=timestamp&user[login]=login&user[password]=password'.format(id=application_id,
auth_key=authorization_key, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)
return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()
def getParamsUser():
timestamp, nonce = getTimestampNonce()
return 'application_id': application_id,
'auth_key': authorization_key,
'timestamp': timestamp,
'nonce': nonce,
'signature': createSignatureUser(timestamp, nonce),
'user': 'login': var_login,
'password': var_password
def createSignatureDevice(timestamp, nonce):
stringForSignature = 'application_id=id&auth_key=auth_key&device[platform]=platform&device[udid]=udid&nonce=nonce×tamp=timestamp&user[login]=login&user[password]=password'.format(id=application_id,
auth_key=authorization_key, platform=platform, udid=udid, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)
return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()
def getParamsDevice():
timestamp, nonce = getTimestampNonce()
return 'application_id': application_id,
'auth_key': authorization_key,
'timestamp': timestamp,
'nonce': nonce,
'signature': createSignatureDevice(timestamp, nonce),
'user': 'login': var_login,
'password': var_password,
'device': 'platform': platform,
'udid': udid
def getSessionToken():
httpHeaders = 'Content-Type': 'application/json',
'QuickBlox-REST-API-Version': '0.1.0'
requestPath = 'https://api.quickblox.com/session.json'
print "===================================================="
print "--------- Request --------------------------------"
jsonData = json.dumps(getParamsSimple())
r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
print "===================================================="
print "--------- Request With User authorization ---------"
jsonData = json.dumps(getParamsUser())
r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
print "===================================================="
print "--------- Request With Device parameters ---------"
jsonData = json.dumps(getParamsDevice())
r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
print "====================================================="
getSessionToken()
【讨论】:
以上是关于在 Python 中从 Quickblox 进行身份验证和获取会话令牌的主要内容,如果未能解决你的问题,请参考以下文章
如何在 Quickblox iOS 中从远程视频中捕获视频帧