How to Use QT to implement Google API applications (2)-oauth steps

Source: Internet
Author: User
Tags hmac oauth

To use oauth to successfully call the Google API, you must first obtain the oauth access token.

In the process of obtaining oauth access token, we need to solve the following problems in sequence:


1. Prepare timestamp, nonce, and HMAC-SHA1 signatures for obtaining access token

 

A. Obtain timestamp:


Use qdatetime: currentmsecssinceepoch ()/1000 to obtain

 

B. nonce Acquisition Algorithm:

 


Nonce indicates a single value, that is, the random 32-bit value when each request is sent, to ensure that the operation is single, used to avoid repeated request-type attacks.


In fact, Nonce is used in many applications, and nonce is equal to the concept of universally unique identifier. Therefore, you can use the quuid of QT to generate random nonce values. Because the random style generated by the quuid is {67c8770b-44f1-440a-ab9a-f9b5446f13ee}, we need to remove the "{", "}" and "-" symbols.

 


Qstring nonce = quuid: createuuid (). tostring (). Remove (qregexp ("[{,},-]");

 

C. HMAC-SHA1 Signature Algorithm:

 



A secure hash algorithm with a key. It is a type of encryption algorithm used in requests from third-party applications.


The implementation code is given below. For specific algorithms, please google

 

 


Qstring oauthutil: hmacsha1 (qbytearray key, qbytearray basestring) <br/>{< br/> int blocksize = 64; // HMAC-SHA-1 block size, defined in SHA-1 Standard <br/> If (key. length ()> blocksize) {// If key is longer than block size (64), reduce key length with SHA-1 compression <br/> key = qcryptographichash: Hash (key, qcryptographichash: sha1); <br/>}< br/> qbytearray innerpadding (blocksize, char (0x36 )); // initialize inner padding with Char "6" <br/> qbytearray outerpadding (blocksize, char (0x5c )); // initialize outer padding with Char "/" <br/> // ASCII characters 0x36 ("6") and 0x5c ("/") are selected because they have large <br/> // Hamming distance (http://en.wikipedia.org/wiki/Hamming_distance) <br/> for (INT I = 0; I <key. length (); I ++) {<br/> innerpadding [I] = innerpadding [I] ^ key. at (I); // XOR operation between every byte in key and innerpadding, of key length <br/> outerpadding [I] = outerpadding [I] ^ key. at (I); // XOR operation between every byte in key and outerpadding, of key length <br/>}< br/> // result = hash (outerpadding Concat Hash (innerpadding Concat basestring )). tobase64 <br/> qbytearray Total = outerpadding; <br/> qbytearray part = innerpadding; <br/> part. append (basestring); <br/> total. append (qcryptographichash: Hash (part, qcryptographichash: sha1); <br/> qbytearray hashed = qcryptographichash: Hash (total, qcryptographichash: sha1 ); <br/> return hashed. tobase64 (); <br/>}

 

2. Signature generation method of each step





A. Generate the signature of the Request token:


Use a combination of consumer key and consumer secret as the key to sign with basestring


Third-party applications use anonymous as their consumer key and consumer secret, And the generated key is "anonymous &"

 

B. Generate the signature when requesting authorize token:


Missing

 

C. Generate the signature when reques taccess token:


Missing

 

D. generate signature when access token is used

Use

The combination of consumer key, consumer secret, And token_secret is used as the key and basestring for signature.


Token_secret is obtained after authorize token authorization before applying for access token. It must be saved and applied here


For example, token_secret = x1qzr2sbgh8watvhvhs6jyng


The consumer key and consumer secret are anonymous, and the generated key is


Key = anonymous & x1qzr2sbgh8watvhvhs6jyng

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.