How to Use QT to implement Google API applications (2)-oauth steps

To use oauth to successfully call the Google API, you must first obtain the oauth access token.

In the process of obtaining oauth access token, we need to solve the following problems in sequence:

1. Prepare timestamp, nonce, and HMAC-SHA1 signatures for obtaining access token

 

A. Obtain timestamp:

Use qdatetime: currentmsecssinceepoch ()/1000 to obtain

 

B. nonce Acquisition Algorithm:

 

Nonce indicates a single value, that is, the random 32-bit value when each request is sent, to ensure that the operation is single, used to avoid repeated request-type attacks.

In fact, Nonce is used in many applications, and nonce is equal to the concept of universally unique identifier. Therefore, you can use the quuid of QT to generate random nonce values. Because the random style generated by the quuid is {67c8770b-44f1-440a-ab9a-f9b5446f13ee}, we need to remove the "{", "}" and "-" symbols.

 

Qstring nonce = quuid: createuuid (). tostring (). Remove (qregexp ("[{,},-]");

 

C. HMAC-SHA1 Signature Algorithm:

 

A secure hash algorithm with a key. It is a type of encryption algorithm used in requests from third-party applications.

The implementation code is given below. For specific algorithms, please google

 

 

Qstring oauthutil: hmacsha1 (qbytearray key, qbytearray basestring) <br/>{< br/> int blocksize = 64; // HMAC-SHA-1 block size, defined in SHA-1 Standard <br/> If (key. length ()> blocksize) {// If key is longer than block size (64), reduce key length with SHA-1 compression <br/> key = qcryptographichash: Hash (key, qcryptographichash: sha1); <br/>}< br/> qbytearray innerpadding (blocksize, char (0x36 )); // initialize inner padding with Char "6" <br/> qbytearray outerpadding (blocksize, char (0x5c )); // initialize outer padding with Char "/" <br/> // ASCII characters 0x36 ("6") and 0x5c ("/") are selected because they have large <br/> // Hamming distance (http://en.wikipedia.org/wiki/Hamming_distance) <br/> for (INT I = 0; I <key. length (); I ++) {<br/> innerpadding [I] = innerpadding [I] ^ key. at (I); // XOR operation between every byte in key and innerpadding, of key length <br/> outerpadding [I] = outerpadding [I] ^ key. at (I); // XOR operation between every byte in key and outerpadding, of key length <br/>}< br/> // result = hash (outerpadding Concat Hash (innerpadding Concat basestring )). tobase64 <br/> qbytearray Total = outerpadding; <br/> qbytearray part = innerpadding; <br/> part. append (basestring); <br/> total. append (qcryptographichash: Hash (part, qcryptographichash: sha1); <br/> qbytearray hashed = qcryptographichash: Hash (total, qcryptographichash: sha1 ); <br/> return hashed. tobase64 (); <br/>}

 

2. Signature generation method of each step

A. Generate the signature of the Request token:

Use a combination of consumer key and consumer secret as the key to sign with basestring

Third-party applications use anonymous as their consumer key and consumer secret, And the generated key is "anonymous &"

 

B. Generate the signature when requesting authorize token:

Missing

 

C. Generate the signature when reques taccess token:

Missing

 

D. generate signature when access token is used

Use

The combination of consumer key, consumer secret, And token_secret is used as the key and basestring for signature.

Token_secret is obtained after authorize token authorization before applying for access token. It must be saved and applied here

For example, token_secret = x1qzr2sbgh8watvhvhs6jyng

The consumer key and consumer secret are anonymous, and the generated key is

Key = anonymous & x1qzr2sbgh8watvhvhs6jyng