Current location - Quotes Website - Personality signature - Which expert can explain the OAuth2.0 token generation algorithm?
Which expert can explain the OAuth2.0 token generation algorithm?

1. The concept of HMACSHA1

HMACSHA1 is a keyed hash algorithm constructed from the SHA1 hash function. It is used as HMAC (based on hash function). Hope's message verification code). This HMAC

process mixes the key with the message data, hashes the mixed result using a hash function, mixes the resulting hash value with the key, and then applies the hash function again. The output hash value is 160 bits long and can be converted to a specified number of bits.

The above is Microsoft's standard definition. I didn't quite understand it after reading it. Its function can be understood in one sentence: it is to confirm whether the requested URL or parameters have been tampered with, so as to use QQ

Signature is an example: the sender (itself) performs HMAC algorithm calculation on the parameters, etc., and submits the obtained hash value (i.e. signature value) together with the requested parameters to the receiver (QQ end), and then the receiver submits the parameters, etc. again Value

Perform HMAC algorithm calculation, check and verify the hash value obtained with the hash value you passed. If they are the same, it means that the request is correct and the verification has passed. Go to the next step. If they are not the same, will return an error.

(The following is detailed enough. If you still don’t understand, please leave me a message)

2. The hash algorithm used in QQ OAuth 1.0

///

/// HMACSHA1 algorithm encrypts and returns ToBase64String

///

/// Signature parameter string

/// Key parameter

/// Return a signature value (i.e. hash value)

public static string ToBase64hmac(string strText, string strKey)

{

HMACSHA1 myHMACSHA1 = new HMACSHA1(Encoding.UTF8.GetBytes(strKey));

byte[] byteText = myHMACSHA1.ComputeHash(Encoding.UTF8.GetBytes(strText));

return System.Convert .ToBase64String(byteText);

}

Or write it as, the principle is the same:

public static string HMACSHA1Text(string EncryptText, string EncryptKey)

< p>{

//HMACSHA1 encryption

string message;

string key;

message = EncryptText;

< p> key = EncryptKey;

System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();

byte[] keyByte = encoding.GetBytes(key);

p>

HMACSHA1 hmacsha1 = new HMACSHA1(keyByte);

byte[] messageBytes = encoding.GetBytes(message);

byte[] hashmessage = hmacsha1.ComputeHash(messageBytes );

return ByteToString(hashmessage);

}

The meaning of the parameters has been commented before and will not be explained again.

COPY can be used

Note: Please cite the page

using System.Security.Cryptography;

3. Introduce another way to write the HMACSHA1 algorithm

p>

public static string HMACSHA1Text(string EncryptText, string EncryptKey)

{

//HMACSHA1 encryption

HMACSHA1 hmacsha1 = new HMACSHA1();

hmacsha1.Key = System.Text.Encoding.UTF8.GetBytes(EncryptKey);

byte[] dataBuffer = System.Text.Encoding.UTF8.GetBytes(EncryptText);< /p>

byte[] hashBytes = hmacsha1.ComputeHash(dataBuffer);

return Convert.ToBase64String(hashBytes);

}