使用sdk创建订单的时候报错，验签失败，希望得到帮助

[fatetop]

`my code

    const alipaySdk = new AlipaySdk({
        appId: appid,
        privateKey: fs.readFileSync(path.join(think.ROOT_PATH, 'key/rsa_private_key.pem'), 'ascii'),
        alipayPublicKey: fs.readFileSync(path.join(think.ROOT_PATH, 'key/rsa_public_key.pem'), 'ascii'),
    });
    const alipayMethod = 'alipay.trade.create';
    const alipayParams = {
        notifyUrl: notify_url,
        appAuthToken: '',
        bizContent: {
            outTradeNo: outTradeId,
            totalAmount: total_fee,
            subject: body,
        },
    };
    const alipayOptions = {
        // validateSign: true,
        log: think.logger,
    };
    try {
        const result = await alipaySdk.exec(alipayMethod, alipayParams, alipayOptions);
        console.log(' ----------------------------------------------------------- ');
        console.log(result);
        console.log(' ----------------------------------------------------------- ');
    } catch (err) {
        console.log(err);
    }

`

[fatetop]

调用的返回结果 result 是
{ code: '40002',
msg: 'Invalid Arguments',
subCode: 'isv.invalid-signature',
subMsg:
'验签出错，建议检查签名字符串或签名私钥与应用公钥是否匹配，网关生成的验签字符串为：app_id=&biz_content={"out_trade_no":"","total_amount":"0.01","subject":"账号充值0.01元"}&charset=utf-8&method=alipay.trade.create&notify_url=*************&sign_type=RSA2&timestamp=2019-05-21 17:28:55&version=1.0' }

[tudou527]

@fatetop 找到本地 node_modules 下的 /lib/alipay.ts#L316，把 signData 打印出来，和服务端返回的签名字符串做一下比较就知道是哪里出问题了

[YuDaChao]

@tudou527 您好我也遇到这个问题，
这是我的signData：
signData: { method: 'alipay.trade.pay', app_id: '2016101000650042', charset: 'utf-8', version: '1.0', sign_type: 'RSA2', timestamp: '2019-08-13 15:04:52', notify_url: 'http://127.0.0.1:7002/notify', app_auth_token: '', biz_content: '{"out_trade_no":"20150320010101001","scene":"bar_code","subject":"Iphone6 16G","auth_code":"248494578278479567","total_amount":"0.01","operator_id":"1"}', sign: 'UkQFe0TfDA8e/X4e8wgUybvhmke/U9xW08b75J4UfGN4HfA+AXSA3qZV+S8Toc0nmcEeXD6o9LN7NWdigpPFYXOS+ri1TuI+nEXqKJGA3WZWWGXE+HAjYa9tqIbOVIcu0T6klthJ83zETAOMBPfxfaGZ6Nxg9+YC1KL3XbcLtni5SBBlxIZywJdWmjOj0sqjJmHthN5gnWlkA7GyKtbxt/yAcC6MlbWkcjVz9MZJOpUsozBCsJ+d6mTaNI6UCgdxoZtsjvB4ZqkW4K0WEiLgajfIkgA2Mv+riyQuOWY4SeoWBjxPB+D7V6POh+xVtfEMdDADhlgk1w3sVnP0jaOOnw==' }
这是服务端返回的签名
Jg09v1ddF6LwdH2WrL4JXy9xipPMeXe4Pf0uVrTkFEZhsz7QtqtF7kfQgY3DGWNF9NOuqr0qyHB0LnEGVSqXdVUDBWdpCc5HgWiW7b5cuqRavggDGaA8sRbqNkZt8VKKgBgFSgvVaMdtjUuOmsPw06395s1Hhd0NOaZi5sW6S3Y5ASkKKX/BMtHk8UoG3htMo6tjJZf/c3R8YMMYGZC9p1L9eJ34dlge/eo91Ipr+8rdEAAoCurCZKz5cdxhNK6Dd9j/QKvqZYioiV7azoHxWwU4V6rwbbUTo288mXtNHUt/Xza1pKqS/ziUcfc2poibBpwa6pdo6Be2oE4GqrkJNQ==
这两个sign确实不一样

[tudou527]

能否提供个 demo 到 tudou527#gmail.com

[04swjxy]

问题解决了吗? 我也遇到同样的问题.

[YuDaChao]

已经解决了，我传参的时候加了app_auth_token: ''，发现加密时会把值为空的字段排除掉，我把它去调就可以了