Twitter OAUTH与PHP的流程
[英]Twitter OAUTH flow with PHP
问题描述
I am using twitteroauth.com's library and everything is successful but since I am new to having users log into my website using their Twitter credentials I am having a disconnect on how the user logs back into my website later. 
我正在使用twitteroauth.com的库,并且一切都成功了,但是由于我不熟悉让用户使用其Twitter凭据登录到我的网站,所以我在断开用户以后如何重新登录到我的网站方面遇到了麻烦。
I generate a request token and convert that successfully to an access token. 我生成一个请求令牌,并将其成功转换为访问令牌。 I store the array that is returned: 我存储返回的数组:
Array ( [oauth_token] => 12341234-ASDFASDFASDFASFASDFASFASDFASFD [oauth_token_secret] => ASDASDFASDFASDFASDFASDFASDFASDF [user_id] => 12341234 [screen_name] => johndoe [x_auth_expires] => 0 )
now that I have this info I store it in my database associated with the user's existing (or newly created) account to my website. 现在,有了此信息,我将其存储在与用户现有(或新创建的)帐户相关联的数据库中。
however, what calls do I make to Twitter using the TwitterOauth api later when the user comes back to my site? 但是,当用户回到我的网站以后,我如何使用TwitterOauth api对Twitter进行什么调用?
do I generate a new request token and convert it into a NEW access token every time the user comes to my site? 每次用户访问我的网站时,如何生成新的请求令牌并将其转换为新的访问令牌?
thanks! 谢谢!
1 个解决方案
解决方案1
0 已采纳 2015-09-20 17:28:46
Found answer to my own question. 找到了我自己的问题的答案。 In case anyone else would like clarification. 万一其他人想要澄清。
From: https://dev.twitter.com/web/sign-in/implementing 来自: https : //dev.twitter.com/web/sign-in/implementing
The sign in endpoint will behave in one of three ways depending on the user's status: 根据用户的状态,登录端点将以以下三种方式之一运行:
Signed in and approved: If the user is signed in on twitter.com and has already approved the calling application, they will be immediately authenticated and returned to the callback URL with a valid OAuth request token. 登录并批准:如果用户在twitter.com上登录并且已经批准了调用应用程序,则将立即对其进行身份验证,并使用有效的OAuth请求令牌返回到回调URL。 The redirect to twitter.com is not obvious to the user. 重定向到twitter.com对用户而言并不明显。
Signed in but not approved: If the user is signed in to twitter.com but has not approved the calling application, a request to share access with the calling application will be shown. 登录但未批准:如果用户登录到twitter.com但尚未批准呼叫应用程序,则将显示与呼叫应用程序共享访问权限的请求。 After accepting the authorization request, the user will be redirected to the callback URL with a valid OAuth request token. 接受授权请求后,将使用有效的OAuth请求令牌将用户重定向到回调URL。
Not signed in: If the user is not signed in on twitter.com, they will be prompted to enter their credentials and grant access for the application to access their information on the same screen. 未登录:如果用户未在twitter.com上登录,则系统将提示他们输入凭据,并授予访问权限以使应用程序可以在同一屏幕上访问其信息。 Once signed in, the user will be returned to the callback URL with a valid OAuth request token. 登录后,用户将使用有效的OAuth请求令牌返回到回调URL。 The possible states for the sign in interaction are illustrated in the following flowchart: 以下流程图说明了交互中登录的可能状态:
Upon a successful authentication, your callback_url would receive a request containing the oauth_token and oauth_verifier parameters. 认证成功后,您的callback_url将收到一个包含oauth_token和oauth_verifier参数的请求。 Your application should verify that the token matches the request token received in step 1. 您的应用程序应验证令牌是否与步骤1中收到的请求令牌匹配。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.