如何使用oAuth1.0 / php发布JSON正文数组
[英]How can I POST JSON body array using oAuth1.0/php
问题描述
I would like to post array for api via PHP. 
我想通过PHP发布api数组。 I have used oAuth 1.0 for this, but how can I POST JSON body array using oAuth. 我已经为此使用了oAuth 1.0,但是如何使用oAuth发布JSON正文数组。
<? php
//code start
try
{
$postData = array(
'ProductID' => $productID,
'InventoryType' => $InventoryType,
'ProductCostPrice' => $productCost
);
$postData = json_encode($postData);
$oauth = new OAuth($this->consumer_key, $this->consumer_secret);
$oauth->enableDebug(); // simple debug flag for checking error messages
$oauth->disableSSLChecks(); // avoids an SSL issue when testing
$oauth->setToken($this->access_token, $this->token_secret);
## POST JSON body array ##
$oauth->setBody('body',$postData);
##
$url = $this->product_update_url.$productID;
$oauth->fetch($url, OAUTH_AUTH_TYPE_FORM);
$response_info = $oauth->getLastResponseInfo();
header("Content-Type: {$response_info["content_type"]}");
$dataList = (array) json_decode($oauth->getLastResponse());
echo "<pre>";
print_r($dataList);
echo "</pre>";
exit;
} catch(OAuthException $E) {
Mage::log('error', null, 'error.log');
}
================== ==================
URL: http://php.net/manual/en/class.oauth.php 网址: http : //php.net/manual/en/class.oauth.php
Please can you help, that how can I POST json body array using oAuth. 请您提供帮助,该如何使用oAuth发布json正文数组。
1 个解决方案
解决方案1
1 2016-09-06 16:25:33
The way request parameters are normalized in the OAuth1 spec means you should only sign the body if it's in a form url-encoded format (ie param1=value1¶m2=value2 or arr[]=val1&arr[]=val2 ) OAuth1规范中对请求参数进行规范化的方式意味着,仅当主体采用url编码格式(即param1=value1¶m2=value2或arr[]=val1&arr[]=val2 )时,才应该对主体进行签名
This is due to the way OAuth1 calculates a request signature which includes sorting the parameters by name alphabetically. 这是由于OAuth1计算请求签名的方式所致,其中包括按字母顺序对参数进行排序。
In your example above- if possible- you should try and form url-encode the array of data instead. 在上面的示例中(如果可能),您应该尝试对数据数组进行url编码。
$postData = array(
'ProductID' => $productID,
'InventoryType' => $InventoryType,
'ProductCostPrice' => $productCost
);
// "ProductID=1&InventoryType=widget&ProductCostPrice=3.5"
$body = http_build_query($postData);
...
$oauth->setBody('body', $body);
If for whatever reason that's not possible you'll need to ensure the request body isn't used in your signature calculation when decoding the request. 如果出于某种原因无法实现,则需要在解码请求时确保在签名计算中未使用请求正文。
If you're using HTTPS for your API (which you should) you should be alright with a request body that isn't verifiable in the signature. 如果您对API使用HTTPS(应该使用),则应该使用在签名中不可验证的请求正文。 If you allow HTTP requests to your API you should have some mechanism for confirming the request body was not altered. 如果您允许对您的API的HTTP请求,那么您应该具有某种机制来确认请求主体没有被更改。
A method I've seen is to hash the JSON body string and then include that hash as a query parameter in the request (so it is included in the signature calculation). 我见过的一种方法是对JSON主体字符串进行哈希处理,然后将该哈希作为查询参数包含在请求中(因此它包含在签名计算中)。 Then as part of the API's decoding process you'd confirm the JSON body hashes to the signed query value. 然后,作为API解码过程的一部分,您需要确认JSON主体哈希为已签名的查询值。
This question is a bit old, but I found it via a google search so I thought it best to leave an answer for future searchers. 这个问题有点老了,但是我是通过Google搜索找到的,所以我认为最好给将来的搜索者一个答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.