[英]OAuth2 curl request returns 'The client credentials are invalid' for “grant_type = 'password'”
I am trying to get access token for user with credentials , that is registered in DB, with OAuth2. 我正在尝试使用OAuth2在DB中注册的凭据获取访问令牌。 In my
oauth_clients
I have a valid client with 'client_id=myclientid', 'client_secret=myclientsecret', 'grant_types=password'. 在我的
oauth_clients
我有一个有效的客户端,其中包含'client_id = myclientid','client_secret = myclientsecret','grant_types = password'。 In my oauth_users
table I have test user with 'username=Beno', 'password=aa888'. 在我的
oauth_users
表中,我的测试用户使用'username = Beno','password = aa888'。 I am sending data to ' http://myserver.com/token.php ' like this 我正在将数据发送到' http://myserver.com/token.php '
$ch = curl_init( 'http://myserver.com/token.php' );
curl_setopt( $ch, CURLOPT_HEADER, true);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt( $ch, CURLOPT_POST, true);
curl_setopt( $ch, CURLOPT_POSTFIELDS, array(
'client_id' => 'myclientid',
'client_secret' => 'myclientsecret',
'grant_type' => 'password',
'username' => 'Beno',
'password' => 'aa888',
'u_id' => 53
) );
$auth = curl_exec( $ch );
on token.php I have this 在token.php上我有这个
<?php
if( file_exists("system/includes/autoload.php") ):
require_once("system/includes/autoload.php");
else:
require_once("../system/includes/autoload.php");
endif;
require_once('oauth2-server-php/src/OAuth2/Autoloader.php');
$dsn = 'mysql:dbname='.DATABASENAME.';host='.DBSERVERADDRESS.'';
// error reporting (this is a demo, after all!)
ini_set('display_errors',1);error_reporting(E_ALL);
// Autoloading (composer is preferred, but for this example let's just do this)
OAuth2\Autoloader::register();
// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
$storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => DBUSERNAME, 'password' => DBPASSWORD));
// Pass a storage object or array of storage objects to the OAuth2 server class
$server = new OAuth2\Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
$server->addGrantType(new OAuth2\GrantType\RefreshToken($storage));
$username = IO::post('username');
$password = IO::post('password');
$user_id = IO::post('u_id');
if ( ! empty( $username ) && ! empty( $password ) & ! empty( $user_id ) ){
$users = array( $username => array('user_id'=> intval($user_id) ,'password' => $password));
$clients = array($client_id => array('client_secret' => $client_secret));
// create a storage object
$storage = new OAuth2\Storage\Memory(array('user_credentials' => $users, 'client_credentials' => $clients));
echo "<pre>";
var_dump($storage);
echo "</pre>";
// create the grant type
$grantType = new OAuth2\GrantType\UserCredentials($storage);
// add the grant type to your OAuth server
$server->addGrantType($grantType);
// Handle a request for an OAuth2.0 Access Token and send the response to the client
$response = new OAuth2\Response();
$re = $server->handleTokenRequest(OAuth2\Request::createFromGlobals(),$response)->send();
echo $re;
}else{
echo "no data";
}
All data is in DB as I have mentioned above. 如上所述,所有数据都在DB中。 But when I get response it returns me 400 error
但是当我收到回复时,它会返回400错误
{"error":"invalid_client","error_description":"The client credentials are invalid"}
{“error”:“invalid_client”,“error_description”:“客户端凭据无效”}
Check how your authorization server receives client credentials. 检查授权服务器如何接收客户端凭据。
You are presenting client credentials as form-post parameters, but your authorization server may expect that client credentials be embedded in Authorization
header (Basic Authentication). 您将客户端凭据作为表单发布参数提供,但您的授权服务器可能希望将客户端凭据嵌入
Authorization
标头(基本身份验证)中。 Read "RFC 6749, 2.3.1. Client Password " carefully. 请仔细阅读“RFC 6749,2.3.1 。客户端密码 ” 。 According to the specification, "The authorization server MUST support the HTTP Basic authentication scheme for authenticating clients that were issued a client password."
根据规范, “授权服务器必须支持HTTP基本身份验证方案,以验证发出客户端密码的客户端。” Therefore, embedding client credentials in
Authorization
header must work for any correct authorization server implementation. 因此,在
Authorization
标头中嵌入客户端凭据必须适用于任何正确的授权服务器实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.