如何使用 PHP 读取 OAuth 请求参数?
[英]How to read the OAuth request parameters with PHP?
问题描述
I'm trying to connect an iPhone app to a PHP API using 2-legged OAuth as the Authentication mechanism.
我正在尝试使用 2 腿 OAuth 作为身份验证机制将 iPhone 应用程序连接到 PHP API。 I'm using the PHP and Objective-C 2.0 libraries from http://code.google.com/p/oauth/ .我正在使用来自http://code.google.com/p/oauth/的 PHP 和 Objective-C 2.0 库。 The problem is that when I'm trying to issue a GET request with Objective-C, it doesn't include the OAuth parameters in the request URI, like the PHP library does when issuing an OAuth GET request: The problem is that when I'm trying to issue a GET request with Objective-C, it doesn't include the OAuth parameters in the request URI, like the PHP library does when issuing an OAuth GET request:
http://www.mysite.com/oauth/index.php?oauth_consumer_key=key&oauth_nonce=XXXXXXXX&oauth_signature=XXXXXXXXXXX%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1309863754&oauth_version=1.0
Instead it puts the OAuth parameters in an Authorization header:相反,它将 OAuth 参数放在授权 header 中:
Authorization: OAuth realm="", oauth_consumer_key="XXXXX", oauth_token="XXXX-XXXX",
oauth_signature_method="HMAC-SHA1", oauth_signature="XXXXXXXX",
oauth_timestamp="1309863855", oauth_nonce="XXXX-XXX-XX-XX-XXXXXXX", oauth_version="1.0"
I suppose that both ways are equally valid for the OAuth specs, right?我想这两种方式对于 OAuth 规格同样有效,对吧?
What's the best way I can read the Authorization header with PHP?我可以用 PHP 阅读授权 header 的最佳方式是什么?
1 个解决方案
解决方案1
8 已采纳 2011-07-05 12:34:55
I suppose that both ways are equally valid for the OAuth specs, right?
Yes, right.是的,没错。
What's the best way I can read the Authorization header with PHP?
Request headers in PHP are stored in the $_SERVER superglobal array, each header as an entry of it's own: $_SERVER['HTTP_AUTHORIZATION'] most probably in your case, just do PHP 中的请求标头存储在$_SERVER超全局数组中,每个 header 作为它自己的条目: $_SERVER['HTTP_AUTHORIZATION']最有可能在您的情况下,只是做
var_dump($_SERVER);
and look for the info.并查找信息。 Detailed information how PHP deals with the HTTP request . PHP 如何处理 HTTP 请求的详细信息。
Authorization header missing in PHP PHP 中缺少授权 header
Unfortunately the Authorization header is filtered by PHP(?), so it's not part of $_SERVER .不幸的是, Authorization header 被 PHP(?)过滤,所以它不是$_SERVER的一部分。
Workaround: apache_request_headers()解决方法:apache_request_headers()
When using PHP as an Apache module, a workaround is to use the apache_request_headers() function to retrieve all request headers.当使用 PHP 作为 Apache 模块时,解决方法是使用apache_request_headers() function 来检索所有请求标头。
Workaround: mod_rewrite解决方法:mod_rewrite
For F/CGI a workaround is to set the Authorization header with Mod_Rewrite into a environment variable that mimics PHP's scheme converting HTTP request headers:对于 F/CGI,一种解决方法是使用 Mod_Rewrite 将 Authorization header 设置为模仿 PHP 转换 HTTP 请求标头的方案的环境变量:
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)$ [NC]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%1]
The mod_rewrite solution should work for PHP running with mod_php as well. mod_rewrite 解决方案也适用于与 mod_php 一起运行的 PHP。 Hat tip Jon Nylander.帽子提示乔恩·尼兰德。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.