堆栈内存溢出
  繁体   English   中英

如何使用PHP获取Access Token和AccessToken的秘密?

[英]How to get Access Token and AccessToken secret using php?

 原文  2017-05-18 07:52:58       php/ json/ curl

问题描述

<?php

// Oauth基本配置 

$oauthbaseurl    = "https://sandbox.woohoo.in/";
$requestTokenUrl = "https://sandbox.woohoo.in/oauth/initiate?oauth_callback=oob";
$accessTokenUrl  = "https://sandbox.woohoo.in/oauth/token";
$consumerkey     = "8af50260ae5444bdc34665c2b6e6daa9";
$consumersecret  = "93c1d8f362749dd1fe0a819ae8b5de95";
$callbackUrl     = "https://sandbox.woohoo.in/";

//包括oauth库文件 

include_once "../../library/OAuthStore.php";
include_once "../../library/OAuthRequester.php";
define("WOOHOO_CONSUMER_KEY", "8af50260ae5444bdc34665c2b6e6daa9"); // 
define("WOOHOO_CONSUMER_SECRET", "93c1d8f362749dd1fe0a819ae8b5de95");

//定义常量变量 

define("WOOHOO_OAUTH_HOST", "https://sandbox.woohoo.in/");
define("WOOHOO_REQUEST_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/initiate?oauth_callback=oob");
define("WOOHOO_AUTHORIZE_URL", WOOHOO_OAUTH_HOST . "oauth/authorize/customerVerifier");
define("WOOHOO_ACCESS_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/token");
define('OAUTH_TMP_DIR', function_exists('sys_get_temp_dir') ? sys_get_temp_dir() : realpath($_ENV["TMP"]));

//初始化OAuthStore 

$options = array(
    'consumer_key' => WOOHOO_CONSUMER_KEY,
    'consumer_secret' => WOOHOO_CONSUMER_SECRET,
    'server_uri' => WOOHOO_OAUTH_HOST,
    'request_token_uri' => WOOHOO_REQUEST_TOKEN_URL,
    'access_token_uri' => WOOHOO_ACCESS_TOKEN_URL
);

// Note: do not use "Session" storage in production. Prefer a database
// storage, such as MySQL.

OAuthStore::instance("Session", $options);
try {
    if (empty($_GET["oauth_token"])) {
        $getAuthTokenParams = array(
            'scope' => 'https://sandbox.woohoo.in/',
            'xoauth_displayname' => 'Oauth test',
            'oauth_callback' => 'https://sandbox.woohoo.in/'
        );

        // get a request token

        $tokenResultParams  = OAuthRequester::requestRequestToken(WOOHOO_CONSUMER_KEY, 0, $getAuthTokenParams);

//打印令牌结果参数 

        echo "Token obtain response";
        echo "<pre>";
        print_r($tokenResultParams);




        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => WOOHOO_AUTHORIZE_URL . "?oauth_token=" . $tokenResultParams['token'] . "&username=finnovationapisandbox@woohoo.in&password=finnovationapisandbox@1234",
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_HTTPHEADER => array(
                "cache-control: no-cache"
            )
        ));
        $woohoovery_response = curl_exec($curl);
        $err                 = curl_error($curl);
        curl_close($curl);
        if ($err) {
            echo "cURL Error #:" . $err;
        } else {
            echo $woohoovery_response;
        }
        $woohoovery = json_decode($woohoovery_response);
        $verifier   = $woohoovery->verifier;

//打印验证程序 

        echo "Token verrified response";
        echo "<pre>";
        print_r($woohoovery_response);

        //exit;

        $oauthTimestamp = time();
        $characters     = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        $nonce          = '';
        for ($i = 0; $i < 32; $i++) {
            $nonce .= $characters[mt_rand(0, strlen($characters) - 1)];
        }
        $oauthSignatureMethod = "HMAC-SHA1";
        $oauthVersion         = "1.0";
        $params               = array(
            'oauth_consumer_key' => $consumerkey,
            'oauth_signature_method' => 'HMAC-SHA1',
            'oauth_timestamp' => $oauthTimestamp,
            'oauth_nonce' => $nonce,
            'oauth_verifier' => $verifier,
            'oauth_token' => $tokenResultParams['token'],
            'oauth_version' => '1.0'
        );
        echo "<pre>";
        print_r($params);

        //exit;

        $post_string = urlencode('GET') . "&" . urlencode(WOOHOO_ACCESS_TOKEN_URL) . "?";
        echo "<pre>";
        print_r($post_string);
        //exit;
        foreach ($params as $key => $value) {
            $stringPart = urlencode($key . "=" . $value . "&");
            $post_string .= $stringPart;
        }
        //exit;
        $post_string  = rtrim($post_string, '%26');


        $signatureKey = urlencode($consumersecret) . "&" . urlencode($tokenResultParams['token_secret']);
        echo "<pre>";
        print_r($signatureKey);
        $signature = base64_encode(hash_hmac('sha1', $post_string, $signatureKey));
        $signature = urlencode($signature);

//打印签名 

        echo "<pre>";
        echo " signature ";
        print_r($signature);
        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => WOOHOO_ACCESS_TOKEN_URL . "?oauth_consumer_key=" . WOOHOO_CONSUMER_KEY . "&oauth_verifier=" . $verifier . "&oauth_token=" . $tokenResultParams['token'] . "&oauth_signature_method=" . $oauthSignatureMethod . "&oauth_signature=" . $signature . "&oauth_nonce=" . $nonce . "&oauth_timestamp=" . $oauthTimestamp . "&oauth_version=1.0",
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_HTTPHEADER => array(
                "cache-control: no-cache"
            )
        ));
        $woohoospendresponse = curl_exec($curl);
        $err                 = curl_error($curl);
        curl_close($curl);

//在这里打印最终访问令牌和密钥即可获得签名无效错误 

        echo "<pre>";
        print_r($woohoospendresponse);
        exit;
        if ($err) {
            echo "cURL Error #:" . $err;
        } else {
            echo $woohoospendresponse;
        }
    }
}
catch (OAuthException2 $e) {
    echo "OAuthException:  " . $e->getMessage();
    var_dump($e);
}
?>

1 个解决方案

解决方案1
 0  2017-05-18 23:39:11

您尝试引用的访问令牌秘密是什么? 在任何OAuth实现中,您将获得授权码,访问令牌,刷新令牌,承载令牌。 在执行php代码之前,您是否验证了Curl请求? 调用Curl命令,看看是否能够检索所需的值。

以下是您可以用来测试的一些Curl请求。 确保你的Curls工作,然后继续修复你的PHP代码 

#To retrieve Authorization Code
Curl -X POST -d "client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&resource=https%3A%2F%2Fservice.contoso.com%2F
&state=12345" 'https://login.microsoftonline.com/{tenant}/oauth2/authorize?'


#To retrieve acess token using Authorization code
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "code=AQABAAIAAABnfi&client_id=12456&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'


#This will retrieve new access token and refresh token. This is for native client which doesn't require client_secret
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=123456&refresh_token=dlfldfdklfdfsADS2sd&grant_type=refresh_token&client_secret=" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用PHP获取OAuth访问令牌和Magento的秘密 如何在授权码和客户端密码的帮助下使用 PHP 获取 fortnox 访问令牌? PHP使用twitter Oauth工具(用户密钥,访问令牌,消费者密码,访问密码)获取用户最新的Twitter提要。 如何在php中使用oauth令牌和秘密进行推文 如何使用PHP获取访问令牌? 如何使用 Twitter API 获取用户访问令牌和访问密钥 使用 OpenID+OAuth (google) 获取访问令牌和密码 如何使用PHP在Office 365中获取刷新令牌和访问令牌 如何使用jQuery或php从Instagram令牌获取访问令牌 如何在 DocuSign 和 PHP 中使用刷新令牌获取访问令牌?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM