OAuth2 curl請求返回“grant_type ='password'”的“客戶端憑據無效”

Question

我正在嘗試使用OAuth2在DB中注冊的憑據獲取訪問令牌。 在我的oauth_clients我有一個有效的客戶端，其中包含'client_id = myclientid'，'client_secret = myclientsecret'，'grant_types = password'。 在我的oauth_users表中，我的測試用戶使用'username = Beno'，'password = aa888'。 我正在將數據發送到' http://myserver.com/token.php '

$ch = curl_init( 'http://myserver.com/token.php' );

            curl_setopt( $ch, CURLOPT_HEADER, true);
            curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt( $ch, CURLOPT_POST, true);

            curl_setopt( $ch, CURLOPT_POSTFIELDS, array(
                'client_id'     => 'myclientid',
                'client_secret' => 'myclientsecret',
                'grant_type'    => 'password',
                'username'      => 'Beno',
                'password'      => 'aa888',
                'u_id'          => 53
            ) );

            $auth = curl_exec( $ch );

在token.php上我有這個

<?php

    if( file_exists("system/includes/autoload.php") ):
        require_once("system/includes/autoload.php");
    else:
        require_once("../system/includes/autoload.php");
    endif;
    require_once('oauth2-server-php/src/OAuth2/Autoloader.php');

    $dsn = 'mysql:dbname='.DATABASENAME.';host='.DBSERVERADDRESS.'';

    // error reporting (this is a demo, after all!)
    ini_set('display_errors',1);error_reporting(E_ALL);

    // Autoloading (composer is preferred, but for this example let's just do this)

    OAuth2\Autoloader::register();

    // $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
    $storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => DBUSERNAME, 'password' => DBPASSWORD));

    // Pass a storage object or array of storage objects to the OAuth2 server class
    $server = new OAuth2\Server($storage);

    // Add the "Client Credentials" grant type (it is the simplest of the grant types)
    $server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
    // Add the "Authorization Code" grant type (this is where the oauth magic happens)
    $server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
    $server->addGrantType(new OAuth2\GrantType\RefreshToken($storage));

    $username = IO::post('username');
    $password = IO::post('password');
    $user_id = IO::post('u_id');

    if ( ! empty( $username ) && ! empty( $password ) & ! empty( $user_id ) ){
        $users = array( $username => array('user_id'=> intval($user_id) ,'password' => $password));
    $clients = array($client_id => array('client_secret' => $client_secret));

    // create a storage object
    $storage = new OAuth2\Storage\Memory(array('user_credentials' => $users, 'client_credentials' => $clients));
    echo "<pre>";
    var_dump($storage);
    echo "</pre>";
    // create the grant type
    $grantType = new OAuth2\GrantType\UserCredentials($storage);
    // add the grant type to your OAuth server
    $server->addGrantType($grantType);

    // Handle a request for an OAuth2.0 Access Token and send the response to the client
    $response = new OAuth2\Response();

    $re = $server->handleTokenRequest(OAuth2\Request::createFromGlobals(),$response)->send();
        echo $re;

    }else{
        echo "no data";
    }

如上所述，所有數據都在DB中。 但是當我收到回復時，它會返回400錯誤

{“error”：“invalid_client”，“error_description”：“客戶端憑據無效”}

Answer 1

檢查授權服務器如何接收客戶端憑據。

您將客戶端憑據作為表單發布參數提供，但您的授權服務器可能希望將客戶端憑據嵌入Authorization標頭（基本身份驗證）中。 請仔細閱讀“RFC 6749,2.3.1 。客戶端密碼 ” 。 根據規范， “授權服務器必須支持HTTP基本身份驗證方案，以驗證發出客戶端密碼的客戶端。” 因此，在Authorization標頭中嵌入客戶端憑據必須適用於任何正確的授權服務器實現。