如何在 PHP 中获取安全的 AuthSub 会话令牌?
我正在使用 Google/YouTube API 开发需要访问用户 YouTube 帐户的网络应用程序。
正常的不安全请求工作正常,我可以轻松地将一次性令牌升级为会话令牌。当我尝试将安全令牌升级为会话令牌时,问题出现了:
错误 - CIzF3546351vmq_P____834654G 的令牌升级失败:令牌升级失败。原因: AuthSub 签名无效。
我用这个:
function updateAuthSubToken($singleUseToken)
{
try {
$client = new Zend_Gdata_HttpClient();
$client->setAuthSubPrivateKeyFile('/home/myrsakey.pem', null, true);
$sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken($singleUseToken, $client);
$sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken(trim($singleUseToken), $client);
//$client->setAuthSubToken($sessionToken);
} catch (Zend_Gdata_App_Exception $e) {
print 'ERROR - Token upgrade for ' . $singleUseToken
. ' failed : ' . $e->getMessage();
return;
}
$_SESSION['sessionToken'] = $sessionToken;
$date = gmdate("M d Y H:i:s", mktime(0, 0, 0, 1, 1, 1998));
header('Authorization: AuthSub token="'.$_SESSION['sessionToken'].'" data="GET
https://www.youtube.com/auth_sub_request '.$date.' 15948652339726849410" '.
'sig="MIICXAIBAAKBgQDLJn/sr7TrmQpsEaL312k9dEpikVGFHbE+FjNg7/lfagkTZXf3'.
't96omgSEyZat2RcckVAGs9dU5kbGLJxEaW2ChQplzCKDi+20HZZo7C1QCluaMJ6b'.
...
'0pj+zWPy4T04PH3elN6EkhQ5Vxy5wbBkugqIDqfOKuM=" '.
'sigalg="rsa-sha1"');
}
我不明白什么是:nonce:一个随机的 64 位无符号数字,编码为十进制的 ASCII 字符串!我必须把 is 放在 $date (... '.$date.' 15948652339726849410" '... ) 之后
I am using the Google/YouTube APIs to develop web application which needs access to a users YouTube account.
Normal unsecure requests work fine and I can upgrade one time tokens to session tokens without any hassle. The problem comes when I try and upgrade a secure token to a session token, I get:
ERROR - Token upgrade for CIzF3546351vmq_P____834654G failed : Token upgrade failed. Reason:
Invalid AuthSub signature.
i use this:
function updateAuthSubToken($singleUseToken)
{
try {
$client = new Zend_Gdata_HttpClient();
$client->setAuthSubPrivateKeyFile('/home/myrsakey.pem', null, true);
$sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken($singleUseToken, $client);
$sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken(trim($singleUseToken), $client);
//$client->setAuthSubToken($sessionToken);
} catch (Zend_Gdata_App_Exception $e) {
print 'ERROR - Token upgrade for ' . $singleUseToken
. ' failed : ' . $e->getMessage();
return;
}
$_SESSION['sessionToken'] = $sessionToken;
$date = gmdate("M d Y H:i:s", mktime(0, 0, 0, 1, 1, 1998));
header('Authorization: AuthSub token="'.$_SESSION['sessionToken'].'" data="GET
https://www.youtube.com/auth_sub_request '.$date.' 15948652339726849410" '.
'sig="MIICXAIBAAKBgQDLJn/sr7TrmQpsEaL312k9dEpikVGFHbE+FjNg7/lfagkTZXf3'.
't96omgSEyZat2RcckVAGs9dU5kbGLJxEaW2ChQplzCKDi+20HZZo7C1QCluaMJ6b'.
...
'0pj+zWPy4T04PH3elN6EkhQ5Vxy5wbBkugqIDqfOKuM=" '.
'sigalg="rsa-sha1"');
}
i don't understand what is: nonce: a random 64-bit, unsigned number encoded as an ASCII string in decimal! i must put is after $date (... '.$date.' 15948652339726849410" '... )
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我相信您想要的调用是:
$sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken($singleUseToken, $client);调用
Zend_Gdata_AuthSub::AuthSubRevokeToken()将撤销您的一次性令牌。 这里有一个很棒的提示演示了完整的安全 AuthSub 流程。I believe the call you want is:
$sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken($singleUseToken, $client);Calling
Zend_Gdata_AuthSub::AuthSubRevokeToken()will revoke your single use token. There's a great tip here that demonstrates the full secure AuthSub flow.有一种方法可以在不使用此处详细说明的客户端库的情况下执行此操作:http://codershelpingcoders.com/
如果您愿意,请看一下。
There is way to do this without the client library elaborated here:http://codershelpingcoders.com/
Have a look if you want to.