在 Apache 服务器上支持 XAuth 的 PHP Twitter 代理

发布于 2024-09-06 21:31:33 字数 1738 浏览 0 评论 0原文

我已经为这个问题苦苦挣扎了近两天，我希望这个网站上的人可以帮助我。

我住在中国，在香港有一台服务器（共享主机）。我在服务器上设置了 PHP Twitter 代理，并使用 iPhone 版 Twitter（又名 Tweetie）连接到代理。在过去一年左右的时间里，它运行得非常好。

iPhone 版 Twitter 昨天更新，现在需要 XAuth 授权才能连接到 twitter.com（之前使用基本身份验证）。自更新以来，尽管对我的代理进行了（我认为是）适当的更改，但我仍无法使用我的代理对自己进行身份验证。

从概念上讲，这并不是一个很难解决的问题。为了使用 XAuth 向 twitter.com 进行身份验证，应用程序必须将 POST 请求发送到 https://api .twitter.com/oauth/access_token。 POST 正文必须采用以下形式：

x_auth_username=aUserName&x_auth_mode=client_auth&x_auth_password=aPassword

此外，POST 请求必须具有以下形式的授权标头：

OAuth oauth_signature_method="HMAC-SHA1", oauth_consumer_key="IQKbtAYlXsomeLGkey0HUA", oauth_nonce="8B265865-3F57-44FF-BCD6-E009EA7D4615", oauth_signature="sbwblaho64blahr934mZQ+23DYQ=", oauth_timestamp="1277356846", oauth_version="1.0"

因此，我所做的是使用 .htaccess 使用以下代码将 Auth 标头复制到 $_REQUEST 变量：

RewriteCond %{HTTP:Authorization} ^OAuth.*
RewriteRule (.*) index.php?OAuth=%{HTTP:Authorization} [QSA,L]

我的代理将 $_REQUEST 变量的内容复制到名为 $self->oauthHeader 的实例变量。然后，我使用以下代码将其作为标头添加到我的 cURL 请求中：

if (isset($this->oauthHeader)) {    
    $headers[] = 'Authorization: '.$this->oauthHeader;
    $headers[] = 'Content-Type: application/x-www-form-urlencoded';
    $curl_options[CURLOPT_HTTPHEADER] = $headers;
}

我还将原始请求的 POST 正文添加到 cURL 的 POST 正文中，使用：

$curl_options[CURLOPT_POST] = true;
$curl_options[CURLOPT_POSTFIELDS] = @file_get_contents("php://input");

我将 cURL 请求发送到 Twitter。一切似乎都工作正常，但我不可避免地收到“无法验证 oauth 签名和令牌”的响应。

我已经无计可施了，我这辈子都无法思考我做错了什么。任何帮助将不胜感激。

原文

I've been banging my head against this problem for nearly two days now, and I'm hoping someone on this site can help me.

I live in China and have a server (shared hosting) located in Hong Kong. I've set up a PHP Twitter proxy on the server, and I connect to the proxy using Twitter for iPhone (AKA Tweetie). It's worked beautifully for the past year or so.

Twitter for iPhone was updated yesterday and now requires XAuth authorization to connect to twitter.com (previously, it used Basic Auth). Since the update, I haven't been able to authenticate myself using my proxy, in spite of making (what I believe to be) the appropriate changes to my proxy.

Conceptually, this isn't a very difficult problem to crack. In order to authenticate with twitter.com using XAuth, an app must send a POST request to https://api.twitter.com/oauth/access_token. The POST body must be of the form:

x_auth_username=aUserName&x_auth_mode=client_auth&x_auth_password=aPassword

Additionally, the POST request must have an Authorization header in the form:

OAuth oauth_signature_method="HMAC-SHA1", oauth_consumer_key="IQKbtAYlXsomeLGkey0HUA", oauth_nonce="8B265865-3F57-44FF-BCD6-E009EA7D4615", oauth_signature="sbwblaho64blahr934mZQ+23DYQ=", oauth_timestamp="1277356846", oauth_version="1.0"

So, what I've done is used .htaccess to copy the Auth header to a $_REQUEST variable using this code:

RewriteCond %{HTTP:Authorization} ^OAuth.*
RewriteRule (.*) index.php?OAuth=%{HTTP:Authorization} [QSA,L]

My proxy copies the contents of that $_REQUEST variable to an instance variable called $self->oauthHeader. Then, I make add it as a header to my cURL request using the following code:

if (isset($this->oauthHeader)) {    
    $headers[] = 'Authorization: '.$this->oauthHeader;
    $headers[] = 'Content-Type: application/x-www-form-urlencoded';
    $curl_options[CURLOPT_HTTPHEADER] = $headers;
}

I also add the original request's POST body to the cURL's POST body using:

$curl_options[CURLOPT_POST] = true;
$curl_options[CURLOPT_POSTFIELDS] = @file_get_contents("php://input");

I send the cURL request to Twitter. Everything seems to work correctly, but I inevitably receive a response of "Failed to validate oauth signature and token."

I'm at my wit's end, and I can't for the life of me think what I'm doing wrong. Any help would be much appreciated.

分享到QQ

分享到微博