谷歌嗡嗡声和OAuth - 重定向问题
希望这不会变得太复杂。 :) 事情是..
我正在尝试使用 OAuth 作为身份验证机制将我的 PHP 代码发布到 Google Buzz。我正在做典型的“OAuth 舞蹈”(获取请求令牌,授权它,交换访问令牌),但我遇到了一些似乎是在 Google 方面的问题。希望我错了——修复起来会容易得多。 :)
言归正传 - oauth_callback 参数似乎没有传递到授权表单。我重定向到的授权 URI 类似于:
https://www.google.com/buzz/api/auth/OAuthAuthorizeToken
?domain=<my.domain>
&scope=<urlencode(https://www.googleapis.com/auth/buzz)>
&oauth_token=<request_token>
&oauth_callback=<my.domain/callback>
重定向时,客户端被要求授权站点从 Buzz 读取/写入。如果接受,Google 会再次请求(但以不同的形式)允许访问 .. 在第二次允许后,会显示成功消息,但它不会将任何令牌返回到我的网站,也不会重定向到 oauth_callback uri。
我发现的解决方法是通过 firebug/chrome 检查器手动添加表单字段“oauth_callback=”,然后,在这两次确认之后,它重定向到我的网站,我可以从响应中提取授权令牌,并将其交换为访问令牌。如果我使用“标准”Google 授权端点,我会正确重定向(仅一次确认),但之后获得的访问令牌对 Buzz 无效。
那么,我错了还是谷歌错了?! :D 我已经实现了 OAuth 来与其他一些服务(Facebook、MySpace..)合作,但我从未遇到过这么大的麻烦。
Hope this doesn't get too complicated. :) thing is..
I'm trying to make my PHP code post notes to Google Buzz using OAuth as authentication mechanism. I'm doing the typical "OAuth dance" (get request token, authorise it, exchange for access token), but i've ran into some problems that seem to be on Google's side. Hope i'm wrong - it would be much easier to fix. :)
To get to the point - oauth_callback parameter doesn't seem to get passed to the authorization form. Authorization URI i'm redirecting to is like:
https://www.google.com/buzz/api/auth/OAuthAuthorizeToken
?domain=<my.domain>
&scope=<urlencode(https://www.googleapis.com/auth/buzz)>
&oauth_token=<request_token>
&oauth_callback=<my.domain/callback>
When redirected, client is asked to authorize site to read/write from/to Buzz. If accepted, Google asks again (but in different form) to allow access to .. after allowing for second time, success message is shown, but it doesn't return any tokens to my site, not redirecting to oauth_callback uri.
Workaround i found is to manually add form field 'oauth_callback=' trough firebug/chrome inspector, and then, after these two confirmations it redirects to my site and i can extract authorized token from response, and exchange it for access token. If i use 'standard' Google's authorization endpoint, i get redirected correctly (one confirmation only), but then the access token i get after that is invalid for Buzz.
So, am i wrong or google?! :D I've implemented OAuth for cooperation with some other services (Facebook, MySpace..) but i've never had this much trouble.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,当我第二天早上遇到这个问题时,以(部分)新鲜的眼光,解决方案非常简单(但仍然没有记录)..:)以防其他人需要答案 - 在请求请求令牌时应指定 oauth_callback 参数。
ok, when i got on the problem next morning, with (partially) fresh eyes, solution was pretty easy (but still undocumented).. :) in case anybody else needs answer - oauth_callback parameter should be specified when requesting request token.