使用 PHP/PECL OAuth 扩展通过 POST 传递参数

发布于 2024-10-23 12:41:04 字数 2404 浏览 4 评论 0原文

我对 OAuth 的概念还很陌生,我正在尝试与新的 Rdio API 进行交互。我已经设法使用 PECL OAuth 函数找出身份验证,但 Rdio 要求通过 POST 传入参数,我不知道这是如何完成的。身份验证有效:用户被跳转到 Rdio 的站点并要求批准该应用程序,然后他们将返回到该站点。但此后,调用 API 的请求就会失败。

以下是有关 Rdio API 的一些信息:http://developer.rdio.com/docs/REST/

这是我用于身份验证的代码...我认为斜体行应该调用 API,请求名为“currentUser”的方法

$req_url = 'http://api.rdio.com/oauth/request_token';
$authurl = 'https://www.rdio.com/oauth/authorize';
$acc_url = 'http://api.rdio.com/oauth/access_token';
$callback = 'http://localhost/test.php';
$api_url = 'http://api.rdio.com/1';
$conskey = 'vmu7x6u4rk8vae8dn28h';
$conssec = 'GrY7gF';

session_start();

if(!isset($_GET['oauth_token']) && $_SESSION['state']==1) $_SESSION['state'] = 0;
try {
  $oauth = new OAuth($conskey,$conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI);
  $oauth->enableDebug();
  if(!isset($_GET['oauth_token']) && !$_SESSION['state']) {
    $request_token_info = $oauth->getRequestToken($req_url);
    $_SESSION['secret'] = $request_token_info['oauth_token_secret'];
    $_SESSION['state'] = 1;
    header('Location: '.$authurl.'?oauth_token='.$request_token_info['oauth_token'].'&oauth_callback='.urlencode($callback));
    exit;
  } else if($_SESSION['state']==1) {
    $oauth->setToken($_GET['oauth_token'],$_SESSION['secret']);
    $access_token_info = $oauth->getAccessToken($acc_url);
    $_SESSION['state'] = 2;
    $_SESSION['token'] = $access_token_info['oauth_token'];
    $_SESSION['secret'] = $access_token_info['oauth_token_secret'];
  } 

  $args = "method=currentUser";

  $oauth->setToken($_SESSION['token'],$_SESSION['secret']);
  $oauth->fetch("$api_url", $args);
  $json = json_decode($oauth->getLastResponse());
  print_r($json);

} catch(OAuthException $E) {
  print_r($E);
}

我收到的消息:

Warning: OAuth::fetch( http://api.rdio.com/1?oauth_consumer_key=vmu7x6u4rktv468vae8dn28h&oauth_signature_method=HMAC-SHA1&oauth_nonce=12606272174d85622ad26ce8.80381248&oauth_timestamp=1300587050& oauth_version=1.0&oauth_token=238zec5p4rpcpbfd8j36sjggz3jfsssybhxgcn9kvmmrmdxr3t4f2cnspt4dg5xf&oauth_signature=1mZhJ9AUbi0sm6qhNaAntumAckU%3D) [函数。 OAuth-fetch]:无法打开流:HTTP 请求失败! HTTP/1.0 596

问题很可能是参数 (method=currentUser) 没有通过 POST 正确传递。有谁知道如何使用 PECL 的 OAuth 扩展来做到这一点?

I'm fairly new to the concept of OAuth and I'm trying to interact with the new Rdio API. I've managed to figure out the authentication using the PECL OAuth functions, but Rdio requires arguments to be passed in via POST and I can't figure out how that is done. The authentication works: the user is bounced to Rdio's site and asked to approve the application, and they are then returned to the site. After that, though, the request making calls to the API fails.

Here's some info on the Rdio API: http://developer.rdio.com/docs/REST/

Here's the code I have for authentication... the lines in italics are what I believe should make the call to the API requesting the method named "currentUser"

$req_url = 'http://api.rdio.com/oauth/request_token';
$authurl = 'https://www.rdio.com/oauth/authorize';
$acc_url = 'http://api.rdio.com/oauth/access_token';
$callback = 'http://localhost/test.php';
$api_url = 'http://api.rdio.com/1';
$conskey = 'vmu7x6u4rk8vae8dn28h';
$conssec = 'GrY7gF';

session_start();

if(!isset($_GET['oauth_token']) && $_SESSION['state']==1) $_SESSION['state'] = 0;
try {
  $oauth = new OAuth($conskey,$conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI);
  $oauth->enableDebug();
  if(!isset($_GET['oauth_token']) && !$_SESSION['state']) {
    $request_token_info = $oauth->getRequestToken($req_url);
    $_SESSION['secret'] = $request_token_info['oauth_token_secret'];
    $_SESSION['state'] = 1;
    header('Location: '.$authurl.'?oauth_token='.$request_token_info['oauth_token'].'&oauth_callback='.urlencode($callback));
    exit;
  } else if($_SESSION['state']==1) {
    $oauth->setToken($_GET['oauth_token'],$_SESSION['secret']);
    $access_token_info = $oauth->getAccessToken($acc_url);
    $_SESSION['state'] = 2;
    $_SESSION['token'] = $access_token_info['oauth_token'];
    $_SESSION['secret'] = $access_token_info['oauth_token_secret'];
  } 

  $args = "method=currentUser";

  $oauth->setToken($_SESSION['token'],$_SESSION['secret']);
  $oauth->fetch("$api_url", $args);
  $json = json_decode($oauth->getLastResponse());
  print_r($json);

} catch(OAuthException $E) {
  print_r($E);
}

The message I get back:

Warning: OAuth::fetch(http://api.rdio.com/1?oauth_consumer_key=vmu7x6u4rktv468vae8dn28h&oauth_signature_method=HMAC-SHA1&oauth_nonce=12606272174d85622ad26ce8.80381248&oauth_timestamp=1300587050&oauth_version=1.0&oauth_token=238zec5p4rpcpbfd8j36sjggz3jfsssybhxgcn9kvmmrmdxr3t4f2cnspt4dg5xf&oauth_signature=1mZhJ9AUbi0sm6qhNaAntumAckU%3D) [function.OAuth-fetch]: failed to open stream: HTTP request failed! HTTP/1.0 596

The problem is most likely that the arguments (method=currentUser) aren't being passed via POST properly. Does anyone have any idea how to do this using PECL's OAuth extensions?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

相守太难 2024-10-30 12:41:04

如果有人在寻找答案时遇到此问题,我发现以下方法有效:

要执行 POST OAuth 签名请求,您需要通过在 fetch 之前添加此方法,将 OAuth 对象设置为使用 POST 而不是 GET 发送() 方法:

$oauth->setAuthType(OAUTH_AUTH_TYPE_FORM); 

即使您在 fetch() 方法中使用 OAUTH_HTTP_METHOD_POST 参数,OAuth 实例本身也需要具有 setAuthType( OAUTH_AUTH_TYPE_FORM) 首先调用它。

我引用的具体示例的代码是:

    if(!isset($_GET['oauth_token']) && $_SESSION['state']==1) $_SESSION['state'] = 0;

$oauth = new OAuth($rdio_conskey,$rdio_conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI);
$oauth->enableDebug();
if(!isset($_GET['oauth_token']) && !$_SESSION['state']) {
  $request_token_info = $oauth->getRequestToken($rdio_req_url);
  $_SESSION['secret'] = $request_token_info['oauth_token_secret'];
  $_SESSION['state'] = 1;
  header('Location: '.$rdio_auth_url.'?oauth_token='.$request_token_info['oauth_token'].'&oauth_callback='.$callbackurl);
  exit;
} else if($_SESSION['state']==1) {
  $oauth->setToken($_GET['oauth_token'],$_SESSION['secret']);
  $access_token_info = $oauth->getAccessToken($rdio_acc_url);
  $_SESSION['state'] = 2;
  $_SESSION['token'] = $access_token_info['oauth_token'];
  $_SESSION['secret'] = $access_token_info['oauth_token_secret'];
}   

$oauth = new OAuth($rdio_conskey, $rdio_conssec, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$oauth->setToken($access_token_info['oauth_token'],$access_token_info['oauth_token_secret']);
$oauth->setAuthType(OAUTH_AUTH_TYPE_FORM);

$oauth->fetch($rdio_api_url, array("method" => "currentUser", "extras" => "username"), OAUTH_HTTP_METHOD_FORM);
$json = json_decode($oauth->getLastResponse());    

print_r($json);

In case anyone comes across this looking for the answer, here is what I found works:

To perform a POST OAuth signed request, you need to set the OAuth object to send using POST instead of GET by adding this method before the fetch() method:

$oauth->setAuthType(OAUTH_AUTH_TYPE_FORM); 

Even if you're using the OAUTH_HTTP_METHOD_POST parameter in the fetch() method, the OAuth instance itself needs to have setAuthType(OAUTH_AUTH_TYPE_FORM) called on it first.

The code for the specific example I was citing is:

    if(!isset($_GET['oauth_token']) && $_SESSION['state']==1) $_SESSION['state'] = 0;

$oauth = new OAuth($rdio_conskey,$rdio_conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI);
$oauth->enableDebug();
if(!isset($_GET['oauth_token']) && !$_SESSION['state']) {
  $request_token_info = $oauth->getRequestToken($rdio_req_url);
  $_SESSION['secret'] = $request_token_info['oauth_token_secret'];
  $_SESSION['state'] = 1;
  header('Location: '.$rdio_auth_url.'?oauth_token='.$request_token_info['oauth_token'].'&oauth_callback='.$callbackurl);
  exit;
} else if($_SESSION['state']==1) {
  $oauth->setToken($_GET['oauth_token'],$_SESSION['secret']);
  $access_token_info = $oauth->getAccessToken($rdio_acc_url);
  $_SESSION['state'] = 2;
  $_SESSION['token'] = $access_token_info['oauth_token'];
  $_SESSION['secret'] = $access_token_info['oauth_token_secret'];
}   

$oauth = new OAuth($rdio_conskey, $rdio_conssec, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$oauth->setToken($access_token_info['oauth_token'],$access_token_info['oauth_token_secret']);
$oauth->setAuthType(OAUTH_AUTH_TYPE_FORM);

$oauth->fetch($rdio_api_url, array("method" => "currentUser", "extras" => "username"), OAUTH_HTTP_METHOD_FORM);
$json = json_decode($oauth->getLastResponse());    

print_r($json);
归属感 2024-10-30 12:41:04

使用 OAUTH_AUTH_TYPE_FORM 只是一种解决方法。

Pecl 的 oauth 扩展版本 1.2.3 有一个错误getRequestTokengetAccessToken 使用 GET 请求而不是 RFC 想要的 POST 请求。

您可以通过将 OAUTH_HTTP_METHOD_POST 作为第三个参数传递给 getRequestToken 并将第四个参数传递给 getAccessToken 来解决此错误。是的,这些参数没有记录


pecl/oauth 版本 1.2.4 将默认为 POST。

Using OAUTH_AUTH_TYPE_FORM is only a workaround.

Pecl's oauth extension version 1.2.3 has a bug; getRequestToken and getAccessToken use GET requests instead of POST as the RFC wants.

You can work around this bug by passing OAUTH_HTTP_METHOD_POST as 3rd parameter to getRequestToken and 4th parameter to getAccessToken. Yes, those parameters are undocumented.


Version 1.2.4 of pecl/oauth will default to POST.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文