OAuth 身份验证后 LinkedIn API 调用出现问题
我已成功完成 LinkedIn OAuth 流程(使用 REST API - OAuth 1.0a)。但是,我在回调后的第一次 API 调用时遇到了问题。我在我正在编写的库中设置了 UserToken、UserTokenSecret 和 UserVerfier,并调用此函数来获取我的个人资料信息:
public function getUserProfile()
{
$consumer = new OAuthConsumer($this->consumer_key, $this->consumer_secret, NULL);
$auth_token = new OAuthConsumer($this->getUserToken(), $this->getUserTokenSecret());
$access_token_req = new OAuthRequest("GET", $this->access_token_endpoint);
$params['oauth_verifier'] = $this->getUserVerifier();
$access_token_req = $access_token_req->from_consumer_and_token($this->consumer,
$auth_token, "GET", $this->access_token_endpoint, $params);
$access_token_req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer,
$auth_token);
$after_access_request = $this->doHttpRequest($access_token_req->to_url());
$access_tokens = array();
parse_str($after_access_request,$access_tokens);
# line 234 below
$access_token = new OAuthConsumer($access_tokens['oauth_token'], $access_tokens['oauth_token_secret']);
// prepare for get profile call
$profile_req = $access_token_req->from_consumer_and_token($consumer,
$access_token, "GET", $this->api_url.'/v1/people/~');
$profile_req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer,$access_token);
$after_request = $this->doHttpRequest($profile_req->to_url());
var_dump($after_request);
}
函数 var_dumps 一个字符串,这是我的个人资料的基本概要:
string(402) " User Name etc. etc. http://www.linkedin.com/profile?viewProfile=&key=28141694&authToken=HWBC&authType=name&trk=api*a137731*s146100* "
很好。然而,当我刷新页面时,相同的函数调用失败并显示:(
Undefined index: oauth_token, line number: 234
此行在上面的代码块中标有注释)。
然后,当然,var_dump 会从 LinkedIn 报告此错误:
string(290) " 401 1310652477038 R8MHA2787T 0 [unauthorized]. The token used in the OAuth request is not valid. "
需要注意的是:
- 用户令牌、秘密和验证程序在初始授权回调期间(就在调用此函数之前)保留。因此,它们在第一次调用期间(当它工作时,从 linkedin 返回后)和页面重新加载期间(当它在第 234 行失败时)是相同的。
另外,我必须承认我不能 100% 确定我理解这个函数中发生的一切。我实际上从本教程中获取了示例(关于不同的服务,而不是 linkedin) http://apiwiki .justin.tv/mediawiki/index.php/OAuth_PHP_Tutorial 并将其与我从 LinkedIn API 文档中收集的信息相结合,这些文档分布在他们的开发者网站上。最值得注意的是添加了本教程未使用的“验证器”。
任何对此问题的见解将不胜感激。提前致谢。 -Nick
更新
我能做到这一点的唯一方法是每次都进行新的 OAuth 握手。这是事情应该发生的方式吗?我的印象是,一旦获得用户令牌/秘密和验证器,我就可以使用它们进行连续的 API 调用,直到令牌过期或被撤销。
就像现在一样,每次页面重新加载时,我都会请求新的用户令牌、秘密和验证程序,然后立即调用以获取用户配置文件(成功)。下次重新加载时,我会得到一个全新的密钥/秘密和验证器。似乎每次调用都有相当多的工作,据我了解,您应该能够使用此方法执行离线操作 - 如果我每次都需要新的授权,那么我想我不能这样做?
I've successfully made my way through the LinkedIn OAuth process (using the REST API - OAuth 1.0a). However I'm having trouble with my first API call after the callback. I set the UserToken, UserTokenSecret and UserVerfier in the library I am writing, and this call this function to get my profile information:
public function getUserProfile()
{
$consumer = new OAuthConsumer($this->consumer_key, $this->consumer_secret, NULL);
$auth_token = new OAuthConsumer($this->getUserToken(), $this->getUserTokenSecret());
$access_token_req = new OAuthRequest("GET", $this->access_token_endpoint);
$params['oauth_verifier'] = $this->getUserVerifier();
$access_token_req = $access_token_req->from_consumer_and_token($this->consumer,
$auth_token, "GET", $this->access_token_endpoint, $params);
$access_token_req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer,
$auth_token);
$after_access_request = $this->doHttpRequest($access_token_req->to_url());
$access_tokens = array();
parse_str($after_access_request,$access_tokens);
# line 234 below
$access_token = new OAuthConsumer($access_tokens['oauth_token'], $access_tokens['oauth_token_secret']);
// prepare for get profile call
$profile_req = $access_token_req->from_consumer_and_token($consumer,
$access_token, "GET", $this->api_url.'/v1/people/~');
$profile_req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer,$access_token);
$after_request = $this->doHttpRequest($profile_req->to_url());
var_dump($after_request);
}
The function var_dumps a string, which is the basic synopsis of my profile:
string(402) " User Name etc. etc. http://www.linkedin.com/profile?viewProfile=&key=28141694&authToken=HWBC&authType=name&trk=api*a137731*s146100* "
That's good. However, the minute I refresh the page, the same function call fails with:
Undefined index: oauth_token, line number: 234
(this line marked with comment in above code block).
Then, of course, the var_dump reports this error from LinkedIn:
string(290) " 401 1310652477038 R8MHA2787T 0 [unauthorized]. The token used in the OAuth request is not valid. "
something to note:
- the user token, secret, and verifier are persisted during the initial authorization callback (right before this function is called). So, they are the same during the first call (when it works, right after coming back from linkedin) and during a page reload (when it fails on line 234).
Also, I must admit I'm not 100% sure I understand everything that's going on in this function. I actually took examples from this tutorial (about a different service, not linkedin) http://apiwiki.justin.tv/mediawiki/index.php/OAuth_PHP_Tutorial and combined it with the information I gathered from the LinkedIn API documentation, spread throughout their developer site. Most notable was the addition of the 'verifier' which the tutorial did not use.
Any insight into this problem would be greatly appreciated. Thanks in advance.
-Nick
UPDATE
The only way I've been able to get this going is to do a new OAuth handshake every single time. Is this the way it's supposed to happen? I was under the impression that once I got my user token/secret and verifier, that I could then use these for continuous API calls until the token expired or was revoked.
As it is now, every time the page reloads I'm requesting a new user token, secret and verifier, then immediately calling to get the user profile (which succeeds). Next reload, I get a whole new key/secret and verifier. Seems like quite a lot of work for each call, and as I understood it, you should be able to perform offline operations with this method - and if I need new authorization each time, then I guess I can't do that?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
出色地。我终于弄清楚发生了什么事,所以我想在这里发布答案,以防万一其他人遇到这个问题。
我用作指南的示例是有缺陷的。检索访问令牌后,您应该创建一个新的 OAuthRequest 对象,而不是使用现有的 $access_token_req 实例。
所以这个:
应该改为这样:
Well. I've finally figured out what was going on so thought I'd post the answer here, just in case someone else runs into this.
The example that I was using as a guide was flawed. After the access token is retrieved, you should then create a new OAuthRequest object, instead of using the existing $access_token_req instance.
So this:
Should be changed to this: