PHP。如何获取访问令牌。使用 Google API 的 OAuth 2.0 进行身份验证
我发现这个函数据说可以获取accessToken,但我什么也没得到。 我确实有 $_REQUEST['code'] 以及该函数所需的其他信息。
任何想法这里有什么问题吗? 谢谢。
//Oauth 2.0: exchange token for session token so multiple calls can be made to api
if(isset($_REQUEST['code'])){
$_SESSION['accessToken'] = get_oauth2_token($_REQUEST['code']);
}
//returns session token for calls to API using oauth 2.0
function get_oauth2_token($code) {
global $client_id;
global $client_secret;
global $redirect_uri;
$oauth2token_url = "https://accounts.google.com/o/oauth2/token";
$clienttoken_post = array(
"code" => $code,
"client_id" => $client_id,
"client_secret" => $client_secret,
"redirect_uri" => $redirect_uri,
"grant_type" => "authorization_code"
);
$curl = curl_init($oauth2token_url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
if (isset($authObj->refresh_token)){
//refresh token only granted on first authorization for offline access
//save to db for future use (db saving not included in example)
global $refreshToken;
$refreshToken = $authObj->refresh_token;
}
$accessToken = $authObj->access_token;
return $accessToken;
}
I found this function that supposedly gets the accessToken, but I get nothing.
I do have the $_REQUEST['code'], and the other information needed in this function.
Any ideas what is wrong here?
Thanks.
//Oauth 2.0: exchange token for session token so multiple calls can be made to api
if(isset($_REQUEST['code'])){
$_SESSION['accessToken'] = get_oauth2_token($_REQUEST['code']);
}
//returns session token for calls to API using oauth 2.0
function get_oauth2_token($code) {
global $client_id;
global $client_secret;
global $redirect_uri;
$oauth2token_url = "https://accounts.google.com/o/oauth2/token";
$clienttoken_post = array(
"code" => $code,
"client_id" => $client_id,
"client_secret" => $client_secret,
"redirect_uri" => $redirect_uri,
"grant_type" => "authorization_code"
);
$curl = curl_init($oauth2token_url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
if (isset($authObj->refresh_token)){
//refresh token only granted on first authorization for offline access
//save to db for future use (db saving not included in example)
global $refreshToken;
$refreshToken = $authObj->refresh_token;
}
$accessToken = $authObj->access_token;
return $accessToken;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
这就是我为获取访问令牌和刷新令牌所做的事情。
创建一个包含以下代码的文件:
现在,将
YOUR_CLIENT_ID和YOUR_CLIENT_SECRET替换为您的客户端 ID 和客户端密钥。确保您的范围正确。例如,如果您想访问 Analytics,则应为
https://www.googleapis.com/auth/analytics。如果运行该文件,您应该会看到 OAuth2 批准屏幕。
如果您现在按
接受,您应该会得到如下所示的结果:该结果可能包含其他字段,具体取决于您申请的范围。
This is what I did to get my access token and refresh token.
Create a file that contains the following code :
Now, replace
YOUR_CLIENT_IDandYOUR_CLIENT_SECRETwith your client ID and client secret.Make sure your scope is correct. For example, it should be
https://www.googleapis.com/auth/analyticsif you want to get access to Analytics.If you run the file, you should get an OAuth2 approval screen.
If you now press
Accept, you should get a result that looks like this:The result may contain additional fields, depending on which scope you're applying for.
我没有发现您的代码有任何问题,但您可能想尝试刷新客户端密钥,看看是否有帮助。另外,我建议您准确查看curl命令返回的响应,我怀疑它是“invalid_grant”。
更好的方法是使用 google 的 php api 客户端:
https:// /code.google.com/p/google-api-php-client/
它为您处理大部分通信。那里的例子非常容易使用。这主要取决于您尝试访问哪个谷歌服务。
I don't see anything wrong with your code, but you may want to try refreshing the client secret and see if that helps. Additionally, I would suggest you see exactly what the response is coming back from your curl command, I suspect it's "invalid_grant".
A much better way to do this is to use google's php api client:
https://code.google.com/p/google-api-php-client/
which handles most of the communication for you. The examples there are very easy to use. It mostly depends on which google service you are trying to access.
该代码看起来很熟悉 - 我使用大致相同的代码 - 您可以尝试两件事。
使用 echo 将响应回显给浏览器
回显$json_response;
获取 Fiddler 并在调用curl_exec之前使用以下行
curl_setopt($curl, CURLOPT_PROXY, '127.0.0.1:8888');
'恐怕我也没有让它工作 - 我得到的回应是
现在如果有人知道这是怎么回事;)
that code looks familiar - I'm using roughly the same code - there are two things you can try.
Use echo to echo the response to the Browser
echo $json_response;
Get hold of Fiddler and use the following line before the call to curl_exec
curl_setopt($curl, CURLOPT_PROXY, '127.0.0.1:8888');
'fraid I've not got it working either - the response I am getting is
Now if anyone knows how what is wrong with this ;)
来自“OAuth 2.0 授权协议草案-ietf-oauth-v2-20”的第 4.4.2 节
所以POSTed参数应该以字符串的形式提交,而不是数组。 PHP 手册中的curl_setopt 也提到了这一点。
因此,您可能不想发布 $clienttoken_post,而是发布 http_build_query($clienttoken_post,'','&')。
这可能无法解决您的所有问题,但这可能是朝着正确方向迈出的一步。
From section 4.4.2 of "The OAuth 2.0 Authorization Protocol draft-ietf-oauth-v2-20"
So the POSTed parameters should be submitted in the form of a string, not an array. This is mentioned in the PHP manual for curl_setopt too.
So instead of posting $clienttoken_post, you might want to post http_build_query($clienttoken_post,'','&').
This might not solve all your problems, but it's probably a step in the right direction.
我遇到了同样的错误,我发现添加
允许请求遵循重定向很快就解决了它。我希望这对其他人有帮助!
I had the same error, and I found that adding
to allow the request follow a redirect solved it quickly. I hope that helps someone else!