如何使用PHP获取Access Token和AccessToken的秘密?
<?php

// Oauth basic configuration

$oauthbaseurl    = "https://sandbox.woohoo.in/";
$requestTokenUrl = "https://sandbox.woohoo.in/oauth/initiate?oauth_callback=oob";
$accessTokenUrl  = "https://sandbox.woohoo.in/oauth/token";
$consumerkey     = "8af50260ae5444bdc34665c2b6e6daa9";
$consumersecret  = "93c1d8f362749dd1fe0a819ae8b5de95";
$callbackUrl     = "https://sandbox.woohoo.in/";

// oauth library file included

include_once "../../library/OAuthStore.php";
include_once "../../library/OAuthRequester.php";
define("WOOHOO_CONSUMER_KEY", "8af50260ae5444bdc34665c2b6e6daa9"); // 
define("WOOHOO_CONSUMER_SECRET", "93c1d8f362749dd1fe0a819ae8b5de95"); 

// define constant variable

define("WOOHOO_OAUTH_HOST", "https://sandbox.woohoo.in/");
define("WOOHOO_REQUEST_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/initiate?oauth_callback=oob");
define("WOOHOO_AUTHORIZE_URL", WOOHOO_OAUTH_HOST . "oauth/authorize/customerVerifier");
define("WOOHOO_ACCESS_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/token");
define('OAUTH_TMP_DIR', function_exists('sys_get_temp_dir') ? sys_get_temp_dir() : realpath($_ENV["TMP"]));

// Init the OAuthStore

$options = array(
    'consumer_key' => WOOHOO_CONSUMER_KEY,
    'consumer_secret' => WOOHOO_CONSUMER_SECRET,
    'server_uri' => WOOHOO_OAUTH_HOST,
    'request_token_uri' => WOOHOO_REQUEST_TOKEN_URL,
    'access_token_uri' => WOOHOO_ACCESS_TOKEN_URL
);

// Note: do not use "Session" storage in production. Prefer a database
// storage, such as MySQL.

OAuthStore::instance("Session", $options);
try {
    if (empty($_GET["oauth_token"])) {
        $getAuthTokenParams = array(
            'scope' => 'https://sandbox.woohoo.in/',
            'xoauth_displayname' => 'Oauth test',
            'oauth_callback' => 'https://sandbox.woohoo.in/'
        );

        // get a request token

        $tokenResultParams  = OAuthRequester::requestRequestToken(WOOHOO_CONSUMER_KEY, 0, $getAuthTokenParams);

// print the token result params

        echo "Token obtain response";
        echo "<pre>";
        print_r($tokenResultParams);




        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => WOOHOO_AUTHORIZE_URL . "?oauth_token=" . $tokenResultParams['token'] . "&username=finnovationapisandbox@woohoo.in&password=finnovationapisandbox@1234",
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_HTTPHEADER => array(
                "cache-control: no-cache"
            )
        ));
        $woohoovery_response = curl_exec($curl);
        $err                 = curl_error($curl);
        curl_close($curl);
        if ($err) {
            echo "cURL Error #:" . $err;
        } else {
            echo $woohoovery_response;
        }
        $woohoovery = json_decode($woohoovery_response);
        $verifier   = $woohoovery->verifier;

// print the verifier

        echo "Token verrified response";
        echo "<pre>";
        print_r($woohoovery_response);

        //exit;

        $oauthTimestamp = time();
        $characters     = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        $nonce          = '';
        for ($i = 0; $i < 32; $i++) {
            $nonce .= $characters[mt_rand(0, strlen($characters) - 1)];
        }
        $oauthSignatureMethod = "HMAC-SHA1";
        $oauthVersion         = "1.0";
        $params               = array(
            'oauth_consumer_key' => $consumerkey,
            'oauth_signature_method' => 'HMAC-SHA1',
            'oauth_timestamp' => $oauthTimestamp,
            'oauth_nonce' => $nonce,
            'oauth_verifier' => $verifier,
            'oauth_token' => $tokenResultParams['token'],
            'oauth_version' => '1.0'
        );
        echo "<pre>";
        print_r($params);

        //exit;

        $post_string = urlencode('GET') . "&" . urlencode(WOOHOO_ACCESS_TOKEN_URL) . "?";
        echo "<pre>";
        print_r($post_string);
        //exit;
        foreach ($params as $key => $value) {
            $stringPart = urlencode($key . "=" . $value . "&");
            $post_string .= $stringPart;
        }
        //exit;
        $post_string  = rtrim($post_string, '%26');


        $signatureKey = urlencode($consumersecret) . "&" . urlencode($tokenResultParams['token_secret']);
        echo "<pre>";
        print_r($signatureKey);
        $signature = base64_encode(hash_hmac('sha1', $post_string, $signatureKey));
        $signature = urlencode($signature);

// print the signature

        echo "<pre>";
        echo " signature ";
        print_r($signature);
        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => WOOHOO_ACCESS_TOKEN_URL . "?oauth_consumer_key=" . WOOHOO_CONSUMER_KEY . "&oauth_verifier=" . $verifier . "&oauth_token=" . $tokenResultParams['token'] . "&oauth_signature_method=" . $oauthSignatureMethod . "&oauth_signature=" . $signature . "&oauth_nonce=" . $nonce . "&oauth_timestamp=" . $oauthTimestamp . "&oauth_version=1.0",
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_HTTPHEADER => array(
                "cache-control: no-cache"
            )
        ));
        $woohoospendresponse = curl_exec($curl);
        $err                 = curl_error($curl);
        curl_close($curl);

// print final access token and secret key here i m getting signature invalid error

        echo "<pre>";
        print_r($woohoospendresponse);
        exit;
        if ($err) {
            echo "cURL Error #:" . $err;
        } else {
            echo $woohoospendresponse;
        }
    }
}
catch (OAuthException2 $e) {
    echo "OAuthException:  " . $e->getMessage();
    var_dump($e);
}
?>
dqsvnsad79721
dqsvnsad79721 请有人帮我解决这个问题。谢谢你提前
3 年多之前 回复

1个回答



您尝试引用的访问令牌机密是什么? 在任何OAuth实现中,您将获得授权码,访问令牌,刷新令牌,承载令牌。 在执行php代码之前,您是否验证了Curl请求? 调用Curl命令,看看是否能够检索所需的值。</ p>

以下是一些可用于测试的Curl请求。 确保你的Curls工作,然后继续修复你的php代码</ p>

  #To retrieve Authorization Code 
Curl -X POST -d“client_id = 6731de76-14a6-49ae-97bc- 6eba6914391e
&安培; RESPONSE_TYPE =区号
&安培; REDIRECT_URI = HTTP%3A%2F%2Flocalhost%2Fmyapp%2F
&安培; response_mode =查询
&安培;资源= HTTPS%3A%2F%2Fservice.contoso.com%2F
&安培; state = 12345“'https://login.microsoftonline.com/{tenant}/oauth2/authorize?'
nnn#使用授权代码检索访问令牌
ncl -X POST -H”Cache-Control: no-cache“-H”内容类型:application / x-www-form-urlencoded“-d”code = AQABAAIAAABnfi&amp; client_id = 12456&amp; grant_type = authorization_code&amp; redirect_uri = http%3A%2F%2Flocalhost%3A8080%2F“ 'https://login.microsoftonline.com/common/oauth2/v2.0/token'
nnn#这将检索新的访问令牌和刷新令牌。 这适用于本机客户端,不需要client_secret
curl -X POST -H“Cache-Control:no-cache”-H“Content-Type:application / x-www-form-urlencoded”-d“client_id = 123456&amp; ; refresh_token = dlfldfdklfdfsADS2sd&amp; grant_type = refresh_token&amp; client_secret =“'https://login.microsoftonline.com/common/oauth2/v2.0/token'

</ div>

展开原文

原文

What is access token secret that you are trying to refer? in any OAuth implementation you will get Authorization Code, Access token, refresh tokens, bearer tokens. Did you verify your Curl requests before executing your php code. Invoke Curl command and see if you were able to retrieve the required values.

Following are some of the Curl requests that you can use to test. Make sure your Curls are working and then proceed fixing your php code

#To retrieve Authorization Code
Curl -X POST -d "client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&resource=https%3A%2F%2Fservice.contoso.com%2F
&state=12345" 'https://login.microsoftonline.com/{tenant}/oauth2/authorize?'


#To retrieve acess token using Authorization code
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "code=AQABAAIAAABnfi&client_id=12456&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'


#This will retrieve new access token and refresh token. This is for native client which doesn't require client_secret
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=123456&refresh_token=dlfldfdklfdfsADS2sd&grant_type=refresh_token&client_secret=" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐