doubi5127 2017-05-18 07:52
浏览 170

如何使用PHP获取Access Token和AccessToken的秘密?

<?php

// Oauth basic configuration

$oauthbaseurl    = "https://sandbox.woohoo.in/";
$requestTokenUrl = "https://sandbox.woohoo.in/oauth/initiate?oauth_callback=oob";
$accessTokenUrl  = "https://sandbox.woohoo.in/oauth/token";
$consumerkey     = "8af50260ae5444bdc34665c2b6e6daa9";
$consumersecret  = "93c1d8f362749dd1fe0a819ae8b5de95";
$callbackUrl     = "https://sandbox.woohoo.in/";

// oauth library file included

include_once "../../library/OAuthStore.php";
include_once "../../library/OAuthRequester.php";
define("WOOHOO_CONSUMER_KEY", "8af50260ae5444bdc34665c2b6e6daa9"); // 
define("WOOHOO_CONSUMER_SECRET", "93c1d8f362749dd1fe0a819ae8b5de95");

// define constant variable

define("WOOHOO_OAUTH_HOST", "https://sandbox.woohoo.in/");
define("WOOHOO_REQUEST_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/initiate?oauth_callback=oob");
define("WOOHOO_AUTHORIZE_URL", WOOHOO_OAUTH_HOST . "oauth/authorize/customerVerifier");
define("WOOHOO_ACCESS_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/token");
define('OAUTH_TMP_DIR', function_exists('sys_get_temp_dir') ? sys_get_temp_dir() : realpath($_ENV["TMP"]));

// Init the OAuthStore

$options = array(
    'consumer_key' => WOOHOO_CONSUMER_KEY,
    'consumer_secret' => WOOHOO_CONSUMER_SECRET,
    'server_uri' => WOOHOO_OAUTH_HOST,
    'request_token_uri' => WOOHOO_REQUEST_TOKEN_URL,
    'access_token_uri' => WOOHOO_ACCESS_TOKEN_URL
);

// Note: do not use "Session" storage in production. Prefer a database
// storage, such as MySQL.

OAuthStore::instance("Session", $options);
try {
    if (empty($_GET["oauth_token"])) {
        $getAuthTokenParams = array(
            'scope' => 'https://sandbox.woohoo.in/',
            'xoauth_displayname' => 'Oauth test',
            'oauth_callback' => 'https://sandbox.woohoo.in/'
        );

        // get a request token

        $tokenResultParams  = OAuthRequester::requestRequestToken(WOOHOO_CONSUMER_KEY, 0, $getAuthTokenParams);

// print the token result params

        echo "Token obtain response";
        echo "<pre>";
        print_r($tokenResultParams);




        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => WOOHOO_AUTHORIZE_URL . "?oauth_token=" . $tokenResultParams['token'] . "&username=finnovationapisandbox@woohoo.in&password=finnovationapisandbox@1234",
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_HTTPHEADER => array(
                "cache-control: no-cache"
            )
        ));
        $woohoovery_response = curl_exec($curl);
        $err                 = curl_error($curl);
        curl_close($curl);
        if ($err) {
            echo "cURL Error #:" . $err;
        } else {
            echo $woohoovery_response;
        }
        $woohoovery = json_decode($woohoovery_response);
        $verifier   = $woohoovery->verifier;

// print the verifier

        echo "Token verrified response";
        echo "<pre>";
        print_r($woohoovery_response);

        //exit;

        $oauthTimestamp = time();
        $characters     = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        $nonce          = '';
        for ($i = 0; $i < 32; $i++) {
            $nonce .= $characters[mt_rand(0, strlen($characters) - 1)];
        }
        $oauthSignatureMethod = "HMAC-SHA1";
        $oauthVersion         = "1.0";
        $params               = array(
            'oauth_consumer_key' => $consumerkey,
            'oauth_signature_method' => 'HMAC-SHA1',
            'oauth_timestamp' => $oauthTimestamp,
            'oauth_nonce' => $nonce,
            'oauth_verifier' => $verifier,
            'oauth_token' => $tokenResultParams['token'],
            'oauth_version' => '1.0'
        );
        echo "<pre>";
        print_r($params);

        //exit;

        $post_string = urlencode('GET') . "&" . urlencode(WOOHOO_ACCESS_TOKEN_URL) . "?";
        echo "<pre>";
        print_r($post_string);
        //exit;
        foreach ($params as $key => $value) {
            $stringPart = urlencode($key . "=" . $value . "&");
            $post_string .= $stringPart;
        }
        //exit;
        $post_string  = rtrim($post_string, '%26');


        $signatureKey = urlencode($consumersecret) . "&" . urlencode($tokenResultParams['token_secret']);
        echo "<pre>";
        print_r($signatureKey);
        $signature = base64_encode(hash_hmac('sha1', $post_string, $signatureKey));
        $signature = urlencode($signature);

// print the signature 

        echo "<pre>";
        echo " signature ";
        print_r($signature);
        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => WOOHOO_ACCESS_TOKEN_URL . "?oauth_consumer_key=" . WOOHOO_CONSUMER_KEY . "&oauth_verifier=" . $verifier . "&oauth_token=" . $tokenResultParams['token'] . "&oauth_signature_method=" . $oauthSignatureMethod . "&oauth_signature=" . $signature . "&oauth_nonce=" . $nonce . "&oauth_timestamp=" . $oauthTimestamp . "&oauth_version=1.0",
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_HTTPHEADER => array(
                "cache-control: no-cache"
            )
        ));
        $woohoospendresponse = curl_exec($curl);
        $err                 = curl_error($curl);
        curl_close($curl);

// print final access token and secret key here i m getting signature invalid error

        echo "<pre>";
        print_r($woohoospendresponse);
        exit;
        if ($err) {
            echo "cURL Error #:" . $err;
        } else {
            echo $woohoospendresponse;
        }
    }
}
catch (OAuthException2 $e) {
    echo "OAuthException:  " . $e->getMessage();
    var_dump($e);
}
?>
  • 写回答

1条回答 默认 最新

  • duanhai4046 2017-05-18 23:39
    关注

    What is access token secret that you are trying to refer? in any OAuth implementation you will get Authorization Code, Access token, refresh tokens, bearer tokens. Did you verify your Curl requests before executing your php code. Invoke Curl command and see if you were able to retrieve the required values.

    Following are some of the Curl requests that you can use to test. Make sure your Curls are working and then proceed fixing your php code

    #To retrieve Authorization Code
Curl -X POST -d "client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&resource=https%3A%2F%2Fservice.contoso.com%2F
&state=12345" 'https://login.microsoftonline.com/{tenant}/oauth2/authorize?'


#To retrieve acess token using Authorization code
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "code=AQABAAIAAABnfi&client_id=12456&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'


#This will retrieve new access token and refresh token. This is for native client which doesn't require client_secret
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=123456&refresh_token=dlfldfdklfdfsADS2sd&grant_type=refresh_token&client_secret=" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'
    评论

报告相同问题?

悬赏问题

  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥15 stable diffusion
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘
  • ¥15 perl MISA分析p3_in脚本出错
  • ¥15 k8s部署jupyterlab,jupyterlab保存不了文件
  • ¥15 ubuntu虚拟机打包apk错误
  • ¥199 rust编程架构设计的方案 有偿