doubi5127 2017-05-18 07:52
浏览 170

如何使用PHP获取Access Token和AccessToken的秘密?

<?php

// Oauth basic configuration

$oauthbaseurl    = "https://sandbox.woohoo.in/";
$requestTokenUrl = "https://sandbox.woohoo.in/oauth/initiate?oauth_callback=oob";
$accessTokenUrl  = "https://sandbox.woohoo.in/oauth/token";
$consumerkey     = "8af50260ae5444bdc34665c2b6e6daa9";
$consumersecret  = "93c1d8f362749dd1fe0a819ae8b5de95";
$callbackUrl     = "https://sandbox.woohoo.in/";

// oauth library file included

include_once "../../library/OAuthStore.php";
include_once "../../library/OAuthRequester.php";
define("WOOHOO_CONSUMER_KEY", "8af50260ae5444bdc34665c2b6e6daa9"); // 
define("WOOHOO_CONSUMER_SECRET", "93c1d8f362749dd1fe0a819ae8b5de95");

// define constant variable

define("WOOHOO_OAUTH_HOST", "https://sandbox.woohoo.in/");
define("WOOHOO_REQUEST_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/initiate?oauth_callback=oob");
define("WOOHOO_AUTHORIZE_URL", WOOHOO_OAUTH_HOST . "oauth/authorize/customerVerifier");
define("WOOHOO_ACCESS_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/token");
define('OAUTH_TMP_DIR', function_exists('sys_get_temp_dir') ? sys_get_temp_dir() : realpath($_ENV["TMP"]));

// Init the OAuthStore

$options = array(
    'consumer_key' => WOOHOO_CONSUMER_KEY,
    'consumer_secret' => WOOHOO_CONSUMER_SECRET,
    'server_uri' => WOOHOO_OAUTH_HOST,
    'request_token_uri' => WOOHOO_REQUEST_TOKEN_URL,
    'access_token_uri' => WOOHOO_ACCESS_TOKEN_URL
);

// Note: do not use "Session" storage in production. Prefer a database
// storage, such as MySQL.

OAuthStore::instance("Session", $options);
try {
    if (empty($_GET["oauth_token"])) {
        $getAuthTokenParams = array(
            'scope' => 'https://sandbox.woohoo.in/',
            'xoauth_displayname' => 'Oauth test',
            'oauth_callback' => 'https://sandbox.woohoo.in/'
        );

        // get a request token

        $tokenResultParams  = OAuthRequester::requestRequestToken(WOOHOO_CONSUMER_KEY, 0, $getAuthTokenParams);

// print the token result params

        echo "Token obtain response";
        echo "<pre>";
        print_r($tokenResultParams);




        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => WOOHOO_AUTHORIZE_URL . "?oauth_token=" . $tokenResultParams['token'] . "&username=finnovationapisandbox@woohoo.in&password=finnovationapisandbox@1234",
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_HTTPHEADER => array(
                "cache-control: no-cache"
            )
        ));
        $woohoovery_response = curl_exec($curl);
        $err                 = curl_error($curl);
        curl_close($curl);
        if ($err) {
            echo "cURL Error #:" . $err;
        } else {
            echo $woohoovery_response;
        }
        $woohoovery = json_decode($woohoovery_response);
        $verifier   = $woohoovery->verifier;

// print the verifier

        echo "Token verrified response";
        echo "<pre>";
        print_r($woohoovery_response);

        //exit;

        $oauthTimestamp = time();
        $characters     = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        $nonce          = '';
        for ($i = 0; $i < 32; $i++) {
            $nonce .= $characters[mt_rand(0, strlen($characters) - 1)];
        }
        $oauthSignatureMethod = "HMAC-SHA1";
        $oauthVersion         = "1.0";
        $params               = array(
            'oauth_consumer_key' => $consumerkey,
            'oauth_signature_method' => 'HMAC-SHA1',
            'oauth_timestamp' => $oauthTimestamp,
            'oauth_nonce' => $nonce,
            'oauth_verifier' => $verifier,
            'oauth_token' => $tokenResultParams['token'],
            'oauth_version' => '1.0'
        );
        echo "<pre>";
        print_r($params);

        //exit;

        $post_string = urlencode('GET') . "&" . urlencode(WOOHOO_ACCESS_TOKEN_URL) . "?";
        echo "<pre>";
        print_r($post_string);
        //exit;
        foreach ($params as $key => $value) {
            $stringPart = urlencode($key . "=" . $value . "&");
            $post_string .= $stringPart;
        }
        //exit;
        $post_string  = rtrim($post_string, '%26');


        $signatureKey = urlencode($consumersecret) . "&" . urlencode($tokenResultParams['token_secret']);
        echo "<pre>";
        print_r($signatureKey);
        $signature = base64_encode(hash_hmac('sha1', $post_string, $signatureKey));
        $signature = urlencode($signature);

// print the signature 

        echo "<pre>";
        echo " signature ";
        print_r($signature);
        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => WOOHOO_ACCESS_TOKEN_URL . "?oauth_consumer_key=" . WOOHOO_CONSUMER_KEY . "&oauth_verifier=" . $verifier . "&oauth_token=" . $tokenResultParams['token'] . "&oauth_signature_method=" . $oauthSignatureMethod . "&oauth_signature=" . $signature . "&oauth_nonce=" . $nonce . "&oauth_timestamp=" . $oauthTimestamp . "&oauth_version=1.0",
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_HTTPHEADER => array(
                "cache-control: no-cache"
            )
        ));
        $woohoospendresponse = curl_exec($curl);
        $err                 = curl_error($curl);
        curl_close($curl);

// print final access token and secret key here i m getting signature invalid error

        echo "<pre>";
        print_r($woohoospendresponse);
        exit;
        if ($err) {
            echo "cURL Error #:" . $err;
        } else {
            echo $woohoospendresponse;
        }
    }
}
catch (OAuthException2 $e) {
    echo "OAuthException:  " . $e->getMessage();
    var_dump($e);
}
?>
  • 写回答

1条回答

  • duanhai4046 2017-05-18 23:39
    关注

    What is access token secret that you are trying to refer? in any OAuth implementation you will get Authorization Code, Access token, refresh tokens, bearer tokens. Did you verify your Curl requests before executing your php code. Invoke Curl command and see if you were able to retrieve the required values.

    Following are some of the Curl requests that you can use to test. Make sure your Curls are working and then proceed fixing your php code

    #To retrieve Authorization Code
Curl -X POST -d "client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&resource=https%3A%2F%2Fservice.contoso.com%2F
&state=12345" 'https://login.microsoftonline.com/{tenant}/oauth2/authorize?'


#To retrieve acess token using Authorization code
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "code=AQABAAIAAABnfi&client_id=12456&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'


#This will retrieve new access token and refresh token. This is for native client which doesn't require client_secret
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=123456&refresh_token=dlfldfdklfdfsADS2sd&grant_type=refresh_token&client_secret=" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'
    评论

报告相同问题?

悬赏问题

  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器