答案 0 :(得分:2)
要授权应用,您需要调用OAuth2授权流程的网址。此URL在API的提供者文档中“存在”。例如Google有这个网址:
https://accounts.google.com/o/auth2/auth
此外,您还需要使用以下链接指定一些查询参数:
cliend_id redirect_uri scope:您的应用程序请求访问的数据。这通常被指定为以空格分隔的字符串列表,尽管Facebook使用逗号分隔的字符串。 scope的有效值应包含在API提供程序文档中。对于Gougle任务,scope为https://www.googleapis.com/auth/tasks。如果应用程序还需要访问Google文档,则会指定scope值https://www.googleapis.com/auth/tasks https://docs.google.com/feeds response_type:code用于服务器端Web应用程序流,表明在用户批准授权请求后,授权code将返回给应用程序。state:应用程序使用的唯一值,用于防止对您的实施进行跨站点请求伪造(CSRF)攻击。该值应该是此特定请求的随机唯一字符串,无法在客户端中保密且保密(可能在服务器端会话中)
// Generate random value for use as the 'state'. Mitigates
// risk of CSRF attacks when this value is verified against the
// value returned from the OAuth provider with the authorization
// code.
$_SESSION['state'] = rand(0,999999999);
$authorizationUrlBase = 'https://accounts.google.com/o/oauth2/auth';
$redirectUriPath = '/oauth2callback.php';
// For example only. A valid value for client_id needs to be obtained
// for your environment from the Google APIs Console at
// http://code.google.com/apis/console.
$queryParams = array(
'client_id' => '240195362.apps.googleusercontent.com',
'redirect_uri' => (isset($_SERVER['HTTPS'])?'https://':'http://') .
$_SERVER['HTTP_HOST'] . $redirectUriPath,
'scope' => 'https://www.googleapis.com/auth/tasks',
'response_type' => 'code',
'state' => $_SESSION['state'],
'approval_prompt' => 'force', // always request user consent
'access_type' => 'offline' // obtain a refresh token
);
$goToUrl = $authorizationUrlBase . '?' . http_build_query($queryParams);
// Output a webpage directing users to the $goToUrl after
// they click a "Let's Go" button
include 'access_request_template.php';
Google Authorization Server支持的用于Web服务器应用程序的一组查询字符串参数位于:
https://developers.google.com/accounts/docs/OAuth2WebServer?hl=el#formingtheurl