我正在尝试使用OAuth2在DB中注册的凭据获取访问令牌。
在我的oauth_clients我有一个有效的客户端,其中'client_id = myclientid','client_secret = myclientsecret','grant_types = password'。
在我的oauth_users表中,我的测试用户使用'username = Beno','password = aa888'。
我将数据发送到“http://myserver.com/token.php”,就像这样
$ch = curl_init( 'http://myserver.com/token.php' );
curl_setopt( $ch, CURLOPT_HEADER, true);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt( $ch, CURLOPT_POST, true);
curl_setopt( $ch, CURLOPT_POSTFIELDS, array(
'client_id' => 'myclientid',
'client_secret' => 'myclientsecret',
'grant_type' => 'password',
'username' => 'Beno',
'password' => 'aa888',
'u_id' => 53
) );
$auth = curl_exec( $ch );
在token.php上我有这个
<?php
if( file_exists("system/includes/autoload.php") ):
require_once("system/includes/autoload.php");
else:
require_once("../system/includes/autoload.php");
endif;
require_once('oauth2-server-php/src/OAuth2/Autoloader.php');
$dsn = 'mysql:dbname='.DATABASENAME.';host='.DBSERVERADDRESS.'';
// error reporting (this is a demo, after all!)
ini_set('display_errors',1);error_reporting(E_ALL);
// Autoloading (composer is preferred, but for this example let's just do this)
OAuth2\Autoloader::register();
// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
$storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => DBUSERNAME, 'password' => DBPASSWORD));
// Pass a storage object or array of storage objects to the OAuth2 server class
$server = new OAuth2\Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
$server->addGrantType(new OAuth2\GrantType\RefreshToken($storage));
$username = IO::post('username');
$password = IO::post('password');
$user_id = IO::post('u_id');
if ( ! empty( $username ) && ! empty( $password ) & ! empty( $user_id ) ){
$users = array( $username => array('user_id'=> intval($user_id) ,'password' => $password));
$clients = array($client_id => array('client_secret' => $client_secret));
// create a storage object
$storage = new OAuth2\Storage\Memory(array('user_credentials' => $users, 'client_credentials' => $clients));
echo "<pre>";
var_dump($storage);
echo "</pre>";
// create the grant type
$grantType = new OAuth2\GrantType\UserCredentials($storage);
// add the grant type to your OAuth server
$server->addGrantType($grantType);
// Handle a request for an OAuth2.0 Access Token and send the response to the client
$response = new OAuth2\Response();
$re = $server->handleTokenRequest(OAuth2\Request::createFromGlobals(),$response)->send();
echo $re;
}else{
echo "no data";
}
如上所述,所有数据都在DB中。但当我收到回复时,它会返回400错误
{“error”:“invalid_client”,“error_description”:“客户端凭据无效”}
答案 0 :(得分:0)
检查授权服务器如何接收客户端凭据。
您将客户端凭据呈现为表单发布参数,但您的授权服务器可能希望将客户端凭据嵌入Authorization标头(基本身份验证)中。仔细阅读“RFC 6749,2.3.1. Client Password”。根据规范,“授权服务器必须支持HTTP基本身份验证方案,以便对发出客户端密码的客户端进行身份验证。”因此,在{{1>中嵌入客户端凭据标头必须适用于任何正确的授权服务器实现。