没有cookie和没有会话的Zend_Oauth_Consumer的最佳使用方法

时间:2010-09-03 20:00:15

标签: php zend-framework oauth

我正在开发具有技术要求的小工具:“没有Cookie,没有会话”。 我有以下代码:

<?php

class LinkedIn
{

 private $options;
 private $consumer;
 private $client;
 private $token;


 public function __construct($params)
 {
  // set Zend_Oauth_Consumer options
  $this->options = array(
   'version' => '1.0',
   'localUrl' => $params['localUrl'],
   'callbackUrl' => $params['callbackUrl'],
   'requestTokenUrl' => 'https://api.linkedin.com/uas/oauth/requestToken',
   'userAuthorizationUrl' => 'https://api.linkedin.com/uas/oauth/authorize',
   'accessTokenUrl' => 'https://api.linkedin.com/uas/oauth/accessToken',
   'consumerKey' => $params['apiKey'],
   'consumerSecret' => $params['secretKey']
  );

  // instanciate Zend_Oauth_Consumer class
  require_once 'Zend/Loader.php';
  Zend_Loader::loadClass('Zend_Oauth_Consumer');
  $this->consumer = new Zend_Oauth_Consumer($this->options);
 }


 public function connect()
 {
  // Start Session to be able to store Request Token &amp; Access Token
  session_start ();

  if (!isset ($_SESSION ['ACCESS_TOKEN'])) {
   // We do not have any Access token Yet
   if (! empty ($_GET)) {
 // SECTION_IF
    // But We have some parameters passed throw the URL

    // Get the LinkedIn Access Token
    $this->token = $this->consumer->getAccessToken ($_GET, unserialize($_SESSION ['REQUEST_TOKEN']));

    // Store the LinkedIn Access Token
    $_SESSION ['ACCESS_TOKEN'] = serialize ($this->token);
   } else {
 // SECTION_ELSE
    // We have Nothing

    // Start Requesting a LinkedIn Request Token
    $this->token = $this->consumer->getRequestToken ();

    // Store the LinkedIn Request Token
    $_SESSION ['REQUEST_TOKEN'] = serialize ($this->token);

    // Redirect the Web User to LinkedIn Authentication Page
    $this->consumer->redirect ();
   }
  } else {
   // We've already Got a LinkedIn Access Token

   // Restore The LinkedIn Access Token
   $this->token = unserialize ($_SESSION ['ACCESS_TOKEN']);

  }

  // Use HTTP Client with built-in OAuth request handling
  $this->client = $this->token->getHttpClient($this->options);

 }
}

它完美无缺。但是REQUEST_TOKEN存储在SESSION中。如何将其置于SECTION_ELSE中查询字符串,并将其返回SECTION_IF?感谢您的所有建议。

1 个答案:

答案 0 :(得分:0)

关键是你的系统需要:

1. persist the OAuth tokens between user requests to your server, and
2. tie them to a specific user. 

使用一个会话,其id来自cookie或来自查询字符串,是一种方法。

但如果会议不在桌面上,那么您需要一些其他方法来识别当前用户并存储他的OAuth令牌。

如果您真的在非会话环境中工作,那么您如何知道用户是谁?基本认证?如果您没有用户身份验证,我就不会看到您如何将OAuth令牌与特定用户相关联。