<?php
// Oauth基本配置
$oauthbaseurl = "https://sandbox.woohoo.in/";
$requestTokenUrl = "https://sandbox.woohoo.in/oauth/initiate?oauth_callback=oob";
$accessTokenUrl = "https://sandbox.woohoo.in/oauth/token";
$consumerkey = "8af50260ae5444bdc34665c2b6e6daa9";
$consumersecret = "93c1d8f362749dd1fe0a819ae8b5de95";
$callbackUrl = "https://sandbox.woohoo.in/";
//包括oauth库文件
include_once "../../library/OAuthStore.php";
include_once "../../library/OAuthRequester.php";
define("WOOHOO_CONSUMER_KEY", "8af50260ae5444bdc34665c2b6e6daa9"); //
define("WOOHOO_CONSUMER_SECRET", "93c1d8f362749dd1fe0a819ae8b5de95");
//定义常量变量
define("WOOHOO_OAUTH_HOST", "https://sandbox.woohoo.in/");
define("WOOHOO_REQUEST_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/initiate?oauth_callback=oob");
define("WOOHOO_AUTHORIZE_URL", WOOHOO_OAUTH_HOST . "oauth/authorize/customerVerifier");
define("WOOHOO_ACCESS_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/token");
define('OAUTH_TMP_DIR', function_exists('sys_get_temp_dir') ? sys_get_temp_dir() : realpath($_ENV["TMP"]));
//初始化OAuthStore
$options = array(
'consumer_key' => WOOHOO_CONSUMER_KEY,
'consumer_secret' => WOOHOO_CONSUMER_SECRET,
'server_uri' => WOOHOO_OAUTH_HOST,
'request_token_uri' => WOOHOO_REQUEST_TOKEN_URL,
'access_token_uri' => WOOHOO_ACCESS_TOKEN_URL
);
// Note: do not use "Session" storage in production. Prefer a database
// storage, such as MySQL.
OAuthStore::instance("Session", $options);
try {
if (empty($_GET["oauth_token"])) {
$getAuthTokenParams = array(
'scope' => 'https://sandbox.woohoo.in/',
'xoauth_displayname' => 'Oauth test',
'oauth_callback' => 'https://sandbox.woohoo.in/'
);
// get a request token
$tokenResultParams = OAuthRequester::requestRequestToken(WOOHOO_CONSUMER_KEY, 0, $getAuthTokenParams);
//打印令牌结果参数
echo "Token obtain response";
echo "<pre>";
print_r($tokenResultParams);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => WOOHOO_AUTHORIZE_URL . "?oauth_token=" . $tokenResultParams['token'] . "&username=finnovationapisandbox@woohoo.in&password=finnovationapisandbox@1234",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"cache-control: no-cache"
)
));
$woohoovery_response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $woohoovery_response;
}
$woohoovery = json_decode($woohoovery_response);
$verifier = $woohoovery->verifier;
//打印验证程序
echo "Token verrified response";
echo "<pre>";
print_r($woohoovery_response);
//exit;
$oauthTimestamp = time();
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$nonce = '';
for ($i = 0; $i < 32; $i++) {
$nonce .= $characters[mt_rand(0, strlen($characters) - 1)];
}
$oauthSignatureMethod = "HMAC-SHA1";
$oauthVersion = "1.0";
$params = array(
'oauth_consumer_key' => $consumerkey,
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => $oauthTimestamp,
'oauth_nonce' => $nonce,
'oauth_verifier' => $verifier,
'oauth_token' => $tokenResultParams['token'],
'oauth_version' => '1.0'
);
echo "<pre>";
print_r($params);
//exit;
$post_string = urlencode('GET') . "&" . urlencode(WOOHOO_ACCESS_TOKEN_URL) . "?";
echo "<pre>";
print_r($post_string);
//exit;
foreach ($params as $key => $value) {
$stringPart = urlencode($key . "=" . $value . "&");
$post_string .= $stringPart;
}
//exit;
$post_string = rtrim($post_string, '%26');
$signatureKey = urlencode($consumersecret) . "&" . urlencode($tokenResultParams['token_secret']);
echo "<pre>";
print_r($signatureKey);
$signature = base64_encode(hash_hmac('sha1', $post_string, $signatureKey));
$signature = urlencode($signature);
//打印签名
echo "<pre>";
echo " signature ";
print_r($signature);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => WOOHOO_ACCESS_TOKEN_URL . "?oauth_consumer_key=" . WOOHOO_CONSUMER_KEY . "&oauth_verifier=" . $verifier . "&oauth_token=" . $tokenResultParams['token'] . "&oauth_signature_method=" . $oauthSignatureMethod . "&oauth_signature=" . $signature . "&oauth_nonce=" . $nonce . "&oauth_timestamp=" . $oauthTimestamp . "&oauth_version=1.0",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"cache-control: no-cache"
)
));
$woohoospendresponse = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
//打印最终访问令牌和密钥 这里我得到签名无效错误
echo "<pre>";
print_r($woohoospendresponse);
exit;
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $woohoospendresponse;
}
}
}
catch (OAuthException2 $e) {
echo "OAuthException: " . $e->getMessage();
var_dump($e);
}
?>
答案 0 :(得分:0)
您尝试引用的访问令牌密码是什么?在任何OAuth实现中,您将获得授权码,访问令牌,刷新令牌,承载令牌。在执行php代码之前,您是否验证了Curl请求?调用Curl命令,看看是否能够检索所需的值。
以下是您可以用来测试的一些Curl请求。确保你的Curls工作正常,然后继续修复你的php代码
#To retrieve Authorization Code
Curl -X POST -d "client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&resource=https%3A%2F%2Fservice.contoso.com%2F
&state=12345" 'https://login.microsoftonline.com/{tenant}/oauth2/authorize?'
#To retrieve acess token using Authorization code
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "code=AQABAAIAAABnfi&client_id=12456&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'
#This will retrieve new access token and refresh token. This is for native client which doesn't require client_secret
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=123456&refresh_token=dlfldfdklfdfsADS2sd&grant_type=refresh_token&client_secret=" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'