使用PHP / PECL OAuth扩展通过POST传递参数

时间:2011-03-20 02:35:55

标签: php oauth pecl

我对OAuth的概念相当新,我正在尝试与新的Rdio API进行交互。我已经设法使用PECL OAuth函数来计算身份验证,但是Rdio要求通过POST传递参数,我无法弄清楚如何完成。身份验证有效:用户被退回到Rdio的站点并被要求批准该应用程序,然后他们返回到该站点。但是,之后,调用API的请求失败。

以下是有关Rdio API的一些信息:http://developer.rdio.com/docs/REST/

这是我用于身份验证的代码...斜体线是我认为应该调用API请求名为“currentUser”的方法

$req_url = 'http://api.rdio.com/oauth/request_token';
$authurl = 'https://www.rdio.com/oauth/authorize';
$acc_url = 'http://api.rdio.com/oauth/access_token';
$callback = 'http://localhost/test.php';
$api_url = 'http://api.rdio.com/1';
$conskey = 'vmu7x6u4rk8vae8dn28h';
$conssec = 'GrY7gF';

session_start();

if(!isset($_GET['oauth_token']) && $_SESSION['state']==1) $_SESSION['state'] = 0;
try {
  $oauth = new OAuth($conskey,$conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI);
  $oauth->enableDebug();
  if(!isset($_GET['oauth_token']) && !$_SESSION['state']) {
    $request_token_info = $oauth->getRequestToken($req_url);
    $_SESSION['secret'] = $request_token_info['oauth_token_secret'];
    $_SESSION['state'] = 1;
    header('Location: '.$authurl.'?oauth_token='.$request_token_info['oauth_token'].'&oauth_callback='.urlencode($callback));
    exit;
  } else if($_SESSION['state']==1) {
    $oauth->setToken($_GET['oauth_token'],$_SESSION['secret']);
    $access_token_info = $oauth->getAccessToken($acc_url);
    $_SESSION['state'] = 2;
    $_SESSION['token'] = $access_token_info['oauth_token'];
    $_SESSION['secret'] = $access_token_info['oauth_token_secret'];
  } 

  $args = "method=currentUser";

  $oauth->setToken($_SESSION['token'],$_SESSION['secret']);
  $oauth->fetch("$api_url", $args);
  $json = json_decode($oauth->getLastResponse());
  print_r($json);

} catch(OAuthException $E) {
  print_r($E);
}

我收到的消息:

Warning: OAuth::fetch(http://api.rdio.com/1?oauth_consumer_key=vmu7x6u4rktv468vae8dn28h&oauth_signature_method=HMAC-SHA1&oauth_nonce=12606272174d85622ad26ce8.80381248&oauth_timestamp=1300587050&oauth_version=1.0&oauth_token=238zec5p4rpcpbfd8j36sjggz3jfsssybhxgcn9kvmmrmdxr3t4f2cnspt4dg5xf&oauth_signature=1mZhJ9AUbi0sm6qhNaAntumAckU%3D) [function.OAuth-fetch]: failed to open stream: HTTP request failed! HTTP/1.0 596

问题很可能是参数(method = currentUser)没有正确地通过POST传递。有没有人知道如何使用PECL的OAuth扩展?

2 个答案:

答案 0 :(得分:2)

如果有人遇到这个寻找答案,这就是我找到的作品:

要执行POST OAuth签名请求,您需要通过在fetch()方法之前添加此方法,将OAuth对象设置为使用POST而不是GET发送:

$oauth->setAuthType(OAUTH_AUTH_TYPE_FORM); 

即使您在OAUTH_HTTP_METHOD_POST方法中使用fetch()参数,OAuth实例本身也需要首先调用setAuthType(OAUTH_AUTH_TYPE_FORM)

我引用的具体示例的代码是:

    if(!isset($_GET['oauth_token']) && $_SESSION['state']==1) $_SESSION['state'] = 0;

$oauth = new OAuth($rdio_conskey,$rdio_conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI);
$oauth->enableDebug();
if(!isset($_GET['oauth_token']) && !$_SESSION['state']) {
  $request_token_info = $oauth->getRequestToken($rdio_req_url);
  $_SESSION['secret'] = $request_token_info['oauth_token_secret'];
  $_SESSION['state'] = 1;
  header('Location: '.$rdio_auth_url.'?oauth_token='.$request_token_info['oauth_token'].'&oauth_callback='.$callbackurl);
  exit;
} else if($_SESSION['state']==1) {
  $oauth->setToken($_GET['oauth_token'],$_SESSION['secret']);
  $access_token_info = $oauth->getAccessToken($rdio_acc_url);
  $_SESSION['state'] = 2;
  $_SESSION['token'] = $access_token_info['oauth_token'];
  $_SESSION['secret'] = $access_token_info['oauth_token_secret'];
}   

$oauth = new OAuth($rdio_conskey, $rdio_conssec, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$oauth->setToken($access_token_info['oauth_token'],$access_token_info['oauth_token_secret']);
$oauth->setAuthType(OAUTH_AUTH_TYPE_FORM);

$oauth->fetch($rdio_api_url, array("method" => "currentUser", "extras" => "username"), OAUTH_HTTP_METHOD_FORM);
$json = json_decode($oauth->getLastResponse());    

print_r($json);

答案 1 :(得分:0)

使用OAUTH_AUTH_TYPE_FORM只是一种解决方法。

Pecl的oauth扩展版本1.2.3有a bug; getRequestTokengetAccessToken使用GET请求而不是RFC所需的POST。

您可以将OAUTH_HTTP_METHOD_POST作为第三个参数传递给getRequestToken,将第四个参数传递给getAccessToken,以解决此错误。是的,那些参数are undocumented


pecl / oauth版本1.2.4将默认为POST。