带有curl POST请求的无效客户端错误

时间:2019-11-15 02:49:18

标签: php curl

尝试从oauth端点获取访问令牌时遇到麻烦。

我通过以下方式发出curl POST请求

$username = 'Joe';
$password = 'Doe@#!'
$auth = 'Basic Y245Y3BleGF4aTp2ZWludGZxMmVwbGd5anU1Y2N6aGZtNmZ3OXdlNmJ=';

$headers = [
    'Authorization' => $auth,
    'Content-Type' => 'application/x-www-form-urlencoded',
];

$form_params = [
    'username' => $username,
    'password' => $password,
    'grant_type' => 'password',
    'scope' => 'auto'
];

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://oauth.wildapricot.org/auth/token");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($form_params));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);

curl_close($ch);

return $response;

但是我仍然收到invalid client错误($auth变量包含在客户端和使用base 64编码的密码中)。 我曾尝试编码后场,但没有帮助。我已经硬编码了$auth变量,以防万一base64_encode函数弄乱了它(我之前用该函数生成过该变量),但是它没有任何改变。

我检查了端点是否实际上与Postman一起使用,并且确实如此。

关于可能是什么问题的任何想法?

编辑:我刚刚在代码中添加了一些调试行,这就是我所得到的(如果有帮助的话)

*   Trying 34.226.77.200:443...
* TCP_NODELAY set
* Connected to oauth.wildapricot.org (34.226.77.200) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/etc/openssl/cert.pem
  CApath: /usr/local/etc/openssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=CA; postalCode=M5J 2L7; ST=Ontario; L=Toronto; street=144 Front Street West; O=Wild Apricot Inc.; OU=PremiumSSL Wildcard; CN=*.wildapricot.org
*  start date: Sep 20 00:00:00 2018 GMT
*  expire date: Nov 17 23:59:59 2020 GMT
*  subjectAltName: host "oauth.wildapricot.org" matched cert's "*.wildapricot.org"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Organization Validation Secure Server CA
*  SSL certificate verify ok.
> POST /auth/token HTTP/1.1
Host: oauth.wildapricot.org
Accept: */*
Content-Length: 76
Content-Type: application/x-www-form-urlencoded
* upload completely sent off: 76 out of 76 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Length: 68
< Content-Type: application/json; charset=utf-8
< Expires: -1
< WWW-Authenticate: Basic realm="authentication required"
< X-Powered-By: ASP.NET
< Access-Control-Allow-Origin: *
< Date: Fri, 15 Nov 2019 12:29:30 GMT
< Connection: close
< X-Backend-Server: lap1wue1b-62e2
< X-LB-Server: llblue1b-5471
< 
* Closing connection 0

1 个答案:

答案 0 :(得分:1)

此行告诉我们您的身份验证存在问题:

WWW-Authenticate: Basic realm="authentication required"

Curl为HTTP Basic身份验证提供了一种更简单的方法。尝试删除Authorization标头并改为设置CURLOPT_USERPWD选项:

curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password);

相关问题
最新问题