所以我一直在使用 Discord 开发登录系统,这是我遇到的第一个障碍。
我正在尝试 POST 到 /oauth2/token/revoke 并且它不断给我返回错误“invalid_client”。
我试过使用客户端密钥而不使用它,只发送令牌,将名称“access_token”更改为“token”,以及其他一些我不记得的事情。
我发送请求的代码是这样的:
session_start();
//debug thing
echo OAUTH2_CLIENT_ID;
$params = array(
"access_token" => $_SESSION["access_token"],
"client_id" => OAUTH2_CLIENT_ID
);
apiRequest("https://discordapp.com/api/oauth2/token/revoke", $params);
该 apiRequest 函数的代码改编自此处的不同线程,如下所示:
function apiRequest($url, $post=FALSE, $headers=array()) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$response = curl_exec($ch);
if($post) {
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
}
$headers[] = 'Accept: application/json, application/x-www-form-urlencoded';
if(isset($_SESSION["access_token"]))
$headers[] = 'Authorization: Bearer ' . $_SESSION["access_token"];
// using this to see my headers
var_dump($headers);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($code != 200) {
//using this to see the error
echo $response;
exit();
fatalError($code, $_SERVER[REQUEST_URI]);
}
return $response;
}
是的,访问令牌和客户端 ID 都是有效的。它们可以正常处理其他请求,我已在此页面上显示它们并确认它们有效。
有什么想法吗?我错过了一些愚蠢的东西吗?
答案 0 :(得分:0)
计算出您需要的字段并稍微调整一下 curl,此代码正在运行。
[20:12:38] [INF] An account failed to log on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: S-1-0-0
Account Name: sqa_augstb
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: VDASW2
Source Network Address: 10.10.2.127
Source Port: 60973
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.