为SurveyMonkey实施OAuth，第2步 [英] Implementing OAuth for SurveyMonkey, Step 2

问题描述

我目前已按照他们的文档中的说明安装了SurveyMonkey开发人员草案应用，并正在实施OAuth. .我已经完成了步骤1(将用户定向到SurveyMonkey的OAuth授权页)，但是一旦用户输入了用户名和密码来授权SurveyMonkey的访问权限(如上面的链接的步骤2所示)，我如何获得对包含的短期代码的访问权限作为查询参数?本质上，一旦我们离开了我正在构建的网站，我如何才能从用户正在查看的SurveyMonkey页面上访问URL参数，但据我所知，我的网站无法立即访问? /p>

I currently have a SurveyMonkey developer Draft App set up and am implementing OAuth as described by their documentation. I have completed Step 1 (Direct user to SurveyMonkey’s OAuth authorization page) but once the user enters their username and password to authorize SurveyMonkey access, as specified in Step 2 of the link above, how do I gain access to the short-lived code included as a query parameter? In essence, once we have left the website I'm building, how do I gain access to URL parameters from the SurveyMonkey page that the user is viewing but my site, as far as I can tell, does not have immediate access to?

推荐答案

短期代码包含在redirect_uri中作为查询参数.在应用程序的设置"页面中，将带有标签"OAuth重定向URL"的选项设置为到服务器的链接.

The short-lived code is included as a query parameter at your redirect_uri. In the Settings page of your app you'll set the option with label "OAuth Redirect URL" to be a link to your server.

因此，假设您的网站是https://www.example.com，您的重定向URI可能类似于https://www.example.com/surveymonkey/oauth，您将其保存在应用程序的设置中.

So let's say your site is https://www.example.com, your redirect URI may be something like https://www.example.com/surveymonkey/oauth and you would save that in the settings of your app.

因此，对于第1步，您会将用户发送到:

So for step 1, you would send the user to:

https://api.surveymonkey.net/oauth/authorize?response_type=code&redirect_uri=https://www.example.com/surveymonkey/oauth&client_id=<your_client_id>&api_key=<your_api_key>

当用户在OAuth表单中单击授权"时，我们会将短暂代码作为查询参数发送到您的redirect_uri.因此，用户将被发送到:

When the user clicks "Authorize" in the OAuth form, we will send over the short-lived code to your redirect_uri as a query parameter. So the user will be sent to:

https://www.example.com/surveymonkey/oauth?code=<short_lived_code>

通常您不会渲染页面(尽管您可以渲染页面，然后通过window.location.search或其他方式检查JavaScript中的代码)，但是在主机的服务器端，您可以从GET参数中获取代码(取决于您的语言/框架)，然后在https://api.surveymonkey.net/oauth/token?api_key=<your_api_key>将该短期令牌替换为长期访问令牌.

Normally you wouldn't render a page (although you could and then check the code in JavaScript via window.location.search or something) but instead on the server side of your host you would grab the code from the GET parameter (depending on your language/framework) and exchange that short-lived token for a long-lived access token at https://api.surveymonkey.net/oauth/token?api_key=<your_api_key>.

一个python示例:

A python example:

import requests

def surveymonkey_oauth(request):
    code = request.GET['code']

    post_body = {
        "client_secret": "your_client_secret",
        "redirect_uri": "https://www.example.com/surveymonkey/oauth",
        "grant_type": "authorization_code",
        "code": code
    }

    headers = {
        "Content-Type": "application/x-www-form-urlencoded"
    }

    response = requests.post("https://api.surveymonkey.net/oauth/token?api_key=<your_api_key>", headers=headers, data=post_body)

    access_token = response['access_token']

然后，您可以存储该访问令牌，并在需要向该用户的SurveyMonkey API提出请求时为该用户获取该访问令牌.

You can then store that access token and fetch it for the user whenever you want to make a request to the SurveyMonkey API for that user.

我已经有一段时间没有使用node.js了，但让我为您尝试一个节点示例，因为我看到您将express表示为标记:

I haven't used node.js in a while but let me try a node example for you since I see you have express as a tag:

var http = require('http');
var querystring = require("querystring");

app.get('/surveymonkey/oauth', function (req, res) {
  var code = req.query.code;

  var post_body = querystring.stringify({
    "client_secret": "your_client_secret",
    "redirect_uri": "https://www.example.com/surveymonkey/oauth",
    "grant_type": "authorization_code",
    "code": code
  });

  var options = {
      host: 'api.surveymonkey.net',
      port: 443,
      path: '/oauth/token?api_key=<your_api_key>',
      method: 'POST',
      headers: {
          'Content-Type': 'application/x-www-form-urlencoded',
          'Content-Length': Buffer.byteLength(post_body)
      }
  }

  var req = http.request(options, function(res) {
    res.setEncoding('utf8');
    res.on('data', function (body) {
      // Get access_token from body and do what you like with it
    });
  });
  req.write(post_body);
  req.end();
});

请注意，如果您只是想访问自己的帐户，则在凭据"部分中向下滚动到应用程序设置"页面底部附近时，已经为您自己的帐户提供了访问令牌.

Note that if you just want to access your own account, if you scroll down near the bottom of the Settings page of your app in the Credentials section there is an access token provided for your own account already.

还请注意，处于草稿"模式的应用只能以任何一种方式访问​​您自己的帐户.

Also note that apps in "Draft" mode only have access to your own account either way.

这篇关于为SurveyMonkey实施OAuth，第2步的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！