PHP的OAuth 1.0库处理的API密钥/秘密对和端点(请求验证,授权和访问) [英] PHP OAuth 1.0 Library that handles an api key/secret pair and endpoints (request,authorization,and access)

查看:265
本文介绍了PHP的OAuth 1.0库处理的API密钥/秘密对和端点(请求验证,授权和访问)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我与一个OAuth 1.0 API,需要我们使用一个API KEY /对工作。此外,它给了我3个网址:

I'm working with an OAuth 1.0 API that requires we use an API KEY/PAIR. Also, it gives me 3 urls:


  • 请求令牌端点:/ OAuth的/ request_token

  • 授权端点:/的OAuth /授权

  • 访问令牌端点:/ OAuth的/的access_token

下面是该文档指出:

我们使用OAuth 1.0协议(RFC 5849)的最新规范认证我们的API请求。我们使用OAuth 1.0,因为它是一个开放的标准,和我们适应三条腿客户/用户/服务器协议的OAuth 1.0的一个两条腿的客户机/服务器模式流。
在我们对认证的客户机/服务器的请求的OAuth适应,客户端同时充当API的客户端和用户(即,所请求的资源的所有者)。
如此,而不是被重定向到客户端与令牌验证,客户端充当用户和直接访问用于OAuth的验证服务器。当客户端向服务器请求一个资源使用pviously得到验证的$ P $获得访问令牌可访问性检查情况。您可以重复的访问令牌,直到它们过期(两小时后)。令牌到期后,必须申请新的访问令牌。例如将进一步明确这一点。

We use the most current specification of OAuth 1.0 protocol (RFC 5849) to authenticate our API requests. We use OAuth 1.0 because it is an open standard, and we adapt the "three-legged" client/user/server protocol flow of OAuth 1.0 to a "two-legged" client/server model. In our adaptation of OAuth for authenticated client/server requests, the client acts as both the API client and the user (i.e., owner of the requested resource). So, instead of being redirected to the client with a token verifier, the client acts as a user and directly accesses the server for the OAuth verifier. The accessibility check happens when the client requests a resource from the server with an access token obtained using the previously obtained verifier. You can reuse access tokens until they expire (after two hours). After the tokens expire, you must request a new access token. Examples will clarify this further.

我想找到一个PHP的OAuth库,可以使用API​​要求我对访问的第三方公司的API。我真的不知道如何实现这一点。我现在的想法是逆向工程Facebook的PHP API,但如果它使用了3个端点,我不知道。此外,一些帮助,得到它的操作或指导我的资源,我可以找出自己将是巨大的。

I'd like to find a PHP OAuth Library that can use the API requirements I have for accessing the third party's company API. I really don't know how to implement this. My current thought is to reverse engineer the facebook php api but I don't know if it uses 3 endpoints. Also, some help with getting it operational or directing me to a resource where I can figure it out myself would be great.

谢谢!

**注:我发现这个:点击这里可这是该解决方案我在找?

** NOTE: I found this: click here Can this be the solution I am looking for?

推荐答案

Facebook的使用OAuth 2.0所以它的API是不可能的。
检查这里一些基本的API参考 - 到位桶,Twitter和雅虎全部使用V1.0A为例。

Facebook uses OAuth 2.0 so it's API is out of the question. Check here for some basic API references - BitBucket, Twitter and Yahoo all use v1.0a for example.

PHP有一个 OAuth的扩展所以如果你正在构建一个定制的解决方案,你绝对应该从这里开始。您所引用该库确实提供了两种模式的OAuth 等乍一看它似乎是一个选择。的上的最后一句话免责声明的:我没有用过不过这个库我检查的文档。用UML顺序图一个很好的解释可以在这里一>。这只是一般的OAuth不是PHP具体,但确实提供了一个很好的深度解读。 这GitHub库包含可重复使用的<​​strong>客户作为我的服务 - 你也可以得到一些想法从那里,如果您的客户将是PHP。

PHP has an OAuth Extension so if you're building a custom solution you should definitely start there. The library that you're referencing does provide Two Legged OAuth so on a first glance it does seem as an option for you. Disclaimer on the last sentence: I haven't used this library however I checked the documentation. A nice explanation with UML sequence charts can be found here. It is just general OAuth not PHP specific but does provide a nice deep explanation. This GitHub repo contains reusable clients for my services - you can also get some ideas from there if your clients are going to be PHP.

您看来情况非常有趣,也没有完全回答你的问题。如果我是你,我会先花时间检查谷歌code OAuth的PHP 库您在两足后面的参考资料code部分(而不是只)。然后决定你其实应该使用这个库,另一个或自定义实现。您还可能有其他要求/搅局者,可能会影响你的决定(我知道你会想从您的其他问题推一些大的数据量;))2个小时的标记是一个不错的性能优化,但它是太长认证/授权租赁?

Your case seems very interesting and there is no full answer to your question. If I were you I'd first take the time to check the code behind the Google Code oauth-php library that you reference in the Two-Legged Section (and not only). Then decide if you should in fact use this library, another or a custom implementation. You may also have other requirements/showstoppers that may affect your decision (I know you'd be wanting to push some big amounts of data from your other question. ;) ) The 2 hour token is a good performance optimization but is it too long of an authentication/authorization lease?

这篇关于PHP的OAuth 1.0库处理的API密钥/秘密对和端点(请求验证,授权和访问)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆