Twitter应用程序oauth开始返回错误代码89 1年工作后无效或过期的令牌 [英] Twitter application oauth started returning error code 89 Invalid or expired token after 1 year working
问题描述
我一直在使用基于Jon Hurlock的Twitter应用程序专用身份验证应用程序的代码一年多,现在没有问题,大约2天前,当尝试生成承载令牌时,它开始返回此错误:
I've been using code based on Jon Hurlock's Twitter Application-only Authentication App for over a year now with no problem, and about 2 days ago it started returning this error when trying to generate a bearer token:
无效或过期的令牌,代码:89
Invalid or expired token, code:89
我的代码稍作更改,强制检查SSL,不在启用SSL的域上。我有curl拉最新的cacert.pem文件。
My code is slightly altered to force it to check for SSL, since the page is not on an SSL-enabled domain. I have curl pull in the latest cacert.pem file.
这是应用程序级别的oauth,而不是个人的oauth。因此,每次进行调用时,我都会生成一个承载令牌,进行API调用,然后使承载令牌无效。你可以在这里看到他的原始代码(我提取了我使用的部分的最新版本): https://github.com/jonhurlock/Twitter-Application-Only-Authentication-OAuth-PHP/blob/master/Oauth.php
This is application level oauth, NOT individual person oauth. So each time a call is made I generate a bearer token, make an API call, and then invalidate the bearer token. You can see his original code here (I pulled the latest version for the part I use): https://github.com/jonhurlock/Twitter-Application-Only-Authentication-OAuth-PHP/blob/master/Oauth.php
这是用于获取承载令牌的代码。注意我只需要包含应用程序的密钥和秘密,没有涉及的用户,用户从来没有允许应用程序或验证它:
THis is the code used to get a bearer token. Note I only have to include the Application's key and secret, there is no user involved and a user never has to allow the app nor authenticate it:
// Step 1
// step 1.1 - url encode the consumer_key and consumer_secret in accordance with RFC 1738
$encoded_consumer_key = urlencode(CONSUMER_KEY);
$encoded_consumer_secret = urlencode(CONSUMER_SECRET);
// step 1.2 - concatinate encoded consumer, a colon character and the encoded consumer secret
$bearer_token = $encoded_consumer_key.':'.$encoded_consumer_secret;
// step 1.3 - base64-encode bearer token
$base64_encoded_bearer_token = base64_encode($bearer_token);
// step 2
$url = "https://api.twitter.com/oauth2/token"; // url to send data to for authentication
$headers = array(
"POST /oauth2/token HTTP/1.1",
"Host: api.twitter.com",
"User-Agent: Twitter App-Only Search",
"Authorization: Basic ".$base64_encoded_bearer_token,
"Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
);
$ch = curl_init(); // setup a curl
curl_setopt($ch, CURLOPT_URL,$url); // set url to send to
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); // set custom headers
curl_setopt($ch, CURLOPT_POST, 1); // send as post
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // return output
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, True);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, "/directory/path/cacert2014.pem");
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
$header = curl_setopt($ch, CURLOPT_HEADER, 1); // send custom headers
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$retrievedhtml = curl_exec ($ch); // execute the curl
curl_close($ch); // close the curl
推荐答案
使用John Hurlock的同一个库)。
Here is what I found (using the same library from John Hurlock). The Bearer Token should be cached.
这个特定的实现将要求为每个请求一个新的承载令牌,Twitter期望我们将缓存这个令牌并返回错误,有时
This particular implementation will ask for a new Bearer Token for every request, Twitter expects that we will cache this token and will return errors and sometimes a 403 forbidden if we do not.
在我的情况下,我在网站上关闭twitter一段时间,然后在缓存后,Bearer Token重新启用。一切都回来了。您还可以在开发者控制台中切换到新的Twitter应用,而不必等待。
In my case I turned off twitter for a period of time on the site, and then after caching the Bearer Token turned it back on. Everything is back for now. You could also switch to a new twitter app in your developer console instead of waiting.
我在Memcache中缓存了我的令牌,但您可以选择不同的方式。
祝你好运!
I cached my Token in Memcache, but you may choose to do something different. Good luck!
这篇关于Twitter应用程序oauth开始返回错误代码89 1年工作后无效或过期的令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!