为什么不发送授权承载? [英] why authorization bearer is not sent?
问题描述
要发送和接收授权载体,我确实读过
使用CURL设置Bearer令牌的正确方法
和此
如何正确使用Bearer令牌?
,这是我的代码:
To sent and receive authorization bearer I did read this Correct way to set Bearer token with CURL and this How to properly use Bearer tokens? and here is my code:
$url = "http://www.example.com/phpinfo.php";
$data = array('long_url' => 'http://www.google.com');
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$header = array('Authorization: Bearer ffaaf96dd9');
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$response = curl_exec($ch);
curl_close($ch);
print($response);
如您所见,我将其发送到phpinfo页面,但没有看到 $ _ SERVER ['Authorization'] 在我的phpinfo中,我什么地方都看不到我的令牌,我的代码有什么问题或应该检查什么?
As you see I am sending it to my phpinfo page, but I don't see $_SERVER['Authorization'] in my phpinfo, I don't see my token anywhere at all, something is wrong in my code or what else should I check?
编辑:example.com url实际上是在我的站点phpinfo页面中设置的。
example.com url is actually set my site phpinfo page.
推荐答案
服务器不会自动设置承载令牌
开发人员需要创建自定义函数,以对承载令牌进行编码和解码。
Developers require to create custom function(s), that encodes and decodes bearer tokens.
承载令牌是一种对敏感数据进行编码以在服务器之间安全传输的方法。
通常与其他软件结合使用,例如用于oAuth跨服务器API功能。
Usually to be used in conjunction with other software, for example for oAuth cross server API functionality.
oAuth是一个开放源代码框架,允许在服务器之间创建安全的通信。不会连续使用密码。
oAuth is an open source framework that allows the creation of secure communication between servers without continuous risks of using passwords.
bearer cl ient允许对信息数组进行编码,以进行用户身份验证和/或敏感数据传输。
Bearer client allows to encode array of information for user authentication and/or for sensitive data transfer.
根据您需要使用的信息,您可能会发现在线上有大量示例,插件和扩展,并且如果它带有某些3d派对软件,通常会提供详尽的文档。
Depending on what you need to use it for, you likely to find plenty of examples, plugins and extension online and if it comes with some 3d party software, you usually get a thorough documentation.
以下是基于Wordpress CMS的网站使用承载令牌的示例。
1。在Wordpress ** oAuth,Rest_API& jwt-authentication-for-wp-rest-api ,然后使用您自己的插件进行扩展。**
1. Install a combination of plugins on the Wordpress **oAuth, Rest_API & jwt-authentication-for-wp-rest-api and then extend them with your own plugin(s).**
您将需要创建自定义令牌生成功能,接收URL点等。
然后,您将能够安全地发送/接收信息,例如在Chrome / Safari浏览器扩展程序和Wordpress网站之间。
2。在WordPress网站上接收网址的示例:
add_action( 'rest_api_init', function () {
//apply_filters( 'determine_current_user', true );
register_rest_route( 'humanai/v1', 'data', array(
'methods' => 'POST',
'callback' => function($request){
global $wpdb;
$data = $request->get_params();
$query = array( 'meta_key' => 'hai-token', 'meta_value' => $data[0]['token'] );
$user_id = $wpdb->query('SELECT * FROM '.$wpdb->prefix.'usermeta WHERE meta_key = \'hai-token\' AND meta_value=\''. $data[0]['token'].'\'');
/ *
请注意 processing_function 将使用它来处理请求并返回任何数据(如果需要)。
* /
/* Please pay attention on the processing_function, you will use it to process request and return any data if required. */
return processing_function($user_id, $request);
}
) );
),12);
3。 processing_function
function processing_function($user_id, $request){
$res = update_user_meta($user_id,'new_creadit_card_number',$request['new_creadit_card_number']);
}
-
Of当然,您需要一个函数来控制 Bearer令牌 ...
有一个名为Bearer的不记名令牌的原因...因为它带有信息,请看看下面的示例:
Of course you need a function to control the Bearer tokens... There's a reason bearer token called Bearer...because it is bearing the information, please have a look at my example below:
function jwt_token($attr=null){
$secret_key = defined('JWT_AUTH_SECRET_KEY') ? JWT_AUTH_SECRET_KEY : false;
/** First thing, check the secret key if not exist return a error*/
if (!$secret_key) {
return new WP_Error(
'jwt_auth_bad_config',
__('JWT is not configured properly, please contact the admin', 'wp-api-jwt-auth'),
array(
'status' => 403,
)
);
}
/** Try to authenticate the user with the passed credentials*/
$user = wp_get_current_user();
/** If the authentication fails return a error*/
if (is_wp_error($user)) {
$error_code = $user->get_error_code();
return new WP_Error(
'[jwt_auth] '.$error_code,
$user->get_error_message($error_code),
array(
'status' => 403,
)
);
}
/** Valid credentials, the user exists create the according Token */
$issuedAt = time();
$notBefore = apply_filters('jwt_auth_not_before', $issuedAt, $issuedAt);
$expire = apply_filters('jwt_auth_expire', $issuedAt + (DAY_IN_SECONDS * 30), $issuedAt);
$token = array(
'iss' => get_bloginfo('url'),
'iat' => $issuedAt,
'nbf' => $notBefore,
'exp' => $expire,
'data' => array(
'user' => array(
'id' => $user->data->ID,
),
),
);
require dirname(dirname(dirname(__FILE__))) . '/jwt-authentication-for-wp-rest-api/includes/vendor/autoload.php';
/** Let the user modify the token data before the sign. */
$token = JWT::encode(apply_filters('jwt_auth_token_before_sign', $token, $user), $secret_key);
/ *
注意事项
令牌已签名,现在创建带有用户数据的对象到客户端。
* /
/* Attention below The token is signed, now create the object with user data to the client. */
$data = array(
'token' => $token,
'user_email' => $user->data->user_email,
'user_nicename' => $user->data->user_nicename,
'user_display_name' => $user->data->display_name,
'user_new_credit_card' => 'XXXX XXXX XXXX XXXX'
);
/** Let the user modify the data before send it back */
return apply_filters('jwt_auth_token_before_dispatch', $data, $user);
}
请注意:
Please note:
这不是完整的功能,软件,也不是原始问题的完整解决方案。
This is not a complete functionality, software, nor a complete solution to the original question.
所有信息均严格出于教育目的提供。
All information is provided strictly for educational purposes.
我强烈建议使用用于保护敏感信息的其他加密方法。
I strongly suggest to use additional methods of encryption to protect sensitive information.
在构建完整的功能/软件并遇到新问题时,为什么不将它们链接到在下面的评论中有新问题? -在新的答案中,我会尽力提供帮助。
When building a complete functionality/software and facing new issues, why not link them in a new question in a comment below? - I will try to help as much as I can in a new answer.
PS我花了很多心血来创造非常彻底的答案并获得否定票,而没有机会进行改善并不鼓励我继续帮助世界各地的数百万人。如果您发现我的回答有些不完整或难以理解,为什么不在下面的评论中问我一个问题,而不是对我的回答投反对票。也许这不仅对您有帮助,而且对我自己和整个StackOverflow社区都有帮助。
P.S. I spend a lot of effort to create very thorough answers and receiving a negative vote, without having a chance to improve doesn't encourage me to continue helping millions of people around the world. If you find my answer is somewhat incomplete or hard to understand, why not ask me a question in a comment below, instead of giving my answer a negative vote. Perhaps it would be helpful not just for you but for myself and the whole StackOverflow community.
这篇关于为什么不发送授权承载?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
