在iOS应用实现的OAuth 1.0 [英] Implementing OAuth 1.0 in an iOS app
问题描述
我已经打破我的头在这个一整天。
I've been breaking my head over this the whole day.
我希望集成我与Withings API iOS应用。它使用OAuth 1.0,我似乎无法完全理解如何实现它。
I wish to integrate my iOS app with Withings api. It uses OAuth 1.0 and I can't seem to understand fully how to implement it.
我已经下载多个OAuth的framworks( MPOAuth ,的 GTM-的OAuth , ssoauthkit ),但无法弄清楚究竟我应该做的完全是什么
I've been downloading multiple OAuth framworks (MPOAuth,gtm-oauth,ssoauthkit) but couldn't figure out completely what exactly I should do.
我搜索了很多,也对如何去一般与放大器实现的OAuth 1.0很好的参考堆栈溢出;与Withings整合特别是没有成功。
I searched a lot, also in stack overflow for good references on how to go about implementing OAuth 1.0 in general & integrating with Withings in particular with no success.
请解释集成与需要的OAuth 1.0的API iOS应用程序的流量。 code例子是非常有益的。建议第三方框架将是很好了。
Kindly explain the flow of integrating an iOS app with an api that requires OAuth 1.0. Code examples would be very helpful. Suggested 3rd party frameworks would be nice too.
只是为了澄清,我完全理解的OAuth 1.0原则,我只是在我的应用程序实际上实现它的问题。
Just to clarify, I fully understand the OAuth 1.0 principles, I just have problems in actually implementing it in my app.
我认为,随着code范例和有益的参考彻底的答案会是很多人非常有帮助的,因为我无法找到一个。如果任何人有实现它的好经验,请花时间来分享。
I think that a thorough answer with code examples and good references would be very helpful for lots of people as I couldn't find one. If anyone has good experience with implementing it, please take the time to share it.
推荐答案
TDOAuth 在我看来是最好的解决方案。它是干净和简单,只有一个.H和.m文件的工作,并没有复杂的示例项目。
TDOAuth in my opinion was the best solution. it is clean and simple, only one .h and .m file to work with, and no complicated example projects..
这是OAuth的1.0流量:
This is the OAuth 1.0 flow:
第1步 - 获取请求令牌
//withings additional params
NSMutableDictionary *dict = [NSMutableDictionary dictionary];
[dict setObject:CALL_BACK_URL forKey:@"oauth_callback"];
//init request
NSURLRequest *rq = [TDOAuth URLRequestForPath:@"/request_token" GETParameters:dict scheme:@"https" host:@"oauth.withings.com/account" consumerKey:WITHINGS_OAUTH_KEY consumerSecret:WITHINGS_OAUTH_SECRET accessToken:nil tokenSecret:nil];
//fire request
NSURLResponse* response;
NSError* error = nil;
NSData* result = [NSURLConnection sendSynchronousRequest:rq returningResponse:&response error:&error];
NSString *s = [[NSString alloc] initWithData:result encoding:NSUTF8StringEncoding];
//parse result
NSMutableDictionary *params = [NSMutableDictionary dictionary];
NSArray *split = [s componentsSeparatedByString:@"&"];
for (NSString *str in split){
NSArray *split2 = [str componentsSeparatedByString:@"="];
[params setObject:split2[1] forKey:split2[0]];
}
token = params[@"oauth_token"];
tokenSecret = params[@"oauth_token_secret"];
第2步 - 获得授权令牌(通过加载在一个UIWebView的请求,webViewDidFinishLoad委托方法将处理回呼..)
step 2 - get authorize token (by loading the request in a UIWebView, the webViewDidFinishLoad delegate method will handle the call back..)
//withings additional params
NSMutableDictionary *dict2 = [NSMutableDictionary dictionary];
[dict setObject:CALL_BACK_URL forKey:@"oauth_callback"];
//init request
NSURLRequest *rq2 = [TDOAuth URLRequestForPath:@"/authorize" GETParameters:dict2 scheme:@"https" host:@"oauth.withings.com/account" consumerKey:WITHINGS_OAUTH_KEY consumerSecret:WITHINGS_OAUTH_SECRET accessToken:token tokenSecret:tokenSecret];
webView.delegate = self;
[DBLoaderHUD showDBLoaderInView:webView];
[webView loadRequest:rq2];
处理web视图如下发起第3步(我知道isAuthorizeCallBack闻起来有很多,但它的工作,应该重构呢..)
handle the webView as follow to initiate step 3 (I know the isAuthorizeCallBack smells a lot, but it does the job, should refactor it..)
- (void)webViewDidFinishLoad:(UIWebView *)aWebView
{
[DBLoaderHUD hideDBLoaderInView:webView];
NSString *userId = [self isAuthorizeCallBack];
if (userId) {
//step 3 - get access token
[DBLoaderHUD showDBLoaderInView:self.view];
[self getAccessTokenForUserId:userId];
}
//ugly patchup to fix an invalid token bug
if ([webView.request.URL.absoluteString isEqualToString:@"http://oauth.withings.com/account/authorize?"])
[self startOAuthFlow];
}
- (NSString *)isAuthorizeCallBack
{
NSString *fullUrlString = webView.request.URL.absoluteString;
if (!fullUrlString)
return nil;
NSArray *arr = [fullUrlString componentsSeparatedByString:@"?"];
if (!arr || arr.count!=2)
return nil;
if (![arr[0] isEqualToString:CALL_BACK_URL])
return nil;
NSString *resultString = arr[1];
NSArray *arr2 = [resultString componentsSeparatedByString:@"&"];
if (!arr2 || arr2.count!=3)
return nil;
NSString *userCred = arr2[0];
NSArray *arr3 = [userCred componentsSeparatedByString:@"="];
if (!arr3 || arr3.count!=2)
return nil;
if (![arr3[0] isEqualToString:@"userid"])
return nil;
return arr3[1];
}
- (void)startOAuthFlow
{
[self step1];
[self step2];
}
最后 - 第3步 - 获得访问令牌
- (void)getAccessTokenForUserId:(NSString *)userId
{
//step 3 - get access token
//withings additional params
NSMutableDictionary *dict = [NSMutableDictionary dictionary];
[dict setObject:CALL_BACK_URL forKey:@"oauth_callback"];
[dict setObject:userId forKey:@"userid"];
//init request
NSURLRequest *rq = [TDOAuth URLRequestForPath:@"/access_token" GETParameters:dict scheme:@"https" host:@"oauth.withings.com/account" consumerKey:WITHINGS_OAUTH_KEY consumerSecret:WITHINGS_OAUTH_SECRET accessToken:token tokenSecret:tokenSecret];
//fire request
NSURLResponse* response;
NSError* error = nil;
NSData* result = [NSURLConnection sendSynchronousRequest:rq returningResponse:&response error:&error];
NSString *s = [[NSString alloc] initWithData:result encoding:NSUTF8StringEncoding];
//parse result
NSMutableDictionary *params = [NSMutableDictionary dictionary];
NSArray *split = [s componentsSeparatedByString:@"&"];
for (NSString *str in split){
NSArray *split2 = [str componentsSeparatedByString:@"="];
[params setObject:split2[1] forKey:split2[0]];
}
[self finishedAthourizationProcessWithUserId:userId AccessToken:params[@"oauth_token"] AccessTokenSecret:params[@"oauth_token_secret"]];
}
这篇关于在iOS应用实现的OAuth 1.0的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
