在潜望镜API Twitter的登录POST请求 [英] Twitter login POST request in Periscope API

问题描述

我想使用潜望镜API（ https://github.com/在我的应用gabrielg / periscope_a​​pi / BLOB /主/ API.md ）。正如API链接，我想发送POST请求 https：//开头api.periscope.tv/api/v2/loginTwitter?build=v1.0.2
与请求正文如下

I am trying to use Periscope API (https://github.com/gabrielg/periscope_api/blob/master/API.md) in my application. As in the API link I am trying to send POST request to https://api.periscope.tv/api/v2/loginTwitter?build=v1.0.2 with request body as following

{
    "bundle_id": "com.bountylabs.periscope",
    "phone_number": "",
    "session_key": "<twitter_user_oauth_key>",
    "session_secret": "<twitter_user_oauth_secret>",
    "user_id": "<twitter_user_id>",
    "user_name": "<twitter_user_name>",
    "vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
}

我已经在 https://apps.twitter.com/ 但我不知道的twitter_user_oauth_key和twitter_user_oauth_secret使用什么。你能帮忙吗？

I already have an application in https://apps.twitter.com/ but I don't know what to use as twitter_user_oauth_key and twitter_user_oauth_secret. Can you help?

推荐答案

我必须说 https：//开头github上。 COM / gabrielg / periscope_a​​pi / 实施是一个有点复杂。作者采用2套钥匙（IOS_ *和* PERISCOPE_）当你真正需要的只有一个访问API。我没试过播出，但在我的PHP库中的所有其他功能，无需麻烦的工作，只有他叫PERISCOPE_ *组键。

I must say https://github.com/gabrielg/periscope_api/ implementation is a bit complicated. Author using 2 sets of keys (IOS_* and PERISCOPE_*) when you actually need only one to access API. I didn't tried to broadcast but in my PHP library all other functions works without troubles with only what he call PERISCOPE_* set of keys.

您将获得访问它的潜望镜申请后获得 session_secret 和 session_key可以从Twitter。

You will get session_secret and session_key from Twitter after getting access to it as Periscope application.

所以，通过Twitter的过程潜望镜的登录看起来像

So Periscope's login via Twitter process looks like

1. https://api.twitter.com/oauth/request_token <请求的OAuth令牌/ LI>
   
2. 重定向用户 https://api.twitter.com/oauth/authorize ？组oauth_token = [组oauth_token]


3. 等待用户登录并获得组oauth_token 和 oauth_verifier 从重定向URL


4. 获取组oauth_token ， oauth_token_secret ， USER_ID 和<通过请求code> USER_NAME 来的https：/ /api.twitter.com/oauth/access_token?oauth_verifier=[oauth_verifier]



5. 发送请求 https://api.periscope.tv/api/v2/ loginTwitter

1. Request OAuth token via https://api.twitter.com/oauth/request_token
2. Redirect user to https://api.twitter.com/oauth/authorize?oauth_token=[oauth_token]
3. Wait for user login and get oauth_token and oauth_verifier from redirect url
4. Get oauth_token, oauth_token_secret, user_id and user_name via request to https://api.twitter.com/oauth/access_token?oauth_verifier=[oauth_verifier]

5. Send request to https://api.periscope.tv/api/v2/loginTwitter

  {
    "bundle_id": "com.bountylabs.periscope",
    "phone_number": "",
    "session_key": "oauth_token",
    "session_secret": "oauth_token_secret",
    "user_id": "user_id",
    "user_name": "user_name",
    "vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
  }

保存从去年的响应饼干值，并将其添加到所有JSON API调用为某种身份验证令牌的。

Save cookie value from last response and add it to all JSON API calls as some kind of authentication token.

在1和4的步骤要求应适当授权头签字要求潜望镜应用程序的 CONSUMER_KEY 和 CONSUMER_SECRET 。而 CONSUMER_KEY 可在第一步右嗅（如果你能绕过证书钉扎） CONSUMER_SECRET 永远不会离开你的设备你不能用简单的流量拦截得到它。

Requests in 1 and 4 steps should be signed with proper Authorization header which requires Periscope application's consumer_key and consumer_secret. While consumer_key can be sniffed right in first step (if you are able to bypass certificate pinning) consumer_secret never leaves your device and you can't get it with simple traffic interception.

有是登录过程中的PHP例子 https://gist.github.com/bearburger/b4d1a058c4f85b75fa83

There is PHP example of login process https://gist.github.com/bearburger/b4d1a058c4f85b75fa83

这篇关于在潜望镜API Twitter的登录POST请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！