Twitter Ruby 中的三足授权 [英] Twitter 3-legged authorization in Ruby

问题描述

我正在轨道上尝试我的手红宝石.我主要用 Sinatra 编写代码.无论如何，这个问题可能与框架无关.这个问题听起来可能是一个非常新手的问题.我第一次使用 Twitter 1.1 API 和 OAuth.

I am trying my hand ruby on rails. Mostly I have written code in Sinatra. Anyway this question may not have to do anything with framework. And this question may sound a very novice question. I am playing with Twitter 1.1 APIs and OAuth first time.

我创建了一个应用程序 XYZ 并在 Twitter 上注册了它.我得到了 XYZ 的消费者密钥，即 CONSUMER_KEY 和消费者秘密，即 CONSUMER_SECRET.我还得到了 XYZ 自己的访问令牌，即 ACCESS_TOKEN 和访问秘密，即 ACCESS_SECRET

I have created an app XYZ and registered it with Twitter. I got XYZ's consumer key i.e., CONSUMER_KEY and consumer secret i.e. CONSUMER_SECRET. I also got XYZ's own access token i.e ACCESS_TOKEN and access secret i.e. ACCESS_SECRET

XYZ 应用程序类型:读取、写入和访问直接消息XYZ 回调 URL:http://www.mysite.com/cback我已经检查过:允许使用此应用程序登录 Twitter

XYZ application type: Read, Write and Access direct messages XYZ callback URL: http://www.mysite.com/cback And I have checked: Allow this application to be used to Sign in with Twitter

我想做的很简单:

1) 用户来到我的网站并点击一个链接链接你的 Twitter 帐户(不使用 Twitter 登录)
2)打开推特弹出窗口，用户授权XYZ代表他/她执行操作
3)一旦用户允许并关闭弹出窗口，XYZ应用程序将获取用户的访问令牌和秘密并保存在数据库中.
4) 然后 XYZ 使用该用户的令牌和秘密来执行将来的操作.

1) Users come to my website and click a link Link your twitter account (not signin with twitter)
2) That opens twitter popup where user grants permission to XYZ to perform actions on his/her behalf
3) Once user permits and popup gets closed, XYZ app gets user's access token and secret and save in the database.
4) Then XYZ uses that user's token and secret to perform actions in future.

这样的工作流程已经在数千个站点上实现，并且 Twitter API 文档解释了这种三足认证，我可能是个傻瓜，但我仍然无法弄清楚.

I may be moron that such work flow has been implemented on several thousands sites and Twitter API documentations explain this 3-legged authentication, still I am unable to figure it out.

我已阅读https://dev.twitter.com/docs/auth/3-legged-authorization 和 https://dev.twitter.com/docs/auth/implementing-sign-twitter 不幸的是，没有在互联网上找到 ruby​​ 代码来解释分步示例.

I have read https://dev.twitter.com/docs/auth/3-legged-authorization and https://dev.twitter.com/docs/auth/implementing-sign-twitter Unfortunately no ruby code found on internet that explains with step by step example.

当用户点击Link your twitter account时，应该使用什么链接来打开twitter验证页面.这里的任何人都可以用我上面的伪凭证编写一些伪代码来实现我从开始到结束这个工作流程的目标吗?谢谢.

What link should be used to open twitter authentication page when user clicks Link your twitter account. Can anyone here, write some pseudo code with my pseduo credential above to achieve my goal from beging till end of this work flow? Thanks.

更新:

我开始请求请求令牌为

I started with requesting request token as

需要'oauth'
消费者 = OAuth::Consumer.new(CONSUMER_KEY, CONSUMER_SECRET,
{ 网站:https://twitter.com"})
request_token = consumer.get_request_token oauth_callback: 'http://www.mysite.com/tauth'
redirect_to request_token.authorize_url

推荐答案

我不熟悉 ROR，但这里是用户单击按钮时需要遵循的 OAuth舞蹈"的工作流程:

I'm not familiar with ROR but here is the workflow of the OAuth 'dance' that you need to follow when the user clicks your button:

1. 通过发送一个来自 Twitter 的未经授权的请求令牌请求

1. Obtain an unauthorized request token from Twitter by sending a request to

POST https://api.twitter.com/oauth/request_token

使用您的消费者密码签署请求.这将在后台完成，并且对用户是透明的.

signing the request using your consumer secret. This will be done in the background and will be transparent to the user.

您将收到 am oauth_token 和 oauth_token_secret 从推特.

You will receive am oauth_token and oauth_token_secret back from twitter.

将用户重定向到

https://api.twitter.com/oauth/authorize?oauth_token=[token_received_from_twitter]

https://api.twitter.com/oauth/authorize?oauth_token=[token_received_from_twitter]

使用您在第 2 步中从 Twitter 收到的 oauth 令牌值.

using the oauth token value you received from Twitter in step 2.

当用户授权您的应用程序时，他们将被重定向到您的应用程序带有 oauth_token 和 oauth_verifier 的回调 url 附加到网址.即

When the user authorizes your app they will be redirected to your callback url with oauth_token and oauth_verifier appended to the url. i.e.

http://www.mysite.com/cback?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0&oauth_verifer=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY

通过发送签名将请求令牌转换为访问令牌与 oauth_verifier 一起请求

Convert the request token into an access token by sending a signed request along with the oauth_verifier to

发布https://api.twitter.com/oauth/access_token

签署您的请求使用您的消费者密码和在步骤 2 中收到的令牌密码.

signing your request with your consumer secret and the token secret received in step 2.

如果一切顺利，您将收到一个新的 oauth_token 和oauth_token_secret 来自 Twitter.这是您的访问令牌用户.

If everything goes ok, you will receive a new oauth_token and oauth_token_secret from Twitter. This is your access token for the user.

使用在步骤 6 中收到的访问令牌和秘密，您可以Twitter api 通过发送签名请求代表用户调用到适当的 api 端点.

Using the access token and secret received in step 6 you can make Twitter api calls on behalf the the user by sending signed requests to the appropriate api endpoints.

这篇关于Twitter Ruby 中的三足授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！