Periscope API 中的 Twitter 登录 POST 请求 [英] Twitter login POST request in Periscope API

问题描述

我正在尝试使用 Periscope API (https://github.com/gabrielg/periscope_api/blob/master/API.md) 在我的应用程序中.在 API 链接中，我试图将 POST 请求发送到 https://api.periscope.tv/api/v2/loginTwitter?build=v1.0.2请求正文如下

I am trying to use Periscope API (https://github.com/gabrielg/periscope_api/blob/master/API.md) in my application. As in the API link I am trying to send POST request to https://api.periscope.tv/api/v2/loginTwitter?build=v1.0.2 with request body as following

{
    "bundle_id": "com.bountylabs.periscope",
    "phone_number": "",
    "session_key": "<twitter_user_oauth_key>",
    "session_secret": "<twitter_user_oauth_secret>",
    "user_id": "<twitter_user_id>",
    "user_name": "<twitter_user_name>",
    "vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
}

我已经在 https://apps.twitter.com/ 中有一个应用程序，但我没有知道使用什么作为 twitter_user_oauth_key 和 twitter_user_oauth_secret.你能帮忙吗?

I already have an application in https://apps.twitter.com/ but I don't know what to use as twitter_user_oauth_key and twitter_user_oauth_secret. Can you help?

推荐答案

我必须说 https://github.com/gabrielg/periscope_api/ 实现有点复杂.当您实际上只需要一个来访问 API 时，作者使用 2 组密钥(IOS_* 和 PERISCOPE_*).我没有尝试广播，但在我的 PHP 库中，所有其他函数都可以正常工作，只有他称之为 PERISCOPE_* 的一组键.

I must say https://github.com/gabrielg/periscope_api/ implementation is a bit complicated. Author using 2 sets of keys (IOS_* and PERISCOPE_*) when you actually need only one to access API. I didn't tried to broadcast but in my PHP library all other functions works without troubles with only what he call PERISCOPE_* set of keys.

作为 Periscope 应用程序访问 Twitter 后，您将从 Twitter 获得 session_secret 和 session_key.

You will get session_secret and session_key from Twitter after getting access to it as Periscope application.

所以 Periscope 通过 Twitter 登录的过程看起来像

So Periscope's login via Twitter process looks like

1. 通过 https://api.twitter.com/oauth/request_token请求 OAuth 令牌/li>
2. 将用户重定向到 https://api.twitter.com/oauth/authorize?oauth_token=[oauth_token]
3. 等待用户登录并从重定向 url 获取 oauth_token 和 oauth_verifier
4. 通过对https://api.twitter.com/oauth/access_token?oauth_verifier=[oauth_verifier]

5. 向 https://api.periscope.tv/api/v2/发送请求登录推特

1. Request OAuth token via https://api.twitter.com/oauth/request_token
2. Redirect user to https://api.twitter.com/oauth/authorize?oauth_token=[oauth_token]
3. Wait for user login and get oauth_token and oauth_verifier from redirect url
4. Get oauth_token, oauth_token_secret, user_id and user_name via request to https://api.twitter.com/oauth/access_token?oauth_verifier=[oauth_verifier]

5. Send request to https://api.periscope.tv/api/v2/loginTwitter

  {
    "bundle_id": "com.bountylabs.periscope",
    "phone_number": "",
    "session_key": "oauth_token",
    "session_secret": "oauth_token_secret",
    "user_id": "user_id",
    "user_name": "user_name",
    "vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
  }

保存上次响应中的 cookie 值，并将其作为某种身份验证令牌添加到所有 JSON API 调用中.

Save cookie value from last response and add it to all JSON API calls as some kind of authentication token.

第 1 步和第 4 步中的请求应使用适当的 Authorization 标头签名，这需要 Periscope 应用程序的 consumer_key 和 consumer_secret.虽然 consumer_key 可以在第一步中被嗅探(如果您能够绕过证书锁定)consumer_secret 永远不会离开您的设备，并且您无法通过简单的流量拦截来获取它.

Requests in 1 and 4 steps should be signed with proper Authorization header which requires Periscope application's consumer_key and consumer_secret. While consumer_key can be sniffed right in first step (if you are able to bypass certificate pinning) consumer_secret never leaves your device and you can't get it with simple traffic interception.

有登录过程的 PHP 示例 https://gist.github.com/bearburger/b4d1a058c4f85b75fa83

There is PHP example of login process https://gist.github.com/bearburger/b4d1a058c4f85b75fa83

这篇关于Periscope API 中的 Twitter 登录 POST 请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！