Periscope API 中的 Twitter 登录 POST 请求 [英] Twitter login POST request in Periscope API
问题描述
我正在尝试使用 Periscope API (https://github.com/gabrielg/periscope_api/blob/master/API.md) 在我的应用程序中.在 API 链接中,我试图将 POST 请求发送到 https://api.periscope.tv/api/v2/loginTwitter?build=v1.0.2请求正文如下
I am trying to use Periscope API (https://github.com/gabrielg/periscope_api/blob/master/API.md) in my application. As in the API link I am trying to send POST request to https://api.periscope.tv/api/v2/loginTwitter?build=v1.0.2 with request body as following
{
"bundle_id": "com.bountylabs.periscope",
"phone_number": "",
"session_key": "<twitter_user_oauth_key>",
"session_secret": "<twitter_user_oauth_secret>",
"user_id": "<twitter_user_id>",
"user_name": "<twitter_user_name>",
"vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
}
我已经在 https://apps.twitter.com/ 中有一个应用程序,但我没有知道使用什么作为 twitter_user_oauth_key 和 twitter_user_oauth_secret.你能帮忙吗?
I already have an application in https://apps.twitter.com/ but I don't know what to use as twitter_user_oauth_key and twitter_user_oauth_secret. Can you help?
推荐答案
我必须说 https://github.com/gabrielg/periscope_api/ 实现有点复杂.当您实际上只需要一个来访问 API 时,作者使用 2 组密钥(IOS_* 和 PERISCOPE_*).我没有尝试广播,但在我的 PHP 库中,所有其他函数都可以正常工作,只有他称之为 PERISCOPE_* 的一组键.
I must say https://github.com/gabrielg/periscope_api/ implementation is a bit complicated. Author using 2 sets of keys (IOS_* and PERISCOPE_*) when you actually need only one to access API. I didn't tried to broadcast but in my PHP library all other functions works without troubles with only what he call PERISCOPE_* set of keys.
作为 Periscope 应用程序访问 Twitter 后,您将从 Twitter 获得 session_secret
和 session_key
.
You will get session_secret
and session_key
from Twitter after getting access to it as Periscope application.
所以 Periscope 通过 Twitter 登录的过程看起来像
So Periscope's login via Twitter process looks like
- 通过 https://api.twitter.com/oauth/request_token请求 OAuth 令牌/li>
- 将用户重定向到 https://api.twitter.com/oauth/authorize?oauth_token=[oauth_token]
- 等待用户登录并从重定向 url 获取
oauth_token
和oauth_verifier
- 通过对https://api.twitter.com/oauth/access_token?oauth_verifier=[oauth_verifier]
- Request OAuth token via https://api.twitter.com/oauth/request_token
- Redirect user to https://api.twitter.com/oauth/authorize?oauth_token=[oauth_token]
- Wait for user login and get
oauth_token
andoauth_verifier
from redirect url - Get
oauth_token
,oauth_token_secret
,user_id
anduser_name
via request to https://api.twitter.com/oauth/access_token?oauth_verifier=[oauth_verifier] Send request to https://api.periscope.tv/api/v2/loginTwitter
{
"bundle_id": "com.bountylabs.periscope",
"phone_number": "",
"session_key": "oauth_token",
"session_secret": "oauth_token_secret",
"user_id": "user_id",
"user_name": "user_name",
"vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
}
cookie
值,并将其作为某种身份验证令牌添加到所有 JSON API 调用中.
cookie
value from last response and add it to all JSON API calls as some kind of authentication token.第 1 步和第 4 步中的请求应使用适当的 Authorization
标头签名,这需要 Periscope 应用程序的 consumer_key
和 consumer_secret
.虽然 consumer_key
可以在第一步中被嗅探(如果您能够绕过证书锁定)consumer_secret
永远不会离开您的设备,并且您无法通过简单的流量拦截来获取它.
Requests in 1 and 4 steps should be signed with proper Authorization
header which requires Periscope application's consumer_key
and consumer_secret
. While consumer_key
can be sniffed right in first step (if you are able to bypass certificate pinning) consumer_secret
never leaves your device and you can't get it with simple traffic interception.
有登录过程的 PHP 示例 https://gist.github.com/bearburger/b4d1a058c4f85b75fa83一个>
There is PHP example of login process https://gist.github.com/bearburger/b4d1a058c4f85b75fa83
这篇关于Periscope API 中的 Twitter 登录 POST 请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!