Jawbone的UP API的OAuth和访问令牌 [英] Jawbone UP API oAuth and Access Tokens
问题描述
我已经开始今天挖到Jawbone的UP API,一切似乎在整个认证过程去罚款。问题是,一旦我得到一个访问令牌回来,它总是同样的道理,它不以任何我要求工作,我不能与refresh_token端点改变它。
I have started digging into Jawbone's UP API today and everything seems to go fine throughout the authentication process. The problem is that, once I get an access token back, it's always the same token, it doesn't work in any of my requests, and I can't change it with the refresh_token endpoint.
OAuth设置:
$url_params = array(
'response_type' => 'code',
'client_id' => CLIENT_ID,
'scope' => array('basic_read', 'extended_read', 'move_read'),
'redirect_uri' => 'https://my-site.com/up_auth.php',
);
这是附着在 https://jawbone.com/auth/oauth2/auth URL中的参数,我会发送到颚骨,并促使预期。当我接受授权与在URL中的code预计我被踢回my-site.com。然后我用code像这样
These are the parameters attached to the https://jawbone.com/auth/oauth2/auth URL and I get sent to Jawbone and prompted as expected. When I accept the authorization I get kicked back to my-site.com as expected with the code in the URL. I then use the code like so
$params = array(
'client_id' => CLIENT_ID,
'client_secret' => APP_SECRET,
'grant_type' => 'authorization_code',
'code' => $code,
);
和这些参数附加到 https://jawbone.com/auth/oauth2/token 终于获得踢回给我的服务器类似于:
And attach those parameters to https://jawbone.com/auth/oauth2/token and finally get kicked back to my server with something similar to:
{
"access_token": "REALLY_LONG_STRING",
"token_type": "Bearer",
"expires_in": 31536000,
"refresh_token": "ANOTHER_REALLY_LONG_STRING"
}
当我使用的access_token 来尝试,并得到这样的答复。
When I use access_token to try and get a response like this
$headers = array(
'Host: my-site.rhcloud.com',
'Connection: Keep-Alive',
'Accept: application/json',
"Authorization: Bearer {$_REQUEST['access_token']}",
);
$ch = curl_init('https://jawbone.com/nudge/api/v.1.1/users/@me/moves');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$o = curl_exec($ch);
curl_close($ch);
var_dump($o);
从API,每次都为回应:
from the API, this is the response every time:
{
"meta": {
"code": 401,
"error_detail": "You must be logged in to perform that action",
"error_type": "authentication_error",
"message": "Unauthorized"
},
"data": {
}
}
令牌永远不会改变,即使是在隐私浏览会话,即使我成功地刷新使用所提供的 refresh_token 和适当的API调用 - 调用成功,但颚骨给我回同样的道理。如果我测试通过颚骨API控制台相同的流量,在请求头承载令牌是从一个我来到这里的不同。请注意,我得到同样的access_token,当我试图用我妻子的Jawbone的凭据同样的过程也是如此。
The token never changes, even in a private browsing session, and even if I successfully refresh using the provided refresh_token and the proper API call - the call succeeds, but Jawbone gives me back the same token. If I test the same flow through the Jawbone API Console, the Bearer token in the request headers is different from the one I get here. Note that I get the same access_token when I attempt the same process with my wife's Jawbone credentials as well.
推荐答案
终于想通了事情的原委,并听取了关于颌骨回来。事实证明,它们对后端碰撞,如果你使用相同的权威性与两个不同的客户。
Finally figured out what was going on and heard back from Jawbone about it. It turns out that they have collisions on the backend if you use the same auth with two different clients.
有关别人运行到这个问题,不要在两个不同的上下文中同时使用同一个登录名,因为它会在怪异的方式重新AUTHS。
For anyone else that runs into this problem, don't use the same login in two different contexts simultaneously as it will reset auths in weird ways.
在我们的例子中,我们有一个经常被开发者之间共享,因为它有时是很难获得真实的数据,除非你有实际设备测试用户帐户。这是导致该做的Jawbone code怪胎了'重复'登录。
In our case, we have test user accounts that are often shared between devs since it is sometimes hard to get real data unless you have the actual device. This was causing 'duplicate' logins that made Jawbone code freak out.
我们得到了确认从Jawbone的开发制定一个内部应用程序时,谁碰到了同样的问题.....
We got confirmation from a Jawbone dev who ran into the same problem when developing an internal app.....
这篇关于Jawbone的UP API的OAuth和访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
