如何使用PHP读取OAuth请求参数? [英] How to read the OAuth request parameters with PHP?
问题描述
我尝试使用双腿OAuth作为身份验证机制将iPhone应用程序连接到PHP API。我使用 http://code.google.com/p中的PHP和Objective-C 2.0库/ oauth / 。问题是,当我试图用Objective-C发出一个GET请求时,它不包含请求URI中的OAuth参数,就像PHP库在发布OAuth GET请求时一样:
http://www.mysite.com/oauth/index.php?oauth_consumer_key=key&oauth_nonce=XXXXXXXX&oauth_signature=XXXXXXXXXXX%3D&oauth_signature_method=HMAC-SHA1& ; oauth_timestamp = 1309863754& oauth_version = 1.0
相反,它将OAuth参数放入Authorization标头中:
授权:OAuth realm =,oauth_consumer_key =XXXXX,oauth_token =XXXX-XXXX,
oauth_signature_method =HMAC-SHA1,oauth_signature =XXXXXXXX,
oauth_timestamp =1309863855,oauth_nonce =XXXX-XXX-XX-XX-XXXXXXX,oauth_version =1.0
我想这两种方式对于OAuth规范同样有效,对吧?
使用PHP读取授权标头的最佳方式是什么?
我想这两种方式对OAuth规范同样有效,对吧?
是的,
使用PHP读取授权标题的最佳方式是什么?
PHP中的请求标题存储在 $ _ SERVER 超全局数组中,每个标题作为它自己的条目: $ _ SERVER ['HTTP_AUTHORIZATION'] 最有可能在你的情况下,只要做
$ p $ var_dump($ _服务器);
并查找信息。 PHP处理HTTP请求的详细信息。
< h2> PHP中缺少授权头
不幸的是, Authorization 头被PHP(?)过滤掉了,所以它不是部分 $ _ SERVER 。
解决方法:apache_request_headers()
使用PHP作为Apache模块时,解决方法是使用 apache_request_headers() 函数检索所有请求标头。
$ b
解决方法:mod_rewrite
对于F / CGI来说,一个解决方法是将带有Mod_Rewrite的授权标头设置为一个环境变量,以模拟PHP的方案转换HTTP请求标头:
RewriteEngine on
RewriteCond%{HTTP:Authorization} ^(。*)$ [NC]
RewriteRule。* - [E = HTTP_AUTHORIZATION:%1]
mod_rewrite解决方案也适用于使用mod_php运行的PHP。帽子提示Jon Nylander。
I'm trying to connect an iPhone app to a PHP API using 2-legged OAuth as the Authentication mechanism. I'm using the PHP and Objective-C 2.0 libraries from http://code.google.com/p/oauth/ . The problem is that when I'm trying to issue a GET request with Objective-C, it doesn't include the OAuth parameters in the request URI, like the PHP library does when issuing an OAuth GET request:
http://www.mysite.com/oauth/index.php?oauth_consumer_key=key&oauth_nonce=XXXXXXXX&oauth_signature=XXXXXXXXXXX%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1309863754&oauth_version=1.0
Instead it puts the OAuth parameters in an Authorization header:
Authorization: OAuth realm="", oauth_consumer_key="XXXXX", oauth_token="XXXX-XXXX",
oauth_signature_method="HMAC-SHA1", oauth_signature="XXXXXXXX",
oauth_timestamp="1309863855", oauth_nonce="XXXX-XXX-XX-XX-XXXXXXX", oauth_version="1.0"
I suppose that both ways are equally valid for the OAuth specs, right?
What's the best way I can read the Authorization header with PHP?
I suppose that both ways are equally valid for the OAuth specs, right?
Yes, right.
What's the best way I can read the Authorization header with PHP?
Request headers in PHP are stored in the $_SERVER superglobal array, each header as an entry of it's own: $_SERVER['HTTP_AUTHORIZATION'] most probably in your case, just do
var_dump($_SERVER);
and look for the info. Detailed information how PHP deals with the HTTP request.
Authorization header missing in PHP
Unfortunately the Authorization header is filtered by PHP(?), so it's not part of $_SERVER.
Workaround: apache_request_headers()
When using PHP as an Apache module, a workaround is to use the apache_request_headers() function to retrieve all request headers.
Workaround: mod_rewrite
For F/CGI a workaround is to set the Authorization header with Mod_Rewrite into a environment variable that mimics PHP's scheme converting HTTP request headers:
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)$ [NC]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%1]
The mod_rewrite solution should work for PHP running with mod_php as well. Hat tip Jon Nylander.
这篇关于如何使用PHP读取OAuth请求参数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
