PHP OAuth v1.0 detailed client and server process and implementation _php Tutorial

Source: Internet
Author: User
Tags hmac oauth oauth provider rfc

PHP OAuth client and server process and implementation

Introduced:

1, mainly for third-party access to user resources commonly used for third-party login authorization to obtain user information

2, is a protocol RFC-5849 (not software or services)

3. Authentication + Authorization


Flow chart:

Flowchart for each platform
163 Kaixin Sina Micro-blog

Client and service-side implementations:

1, by the flow chart we can see that the following steps are required
0, get the user key and Secret (outside the flowchart) "server/create_consumer.php"
1, GET request token and request Secret "client/get_request_token.php" 2, return request token and request Secret "server/request_token.php" 3, redirect Authorization page-"" "server/authorize.php" 4, user authorization callback--|5, get access token and access Secret " client/get_access_token.php "6, return access token with access Secret" server/access_token.php "7, call API (outside flowchart)" client/get_ api.php "8, returns the data obtained by the API (outside the flowchart)" server/api.php "

Code directory structure


2, code implementation process

0:server/create_consumer.php client generates consumer key and consumer secret

   
    '; Echo ' Consumer secret: '. SHA1 (Oauthprovider::generatetoken (40));

Oauthprovider:oauth provider Class


Generatetoken: Generate a random token

Generatetoken This function needs to pay attention to the performance of the second parameter Dev/random and the Dev/urandom performance is not detailed here do not elaborate on your own project to be tuned

For specific performance information, please refer to:/dev/random mcrypt One reason for slow response


SHA1: Generating signatures using the HMAC-SHA1 algorithm

Baidu: OAuth requests can generate signatures using the HMAC-SHA1 or MD5 algorithm.

Sina Weibo: OAuth requests generate signatures using the HMAC-SHA1 algorithm

Happy Net: Signature method, temporarily only support HMAC-SHA1


Run Results


1:client/get_request_token.php GET request token and request Secret

 
    Getrequesttoken ($request _url. '? callback_url= '. $callback _url. ' &scope=all '); Session_Start (); $_session[' oauth_token_secret '] = $tokenInfo [' Oauth_token_secret '];// This is redirected to the server authority and displayed to the user header (' Location: '. $authorize _url. '? Oauth_token= '. $token _info[' Oauth_token ');? >

The above code we will pass

Getrequesttoken ($request _url. '? callback_url= '. $callback _url. ' &scope=all ') run the service-side code

2:server/request_token.php return Request_token

 
    


By code 1 in 2 get to $oauth_token with $oauth_token_secret and oauth_callback_confirmed

Redirect to 3 after

Authorization verification This should be the user must enter the account password and then callback after I omitted the default authorization between users for the most basic implementation of the Code

  
     
Here the check is abbreviated by Default has been authorized to directly obtain a third party callback address (normally the user authorized after the server through the database to obtain a third-party callback address and the Oauth_token authorization before the Oauth_token has been an unauthorized state)

The above code through the callback address to the authorized Request_token (Oauth_token) to 5 (4 user authorization here can be added a form submitted as authorization verification)

5:client/get_access_token.php Get access token

 
    Settoken ($_get[' Oauth_token '), $_session[' Oauth_token_secret ']); $tokenInfo = $OAuth->getaccesstoken ($access _ URL); var_dump ($tokenInfo);

$tokenInfo = $OAuth->getaccesstoken ($access _url); Method asked 6

6:server/access_token.php Return to access token

   


2:get_request_token until 6:server/access_token.php process get request_token--"return request_token--" user authorization check authorize--"checksum success Callback- -"Get access token--" Return to access token
The operation results are as follows
has been redirected to Get_access_token and obtained Access_token and Access_secret
Now our client (third-party platform) obtains the following data $consumer_key:2b4e141bf09beecdeb3479cd106038100febf399
$consumer _secret:fab40ca819c25d5fb4abf3e7cae8da5c25b67d05

$request _token:? Program Intermediate data (this data is usually time-lapse) $request _secret:? Program Intermediate data (this data is usually time-lapse)
$access _TOKEN:12B6F8F6D6930E0E4D1D024C0F520527D0B84D19 (This data generally has an infinite length of time) $access _secret : c77463aff2c1abbd670cfb03df4bb4247910cb78 (This data is generally limited to unlimited length)


Now we run 7:get_api.php to 8:api.php with these parameters

7:client/get_api.php Getting API User data

 
     Settoken ($access _token, $access _secret); $result = $OAuth->fetch ($api _url, Array (), oauth_http_method_post); echo $ Oauth->getlastresponse ();


8:server/api.php Returning User Data

 
     Consumer_secret = ' fab40ca819c25d5fb4abf3e7cae8da5c25b67d05 ';    return OAUTH_OK;} function Timestampnoncehandler ($Provider) {    return OAUTH_OK;} function Tokenhandler ($Provider) {    $Provider->token = ' 12b6f8f6d6930e0e4d1d024c0f520527d0b84d19 ';    $Provider->token_secret = ' c77463aff2c1abbd670cfb03df4bb4247910cb78 ';    return OAUTH_OK;} $OAuthProvider = new Oauthprovider (); $OAuthProvider->consumerhandler (' Consumerhandler '); $OAuthProvider Timestampnoncehandler (' Timestampnoncehandler '); $OAuthProvider->tokenhandler (' Tokenhandler '); try {    $ Oauthprovider->checkoauthrequest ();} catch (Exception $exc) {die    (Var_dump ($EXC));} Echo ' User Data. ';

Run Results download

Note: PHP OAuth v1.0 configuration and turn on Php_curl to run this (above) code


http://www.bkjia.com/PHPjc/735878.html www.bkjia.com true http://www.bkjia.com/PHPjc/735878.html techarticle PHP OAuth client and server process and implementation introduction: 1, mainly used for third-party access to user resources commonly used for third-party login authorization to obtain user Information 2, is a protocol RFC-5849 ( ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.