PHP OAuth v1.0 detailed client and server process and implementation _php Tutorial

PHP OAuth client and server process and implementation

Introduced:

1, mainly for third-party access to user resources commonly used for third-party login authorization to obtain user information

2, is a protocol RFC-5849 (not software or services)

3. Authentication + Authorization

Flow chart:

Flowchart for each platform

163	Kaixin	Sina Micro-blog

Client and service-side implementations:

1, by the flow chart we can see that the following steps are required

0, get the user key and Secret (outside the flowchart) "server/create_consumer.php"

1, GET request token and request Secret "client/get_request_token.php" 2, return request token and request Secret "server/request_token.php" 3, redirect Authorization page-"" "server/authorize.php" 4, user authorization callback--|5, get access token and access Secret " client/get_access_token.php "6, return access token with access Secret" server/access_token.php "7, call API (outside flowchart)" client/get_ api.php "8, returns the data obtained by the API (outside the flowchart)" server/api.php "

Code directory structure

2, code implementation process

0:server/create_consumer.php client generates consumer key and consumer secret

   
    '; Echo ' Consumer secret: '. SHA1 (Oauthprovider::generatetoken (40));

Oauthprovider:oauth provider Class

Generatetoken: Generate a random token

Generatetoken This function needs to pay attention to the performance of the second parameter Dev/random and the Dev/urandom performance is not detailed here do not elaborate on your own project to be tuned

For specific performance information, please refer to:/dev/random mcrypt One reason for slow response

SHA1: Generating signatures using the HMAC-SHA1 algorithm

Baidu: OAuth requests can generate signatures using the HMAC-SHA1 or MD5 algorithm.

Sina Weibo: OAuth requests generate signatures using the HMAC-SHA1 algorithm

Happy Net: Signature method, temporarily only support HMAC-SHA1

Run Results

1:client/get_request_token.php GET request token and request Secret

 
    Getrequesttoken ($request _url. '? callback_url= '. $callback _url. ' &scope=all '); Session_Start (); $_session[' oauth_token_secret '] = $tokenInfo [' Oauth_token_secret '];// This is redirected to the server authority and displayed to the user header (' Location: '. $authorize _url. '? Oauth_token= '. $token _info[' Oauth_token ');? >

The above code we will pass

Getrequesttoken ($request _url. '? callback_url= '. $callback _url. ' &scope=all ') run the service-side code

2:server/request_token.php return Request_token

 
    

By code 1 in 2 get to $oauth_token with $oauth_token_secret and oauth_callback_confirmed
Redirect to 3 after
Authorization verification This should be the user must enter the account password and then callback after I omitted the default authorization between users for the most basic implementation of the Code
  
     
Here the check is abbreviated by  Default has been authorized to directly obtain a third party callback address (normally the user authorized after the server through the database to obtain a third-party callback address and the Oauth_token authorization before the Oauth_token has been an unauthorized state)

The above code through the callback address to the authorized Request_token (Oauth_token) to 5 (4 user authorization here can be added a form submitted as authorization verification)

5:client/get_access_token.php Get access token

 
    Settoken ($_get[' Oauth_token '), $_session[' Oauth_token_secret ']); $tokenInfo = $OAuth->getaccesstoken ($access _ URL); var_dump ($tokenInfo);

$tokenInfo = $OAuth->getaccesstoken ($access _url); Method asked 6

6:server/access_token.php Return to access token

   


2:get_request_token until 6:server/access_token.php process get request_token--"return request_token--" user authorization check authorize--"checksum success Callback- -"Get access token--" Return to access token
The operation results are as follows
has been redirected to Get_access_token and obtained Access_token and Access_secret
Now our client (third-party platform) obtains the following data $consumer_key:2b4e141bf09beecdeb3479cd106038100febf399
$consumer _secret:fab40ca819c25d5fb4abf3e7cae8da5c25b67d05

$request _token:? Program Intermediate data (this data is usually time-lapse) $request _secret:? Program Intermediate data (this data is usually time-lapse)
$access _TOKEN:12B6F8F6D6930E0E4D1D024C0F520527D0B84D19 (This data generally has an infinite length of time) $access _secret : c77463aff2c1abbd670cfb03df4bb4247910cb78 (This data is generally limited to unlimited length)


Now we run 7:get_api.php to 8:api.php with these parameters
7:client/get_api.php Getting API User data
 
     Settoken ($access _token, $access _secret); $result = $OAuth->fetch ($api _url, Array (), oauth_http_method_post); echo $ Oauth->getlastresponse ();


8:server/api.php Returning User Data
 
     Consumer_secret = ' fab40ca819c25d5fb4abf3e7cae8da5c25b67d05 ';    return OAUTH_OK;} function Timestampnoncehandler ($Provider) {    return OAUTH_OK;} function Tokenhandler ($Provider) {    $Provider->token = ' 12b6f8f6d6930e0e4d1d024c0f520527d0b84d19 ';    $Provider->token_secret = ' c77463aff2c1abbd670cfb03df4bb4247910cb78 ';    return OAUTH_OK;} $OAuthProvider = new Oauthprovider (); $OAuthProvider->consumerhandler (' Consumerhandler '); $OAuthProvider Timestampnoncehandler (' Timestampnoncehandler '); $OAuthProvider->tokenhandler (' Tokenhandler '); try {    $ Oauthprovider->checkoauthrequest ();} catch (Exception $exc) {die    (Var_dump ($EXC));} Echo ' User Data. ';

Run Results download
Note: PHP OAuth v1.0 configuration and turn on Php_curl to run this (above) code

http://www.bkjia.com/PHPjc/735878.html www.bkjia.com true http://www.bkjia.com/PHPjc/735878.html techarticle PHP OAuth client and server process and implementation introduction: 1, mainly used for third-party access to user resources commonly used for third-party login authorization to obtain user Information 2, is a protocol RFC-5849 ( ...

