Phpoauthv1.0 describes the process and implementation of the client and server

Source: Internet
Author: User
Tags hmac oauth oauth provider
Phpoauth client and server process and implementation introduction: 1, mainly used for third parties to obtain user resources is generally used for third-party login authorization to obtain user information 2, is a protocol RFC-5849 (not software or service) 3. authentication & amp; 43; authorization flowchart: php oauth client and server processes and implementations of various platforms:
1, mainly used for third parties to obtain user resources is generally used for third-party login authorization to obtain user information 2, is a protocol RFC-5849 (not software or service) 3, authentication + authorization
Flowchart:
Flowchart of each platform
163 Kaixinnet Sina Weibo

Client and server implementation:
1. the flowchart shows that the following steps are required:
0. get the user Key and Secret (outside the flowchart) [server/create_consumer.php]
1. get Request Token and Request Secret [client/get_request_token.php] 2. return Request Token and Request Secret [server/request_token.php] 3. redirect authorization page -- "[server/authorize. php] 4. user authorization callback -- | 5. obtain Access Token and Access Secret [client/get_access_token.php] 6. return Access Token and Access Secret [server/access_token.php] 7. call the api (outside the flowchart) [client/get_api.php] 8. return the data obtained by the api (outside the flowchart) [server/api. php]

Code Directory structure


2. code implementation process

0: server/create_consumer.phpThe client generates the consumer key and consumer secret

   ';echo 'Consumer secret: ' . sha1(OAuthProvider::generateToken(40));

OAuthProvider: OAuth provider class


GenerateToken: generate a random token

GenerateToken is required for this function.Pay attention to performanceNote that the second parameter dev/random and dev/urandom are distinguished in terms of performance. this parameter is not described in detail. please optimize it according to your project.

For more information about the performance, see/dev/random Mcrypt.


Sha1: generate a signature using the HMAC-SHA1 algorithm

Baidu: OAuth requests can use HMAC-SHA1 or MD5 algorithm to generate a signature.

Sina Weibo: OAuth requests all use HMAC-SHA1 algorithms to generate signatures

Kaixinnet: signature method, currently only support HMAC-SHA1


Running result


1: client/get_request_token.php GET Request Token and Request Secret
   GetRequestToken ($ request_url .'? Callback_url = '. $ callback_url. '& scope = all'); session_start (); $ _ SESSION ['Oss _ token_secret'] = $ tokenInfo ['Oss _ token_secret ']; // redirect to the server for authorization and display it to the user header ('Location :'. $ authorize_url. '? Oauth_token = '. $ token_info ['Oss _ token']);?>

The above code will pass

GetRequestToken ($ request_url .'? Callback_url = '. $ callback_url.' & scope = all') run the server code

2: server/request_token.php returns request_token
   


Get $ oauth_token, $ oauth_token_secret, and oauth_callback_confirmed from code 1 in 2.

Then redirect to 3

3: server/authorize. php authorization verification this should be called back after the user enters the account and password. for the most basic implementation of the code, the default authorization between users is omitted.

    
Here, the verification is simple. the third-party callback address has been directly authorized by default. (normally, after the user authorizes the server to obtain the third-party callback address through the database and grant the oauth_token permission, the oauth_token remains Unauthorized)

The above code uses the callback address to pass the authorized request_token (oauth_token) to 5 (4. you can pass the authorization here and add a form to submit for authorization verification)

5: client/get_access_token.php get access token
   SetToken ($ _ GET ['Oss _ token'], $ _ SESSION ['Oss _ token_secret ']); $ tokenInfo = $ oauth-> getAccessToken ($ access_url ); var_dump ($ tokenInfo );

$ TokenInfo = $ OAuth-> getAccessToken ($ access_url); Method 6

6: server/access_token.php returns access token
   


2: get_request_token until 6: server/access_token.php process to obtain request_token -- "return request_token --" user authorization verification authorize -- "callback for verification success -- get access token --" return access token
The running result is as follows:
Always redirect to get_access_token and get the access_token and access_secret
Now our client (a third-party platform) obtains the following data: $ consumer_key: 2b4e141bf09beecdeb3479cd106038100febf399
$ Consumer_secret: fab40ca819c25d5fb4abf3e7cae8da5c25b67d05

$ Request_token :? Program intermediate data (this data is generally valid) $ request_secret :? Intermediate program data (this data is generally valid)
$ Access_token: Hour (this data generally has an unlimited validity period) $ access_secret: c77463aff2c1abbd670cfb03df4bb00007910cb78 (this data generally has an unlimited validity period)


Now we can use these parameters to run 7: get_api.php to 8: api. php7: client/get_api.php to obtain api user data.
    setToken($access_token, $access_secret);$result = $OAuth->fetch($api_url, array(), OAUTH_HTTP_METHOD_POST);echo $OAuth->getLastResponse();


8: server/api. php returns user data
    consumer_secret = 'fab40ca819c25d5fb4abf3e7cae8da5c25b67d05';    return OAUTH_OK;}function timestampNonceHandler($Provider) {    return OAUTH_OK;}function tokenHandler($Provider) {    $Provider->token = '12b6f8f6d6930e0e4d1d024c0f520527d0b84d19';    $Provider->token_secret = 'c77463aff2c1abbd670cfb03df4bb4247910cb78';    return OAUTH_OK;}$OAuthProvider = new OAuthProvider();$OAuthProvider->consumerHandler('consumerHandler');$OAuthProvider->timestampNonceHandler('timestampNonceHandler');$OAuthProvider->tokenHandler('tokenHandler');try {    $OAuthProvider->checkOAuthRequest();} catch (Exception $exc) {    die(var_dump($exc));}echo 'User Data..';

Download running result

Note: After php oauth v1.0 is configured and php_curl is enabled, the above code can be run.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.