Home > Backend Development > PHP Tutorial > php oauth v1.0 Detailed explanation of client and server processes and implementation_PHP tutorial

php oauth v1.0 Detailed explanation of client and server processes and implementation_PHP tutorial

WBOY
Release: 2016-07-13 10:37:21
Original
1187 people have browsed it

php oauth client and server process and implementation

Introduction:

1. Mainly used for third parties to obtain user resources. Commonly used for third-party login authorization to obtain user information

2. It is a protocol RFC-5849 (not a software or service)

3. Authentication + Authorization


Flow chart:

各平台流程图
163 开心网 新浪微博

Client and server implementation:

1. From the flow chart, we can see that the following steps are required
0. Obtain the user Key and Secret (outside the flow chart) [server/create_consumer.php]
1. Get Request Token and Request Secret [client/get_request_token.php] 2. Return Request Token and Request Secret [server/request_token.php] 3. Redirect the authorization page——" 【server/authorize.php】 4. User authorization callback ——| 5. Obtain Access Token and Access Secret [client/get_access_token.php] 6. Return Access Token and Access Secret [server/access_token.php] 7. Call api (outside the flow chart) [client/get_api.php] 8. Return the data obtained by the api (outside the flow chart) [server/api.php]

Code directory structure


2. Code implementation process

0: server/create_consumer.phpThe client generates consumer key and consumer secret

<?php

echo 'Consumer key: ' . sha1(OAuthProvider::generateToken(40));
echo '<br/>';
echo 'Consumer secret: ' . sha1(OAuthProvider::generateToken(40));
Copy after login

OAuthProvider: OAuth provider class


generateToken: Generate a random token

The generateToken function requires pay attention to performanceWe pay attention to the performance difference between the second parameter dev/random and dev/urandom. There is no detailed explanation here. Please tune it according to your own project

For specific performance information, please refer to: /dev/random One reason why Mcrypt responds slowly


sha1: Generate signature using HMAC-SHA1 algorithm

Baidu: OAuth requests can use HMAC-SHA1 or MD5 algorithms to generate signatures.

Sina Weibo: OAuth requests use the HMAC-SHA1 algorithm to generate signatures

Kaixin.com: Signature method, currently only supports HMAC-SHA1


Run results


1: client/get_request_token.php gets Request Token and Request Secret

<?php

$consumer_key = '2b4e141bf09beecdeb3479cd106038100febf399';
$consumer_secret = 'fab40ca819c25d5fb4abf3e7cae8da5c25b67d05';

$request_url = 'http://localhost/test/server/request_token.php';//获取服务器request_token地址
$callback_url = 'http://localhost/test/client/get_access_token.php';//回调本地地址
$authorize_url = 'http://localhost/test/server/authorize.php';//服务端授权验证地址

$oauth = new OAuth($consumer_key, $consumer_secret);

//获取到
//oauth_token指的是request_token
//oauth_token_secret指的是request_secret
//scope 申请权限所需参数 all或无此参数默认是所有权限
$token_info = $oauth->getRequestToken($request_url . '?callback_url=' . $callback_url . '&scope=all');

session_start();
$_SESSION['oauth_token_secret'] = $tokenInfo['oauth_token_secret'];

//此时重定向到服务端授权并显示给用户
header('Location: '.$authorize_url.'?oauth_token=' . $token_info['oauth_token']);
?>
Copy after login

We will pass the above code

getRequestToken($request_url . '?callback_url=' . $callback_url . '&scope=all') runs the server code

2:server/request_token.php Return request_token

<?php

$oauth_token = sha1(OAuthProvider::generateToken(40));
$oauth_token_secret = sha1(OAuthProvider::generateToken(40));

//oauth_callback_confirmed:对oauth_callback的确认信号 (true/false)
echo "oauth_token=$oauth_token&oauth_token_secret=$oauth_token_secret&oauth_callback_confirmed=true";
Copy after login


Obtain $oauth_token, $oauth_token_secret and oauth_callback_confirmed

through code 1 in 2

then redirect to 3

3:server/authorize.php

Authorization verification This should require the user to enter their account and password before calling back. For the most basic implementation of the code, I omitted the default authorization between users

<?php

$callback_url = 'http://localhost/test/client/get_access_token.php';//回调本地地址
header('location: '.$callback_url.'?oauth_token=' . $_REQUEST['oauth_token']);
Copy after login

The verification here is simple. By default, the third-party callback address has been authorized and directly obtained (the normal situation is that after the user authorizes, the server obtains the third-party callback address through the database and authorizes the oauth_token. Before, the oauth_token has always been in an unauthorized state)

The above code passes the authorized request_token (oauth_token) to 5 through the callback address (if 4 users authorize themselves, you can add a form submission here as authorization verification)

5: client/get_access_token.php gets access token

<?php

$consumer_key = '2b4e141bf09beecdeb3479cd106038100febf399';
$consumer_secret = 'fab40ca819c25d5fb4abf3e7cae8da5c25b67d05';

$access_url = 'http://localhost/test/server/access_token.php';//获取服务器access_token地址

$OAuth = new OAuth($consumer_key, $consumer_secret);
$OAuth->setToken($_GET['oauth_token'], $_SESSION['oauth_token_secret']);

$tokenInfo = $OAuth->getAccessToken($access_url);

var_dump($tokenInfo);
Copy after login

$tokenInfo = $OAuth->getAccessToken($access_url); Method asked 6

6: server/access_token.php returns access token

<?php

$access_token = sha1(OAuthProvider::generateToken(40));
$access_secret = sha1(OAuthProvider::generateToken(40));
echo "access_token=$access_token&access_secret=$access_secret";
Copy after login



2: get_request_token until 6: server/access_token.php process Get request_token——》Return request_token——》User authorization verification authorize——》Verification success callback——》Get access token——>Return access token
The running results are as follows
Redirected to get_access_token and obtained access_token and access_secret
Now our client (third-party platform) has obtained the following data $consumer_key: 2b4e141bf09beecdeb3479cd106038100febf399
$consumer_secret: fab40ca819c25d5fb4abf3e7cae8da5c25b67d05

$request_token:? Program intermediate data (this data is generally time-sensitive) $request_secret:? Program intermediate data (this data is generally time-sensitive)
$access_token: 12b6f8f6d6930e0e4d1d024c0f520527d0b84d19 (This data generally has unlimited validity) $access_secret: c77463aff2c1abbd670cfb03df4bb4247910cb78 (This data generally has unlimited validity)


Now we run 7:get_api.php to 8:api.php with these parameters

7: client/get_api.php gets api user data

<?php

$consumer_key = '2b4e141bf09beecdeb3479cd106038100febf399';
$consumer_secret = 'fab40ca819c25d5fb4abf3e7cae8da5c25b67d05';
$access_token = '12b6f8f6d6930e0e4d1d024c0f520527d0b84d19';
$access_secret = 'c77463aff2c1abbd670cfb03df4bb4247910cb78';
$api_url='http://localhost/test/server/api.php';

$OAuth = new OAuth($consumer_key, $consumer_secret);
$OAuth->setToken($access_token, $access_secret);
$result = $OAuth->fetch($api_url, array(), OAUTH_HTTP_METHOD_POST);

echo $OAuth->getLastResponse();
Copy after login


8: server/api.php returns user data

<?php

function consumerHandler($Provider) {
    $Provider->consumer_secret = 'fab40ca819c25d5fb4abf3e7cae8da5c25b67d05';
    return OAUTH_OK;
}

function timestampNonceHandler($Provider) {
    return OAUTH_OK;
}

function tokenHandler($Provider) {
    $Provider->token = '12b6f8f6d6930e0e4d1d024c0f520527d0b84d19';
    $Provider->token_secret = 'c77463aff2c1abbd670cfb03df4bb4247910cb78';
    return OAUTH_OK;
}

$OAuthProvider = new OAuthProvider();
$OAuthProvider->consumerHandler('consumerHandler');
$OAuthProvider->timestampNonceHandler('timestampNonceHandler');
$OAuthProvider->tokenHandler('tokenHandler');

try {
    $OAuthProvider->checkOAuthRequest();
} catch (Exception $exc) {
    die(var_dump($exc));
}

echo 'User Data..';
Copy after login

Running results php oauth v1.0 Detailed explanation of client and server processes and implementation_PHP tutorialDownload

Note: php oauth v1.0 must be configured and php_curl enabled to run this (above) code


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/735878.htmlTechArticlephp oauth client and server process and implementation introduction: 1. Mainly used by third parties to obtain user resources. Authorize third-party login to obtain user information 2. It is a protocol RFC-5849 (...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template