Backend Development
PHP Tutorial
php oauth v1.0 Detailed explanation of client and server processes and implementation_PHP tutorial
php oauth v1.0 Detailed explanation of client and server processes and implementation_PHP tutorial
php oauth client and server process and implementation
Introduction:
1. Mainly used for third parties to obtain user resources. Commonly used for third-party login authorization to obtain user information
2. It is a protocol RFC-5849 (not a software or service)
3. Authentication + Authorization
Flow chart:
| 163 | 开心网 | 新浪微博 |
|---|---|---|
 |
 |
 |
Client and server implementation:
1. From the flow chart, we can see that the following steps are required
0. Obtain the user Key and Secret (outside the flow chart) [server/create_consumer.php]
1. Get Request Token and Request Secret [client/get_request_token.php] 2. Return Request Token and Request Secret [server/request_token.php] 3. Redirect the authorization page——" 【server/authorize.php】 4. User authorization callback ——| 5. Obtain Access Token and Access Secret [client/get_access_token.php] 6. Return Access Token and Access Secret [server/access_token.php] 7. Call api (outside the flow chart) [client/get_api.php] 8. Return the data obtained by the api (outside the flow chart) [server/api.php]Code directory structure
2. Code implementation process
0: server/create_consumer.phpThe client generates consumer key and consumer secret
<?php echo 'Consumer key: ' . sha1(OAuthProvider::generateToken(40)); echo '<br/>'; echo 'Consumer secret: ' . sha1(OAuthProvider::generateToken(40));Copy after loginOAuthProvider: OAuth provider class
generateToken: Generate a random token
The generateToken function requires pay attention to performanceWe pay attention to the performance difference between the second parameter dev/random and dev/urandom. There is no detailed explanation here. Please tune it according to your own project
For specific performance information, please refer to: /dev/random One reason why Mcrypt responds slowly
sha1: Generate signature using HMAC-SHA1 algorithm
Baidu: OAuth requests can use HMAC-SHA1 or MD5 algorithms to generate signatures.
Sina Weibo: OAuth requests use the HMAC-SHA1 algorithm to generate signatures
Kaixin.com: Signature method, currently only supports HMAC-SHA1
Run results
1: client/get_request_token.php gets Request Token and Request Secret
<?php $consumer_key = '2b4e141bf09beecdeb3479cd106038100febf399'; $consumer_secret = 'fab40ca819c25d5fb4abf3e7cae8da5c25b67d05'; $request_url = 'http://localhost/test/server/request_token.php';//获取服务器request_token地址 $callback_url = 'http://localhost/test/client/get_access_token.php';//回调本地地址 $authorize_url = 'http://localhost/test/server/authorize.php';//服务端授权验证地址 $oauth = new OAuth($consumer_key, $consumer_secret); //获取到 //oauth_token指的是request_token //oauth_token_secret指的是request_secret //scope 申请权限所需参数 all或无此参数默认是所有权限 $token_info = $oauth->getRequestToken($request_url . '?callback_url=' . $callback_url . '&scope=all'); session_start(); $_SESSION['oauth_token_secret'] = $tokenInfo['oauth_token_secret']; //此时重定向到服务端授权并显示给用户 header('Location: '.$authorize_url.'?oauth_token=' . $token_info['oauth_token']); ?>Copy after login
We will pass the above code
getRequestToken($request_url . '?callback_url=' . $callback_url . '&scope=all') runs the server code
2:server/request_token.php Return request_token
<?php $oauth_token = sha1(OAuthProvider::generateToken(40)); $oauth_token_secret = sha1(OAuthProvider::generateToken(40)); //oauth_callback_confirmed:对oauth_callback的确认信号 (true/false) echo "oauth_token=$oauth_token&oauth_token_secret=$oauth_token_secret&oauth_callback_confirmed=true";Copy after login
Obtain $oauth_token, $oauth_token_secret and oauth_callback_confirmed
through code 1 in 2then redirect to 3
3:server/authorize.php
Authorization verification This should require the user to enter their account and password before calling back. For the most basic implementation of the code, I omitted the default authorization between users
<?php $callback_url = 'http://localhost/test/client/get_access_token.php';//回调本地地址 header('location: '.$callback_url.'?oauth_token=' . $_REQUEST['oauth_token']);Copy after login
The verification here is simple. By default, the third-party callback address has been authorized and directly obtained (the normal situation is that after the user authorizes, the server obtains the third-party callback address through the database and authorizes the oauth_token. Before, the oauth_token has always been in an unauthorized state)
The above code passes the authorized request_token (oauth_token) to 5 through the callback address (if 4 users authorize themselves, you can add a form submission here as authorization verification)
5: client/get_access_token.php gets access token
<?php $consumer_key = '2b4e141bf09beecdeb3479cd106038100febf399'; $consumer_secret = 'fab40ca819c25d5fb4abf3e7cae8da5c25b67d05'; $access_url = 'http://localhost/test/server/access_token.php';//获取服务器access_token地址 $OAuth = new OAuth($consumer_key, $consumer_secret); $OAuth->setToken($_GET['oauth_token'], $_SESSION['oauth_token_secret']); $tokenInfo = $OAuth->getAccessToken($access_url); var_dump($tokenInfo);Copy after login
$tokenInfo = $OAuth->getAccessToken($access_url); Method asked 6
6: server/access_token.php returns access token
<?php $access_token = sha1(OAuthProvider::generateToken(40)); $access_secret = sha1(OAuthProvider::generateToken(40)); echo "access_token=$access_token&access_secret=$access_secret";Copy after login
2: get_request_token until 6: server/access_token.php process Get request_token——》Return request_token——》User authorization verification authorize——》Verification success callback——》Get access token——>Return access token
The running results are as follows
Redirected to get_access_token and obtained access_token and access_secret
Now our client (third-party platform) has obtained the following data $consumer_key: 2b4e141bf09beecdeb3479cd106038100febf399
$consumer_secret: fab40ca819c25d5fb4abf3e7cae8da5c25b67d05
$request_token:? Program intermediate data (this data is generally time-sensitive) $request_secret:? Program intermediate data (this data is generally time-sensitive)
$access_token: 12b6f8f6d6930e0e4d1d024c0f520527d0b84d19 (This data generally has unlimited validity) $access_secret: c77463aff2c1abbd670cfb03df4bb4247910cb78 (This data generally has unlimited validity)
Now we run 7:get_api.php to 8:api.php with these parameters7: client/get_api.php gets api user data
<?php $consumer_key = '2b4e141bf09beecdeb3479cd106038100febf399'; $consumer_secret = 'fab40ca819c25d5fb4abf3e7cae8da5c25b67d05'; $access_token = '12b6f8f6d6930e0e4d1d024c0f520527d0b84d19'; $access_secret = 'c77463aff2c1abbd670cfb03df4bb4247910cb78'; $api_url='http://localhost/test/server/api.php'; $OAuth = new OAuth($consumer_key, $consumer_secret); $OAuth->setToken($access_token, $access_secret); $result = $OAuth->fetch($api_url, array(), OAUTH_HTTP_METHOD_POST); echo $OAuth->getLastResponse();Copy after login
8: server/api.php returns user data
<?php function consumerHandler($Provider) { $Provider->consumer_secret = 'fab40ca819c25d5fb4abf3e7cae8da5c25b67d05'; return OAUTH_OK; } function timestampNonceHandler($Provider) { return OAUTH_OK; } function tokenHandler($Provider) { $Provider->token = '12b6f8f6d6930e0e4d1d024c0f520527d0b84d19'; $Provider->token_secret = 'c77463aff2c1abbd670cfb03df4bb4247910cb78'; return OAUTH_OK; } $OAuthProvider = new OAuthProvider(); $OAuthProvider->consumerHandler('consumerHandler'); $OAuthProvider->timestampNonceHandler('timestampNonceHandler'); $OAuthProvider->tokenHandler('tokenHandler'); try { $OAuthProvider->checkOAuthRequest(); } catch (Exception $exc) { die(var_dump($exc)); } echo 'User Data..';Copy after login
Running resultsDownload
Note: php oauth v1.0 must be configured and php_curl enabled to run this (above) code
Download
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1387
52
Detailed explanation of obtaining administrator rights in Win11
Mar 08, 2024 pm 03:06 PM
Windows operating system is one of the most popular operating systems in the world, and its new version Win11 has attracted much attention. In the Win11 system, obtaining administrator rights is an important operation. Administrator rights allow users to perform more operations and settings on the system. This article will introduce in detail how to obtain administrator permissions in Win11 system and how to effectively manage permissions. In the Win11 system, administrator rights are divided into two types: local administrator and domain administrator. A local administrator has full administrative rights to the local computer
Detailed explanation of the mode function in C++
Nov 18, 2023 pm 03:08 PM
Detailed explanation of the mode function in C++ In statistics, the mode refers to the value that appears most frequently in a set of data. In C++ language, we can find the mode in any set of data by writing a mode function. The mode function can be implemented in many different ways, two of the commonly used methods will be introduced in detail below. The first method is to use a hash table to count the number of occurrences of each number. First, we need to define a hash table with each number as the key and the number of occurrences as the value. Then, for a given data set, we run
Detailed explanation of division operation in Oracle SQL
Mar 10, 2024 am 09:51 AM
Detailed explanation of division operation in OracleSQL In OracleSQL, division operation is a common and important mathematical operation, used to calculate the result of dividing two numbers. Division is often used in database queries, so understanding the division operation and its usage in OracleSQL is one of the essential skills for database developers. This article will discuss the relevant knowledge of division operations in OracleSQL in detail and provide specific code examples for readers' reference. 1. Division operation in OracleSQL
Detailed explanation of remainder function in C++
Nov 18, 2023 pm 02:41 PM
Detailed explanation of the remainder function in C++ In C++, the remainder operator (%) is used to calculate the remainder of the division of two numbers. It is a binary operator whose operands can be any integer type (including char, short, int, long, etc.) or a floating-point number type (such as float, double). The remainder operator returns a result with the same sign as the dividend. For example, for the remainder operation of integers, we can use the following code to implement: inta=10;intb=3;
Detailed explanation of the role and usage of PHP modulo operator
Mar 19, 2024 pm 04:33 PM
The modulo operator (%) in PHP is used to obtain the remainder of the division of two numbers. In this article, we will discuss the role and usage of the modulo operator in detail, and provide specific code examples to help readers better understand. 1. The role of the modulo operator In mathematics, when we divide an integer by another integer, we get a quotient and a remainder. For example, when we divide 10 by 3, the quotient is 3 and the remainder is 1. The modulo operator is used to obtain this remainder. 2. Usage of the modulo operator In PHP, use the % symbol to represent the modulus
Detailed explanation of the linux system call system() function
Feb 22, 2024 pm 08:21 PM
Detailed explanation of Linux system call system() function System call is a very important part of the Linux operating system. It provides a way to interact with the system kernel. Among them, the system() function is one of the commonly used system call functions. This article will introduce the use of the system() function in detail and provide corresponding code examples. Basic Concepts of System Calls System calls are a way for user programs to interact with the operating system kernel. User programs request the operating system by calling system call functions
Detailed explanation of Linux curl command
Feb 21, 2024 pm 10:33 PM
Detailed explanation of Linux's curl command Summary: curl is a powerful command line tool used for data communication with the server. This article will introduce the basic usage of the curl command and provide actual code examples to help readers better understand and apply the command. 1. What is curl? curl is a command line tool used to send and receive various network requests. It supports multiple protocols, such as HTTP, FTP, TELNET, etc., and provides rich functions, such as file upload, file download, data transmission, proxy
Learn more about Promise.resolve()
Feb 18, 2024 pm 07:13 PM
Detailed explanation of Promise.resolve() requires specific code examples. Promise is a mechanism in JavaScript for handling asynchronous operations. In actual development, it is often necessary to handle some asynchronous tasks that need to be executed in sequence, and the Promise.resolve() method is used to return a Promise object that has been fulfilled. Promise.resolve() is a static method of the Promise class, which accepts a
