在PHP中访问RESTAPI的Oauth身份验证_Php_Api_Rest_Oauth_2 Legged

在PHP中访问RESTAPI的Oauth身份验证

php api rest oauth

在PHP中访问RESTAPI的Oauth身份验证,php,api,rest,oauth,2-legged,Php,Api,Rest,Oauth,2 Legged,我正在用PHP（Codeigniter）开发RESTAPI，并试图为API访问实现oauth 2段式身份验证。将API与网站或移动应用程序集成时，开发人员将在编码中使用一对凭据访问API（，因此没有最终用户授权网站或移动应用程序）到目前为止，我所实现的看起来像是0-legged。我只是使用使用者机密和空访问令牌对请求进行oauth签名（HMAC_SHA1）。但是根据我在别处读到的一些答案，对请求进行签名并验证签名是oauth 2-leg实现所需要完成的全部工作（请参阅）这是我目前在PHP中实

我正在用PHP（Codeigniter）开发RESTAPI，并试图为API访问实现oauth 2段式身份验证。将API与网站或移动应用程序集成时，开发人员将在编码中使用一对凭据访问API（，因此没有最终用户授权网站或移动应用程序）

到目前为止，我所实现的看起来像是0-legged。我只是使用使用者机密和空访问令牌对请求进行oauth签名（HMAC_SHA1）。但是根据我在别处读到的一些答案，对请求进行签名并验证签名是oauth 2-leg实现所需要完成的全部工作（请参阅）

这是我目前在PHP中实现的客户端

    <?php
// Just a demo for the client side implementation of oauth signed requests.

require_once ("oauth/oauth.php"); // Google oauth library 

function send_request($method = '', $api_endpoint = '',$request_params = array()){
    $consumer = new OAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET);
    $sig_method = new OAuthSignatureMethod_HMAC_SHA1;

    //use oauth lib to sign request
    $req = OAuthRequest::from_consumer_and_token($consumer, null, $method, $api_endpoint, $request_params);
    $sig_method = new OAuthSignatureMethod_HMAC_SHA1();
    $req->sign_request($sig_method, $consumer, null);//note: double entry of token

    if($method == 'GET'){
        echo "<br />".$req->to_url();
        $ch = curl_init($req->to_url());
        curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);

        $result = curl_exec($ch);
        $curl_info = curl_getinfo($ch);
        //print_r($curl_info);
        $error = curl_error($ch);
        //print_r($error);
        curl_close($ch);

        return $result;

    }elseif($method == 'POST'){

        $ch = curl_init(); 
        curl_setopt($ch,CURLOPT_URL,$api_endpoint);                   
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);        
        curl_setopt($ch, CURLOPT_HEADER,'Content-Type: application/x-www-form-urlencoded');
        //echo "<br />".$req->to_url();
        //echo "<br />Post data: ".$req->to_postdata();
        //curl_setopt($ch, CURLOPT_POSTFIELDS, $req->to_postdata());
        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($request_params));

        $result = curl_exec($ch);
        $curl_info = curl_getinfo($ch);        
        print_r($curl_info);
        $error = curl_error($ch);
        //print_r($error);
        curl_close($ch);            

        return $result;
    }
}

// API consumer key and secret
define('CONSUMER_KEY', 'd4hkilp1z0pqj7158y0j');
define('CONSUMER_SECRET', 'rqhzan3mdx7wov3gvh4u');

// Authorize 
// Get products from odw api
$api_endpoint = 'http://testgapi.local/api/product/search'; // search/format/json , search/format/xml
$request_params = array();
$request_params['category_type'] = 'Tour';
$request_params['location'] = 'Las Vegas';
$request_params['start_date'] = '09/22/2015';
$request_params['end_date'] = '12/31/2015';

$result = send_request('GET', $api_endpoint, $request_params); // Call REST service with GET method
//$result = send_request('POST', $api_endpoint, $request_params);

print_r($result);
//echo $result;
?>

请求的服务器端验证（在Codeigniter中）。。 controllers/api/Product.php

<?php
defined('BASEPATH') or exit('No direct script access allowed');

require APPPATH . '/libraries/REST_Controller.php';

class Product extends REST_Controller
{

    var $valid_request;

    function __construct()
    {
        // Construct the parent class
        parent::__construct();

        $this->load->library('Oauth_server');
    }

    public function search_get()
    {
        $this->valid_request = $this->oauth_server->validate_request();

        if (!$this->valid_request)
        {
            $response = array(
                'status' => "Failed",
                'error_message' => "Access Denied.",
                );
            return $this->response($response, 201); // NO_CONTENT (204) being the HTTP response code
        } else
        {
            // Do something
        }
    }
} // End of class
?>

库/Oauth_server.php

<?php
require_once (APPPATH . "libraries/oauth/oauth.php"); // Google oauth library

class Oauth_server {

    var $CI;
    function __construct(){
        // Nothing to do yet.
        $this->CI = &get_instance();
    }

    function validate_request(){
        //echo "<br />".
        $consumer_key = !empty($_REQUEST['oauth_consumer_key'])? $_REQUEST['oauth_consumer_key'] : ""; 
        // Use the oauth_consumer_key in the client request to find the secret in our system. 
        $secret = $this->get_consumer_secret($consumer_key);

        $consumer = new OAuthConsumer($consumer_key, $secret);
        $sig_method = new OAuthSignatureMethod_HMAC_SHA1;

        //echo "<br />Method: ".
        $method = $_SERVER['REQUEST_METHOD'];
        //echo "<br />URI: ".
        $uri = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
        $sig = $_REQUEST['oauth_signature'];    
        $req = new OAuthRequest($method, $uri);

        //token is null because we're doing 2-leg
        return $sig_method->check_signature( $req, $consumer, null, $sig );
    }

    function get_consumer_secret($consumer_key){
        // Fetch the associated consumer secret from the db using the consumer key.
        $query = $this->CI->db->query("SELECT consumer_secret FROM gapi_users WHERE consumer_key = ?", array($consumer_key));
        $result = $query->row_array();

        if(!empty($result)){
            return $result['consumer_secret'];
        }
        else{
            return false;
        }
    }    
}
?>

我现在也在追求同样的目标：REST&OAuth，我想知道你的结局是什么。我正在研究OAuth2.0PHP服务器，我最终实现了问题中的代码示例所示的基本功能。到现在为止，一直都还不错。根据我分享的quora链接中的一个答案，我使用的应该是两条腿的身份验证。