Get access token and secret using OpenID+OAuth (google)_问答_开发者

Get access token and secret using OpenID+OAuth (google)

开发者 https://www.devze.com 2023-03-08 20:10 出处：网络

I\'m using OAuth with Federated Login (Hybrid Protocol) to allow my users to login once using openID (which works great), and authenticate with the Google Data API at the same time.

I'm using OAuth with Federated Login (Hybrid Protocol) to allow my users to login once using openID (which works great), and authenticate with the Google Data API at the same time.

The Zend_GData library was giving me a headache, so on the suggestion of someone here on SO I switched to LightOpenID.

The openID part works great, and thanks to this tip I'm able to add the OAuth extension and receive a response like this:

 http://www.example.com/checkauth
 ?openid.ns=http://specs.openid.net/auth/2.0
 &openid.mode=id_res
 &openid.op_endpoint=https://www.google.com/accounts/o8/ud
 &openid.response_nonce=2009-01-17T00:11:20ZlJAgbeXUfSSSEA
 &openid.return_to=http://www.example.com/checkauth
 &openid.assoc_handle=AOQobUeYs1o3pBTDPsLFdA9AcGKlH
 &openid.signed=op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle,ns.ext2,ext2.consumer,ext2.scope,ext2.request_token
 &openid.sig=oPvRr++f6%2ul/2ah2nOTg=
 &openid.identity=https://www.google.com/accounts/o8/id/id=AItOawl27F2M92ry4jTdjiVx06tuFNA
 &openid.claimed_id=https://www.google.com/accounts/o8/id/id=AItOawl27F2M92ry4jTdjiVx06tuFNA
 &openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0
 &openid.oauth.scope=http://docs.google.com/feeds/+http://spreadsheets.google.com/feeds/+http://sandbox.gmodules.com/api/
 &openid.oauth.request_token=1/fVr0jVubFA83GjYUA

According to the documentation, openid.oauth.request_token is an authorized request token, so it seems I don't need to do the OAuthAuthorizeToken request. All is good so far, but now I need to exchange this request token for an access token and token secret.

Since I have no idea how to generate the OAuth nonce and signatures, I employ the OAuthSimple library for php. Problem is, the code required looks like this:

// Build the req开发者_开发百科uest-URL...
$result = $oauth->sign(array(
    'path' => 'https://www.google.com/accounts/OAuthGetAccessToken',
    'parameters' => array(
        'oauth_verifier' => $_GET['oauth_verifier'],
        'oauth_token' => $_GET['oauth_token']),
    'signatures' => $signatures));

It needs an oauth_verifier value, which you would receive along with the request token with a normal OAuth request. I'm not sure if it's the OAuthSimple library that errors out when trying to omit that or if it's a Google requirement, but it doesn't work.

SO, can someone spot something I'm doing wrong here?

There's nothing wrong. Actually, when you do an Hybrid process, the verifier isn't send, simply because you don't need it.

So in your code, just set verifier to NULL, and it should work just fine, as long as there's no problems somewhere else.