Google OAuth via Zend Framework - Detect Denied Access_问答_开发者

Google OAuth via Zend Framework - Detect Denied Access

开发者 https://www.devze.com 2023-03-23 07:52 出处：网络

I\'m using Zend Framework to connect Google web services (i.e. gmail) using OAuth.The following code works okay; but it cannot detect denied access.For example, when the user hit \"deny\", I\'ll get a

I'm using Zend Framework to connect Google web services (i.e. gmail) using OAuth. The following code works okay; but it cannot detect denied access. For example, when the user hit "deny", I'll get an error saying "Could not retrieve a valid Token response from Token URL: The request token is invalid"

Here's the code:

    $THREE_LEGGED_CONSUMER_KEY = 'mydomain.com';
    $THREE_LEGGED_SIGNATURE_METHOD = 'HMAC-SHA1';
    $THREE_LEGGED_CONSUMER_SECRET_HMAC = 'mySecret';
    $THREE_LEGGED_SCOPES = array('https://mail.google.com/');

    $options = array(
                    'requestScheme' => Zend_Oauth::REQUEST_SCHEME_HEADER,
                    'version' => '1.0',
                    'consumerKey' => $THREE_LEGGED_CONSUMER_KEY,
                    'callbackUrl' => 'http://mydomain.com/oauth',
                    'requestTokenUrl' => 'https://www.google.com/accounts/OAuthGetRequestToken',
                    'userAuthorizationUrl' => 'https://www.google.com/accounts/OAuthAuthorizeToken',
                    'accessTokenUrl' => 'https://www.google.com/accounts/OAuthGetAccessToken'
                );

    $options['signatureMethod'] = 'HMAC-SHA1';
    $options['consumerSecret'] = $THREE_LEGGED_CONSUMER_SECRET_HMAC;

    $consumer = new Zend_Oauth_Consumer($options);

    $conf = new Zend_Config_Ini('../application/configs/application.ini', 'production');
    $db = Zend_Db::factory($conf->database);
    $sql = 'SELECT * FROM gmail_oaut开发者_运维百科h WHERE id=123 LIMIT 1';
    $accessToken = $db->fetchRow($sql);

    if ($accessToken['GoogleAccessToken']=='') {
        if (!isset($_SESSION['REQUEST_TOKEN'])) {
            $_SESSION['REQUEST_TOKEN'] = serialize($consumer->getRequestToken(array('scope' => implode(' ', $THREE_LEGGED_SCOPES))));
            $consumer->redirect(array('hd' => 'default'));
        }
        else {
            $accessToken = serialize($consumer->getAccessToken($_GET, unserialize($_SESSION['REQUEST_TOKEN'])));
            $data = array('GoogleAccessToken'=>$accessToken);
            $db->update('gmail_oauth',$data,'id=123');
            unset($_SESSION['REQUEST_TOKEN']);
        }
    }

    $db->closeConnection();
    return;

The line of code that throw an exception when user hit "deny" is

$accessToken = serialize($consumer->getAccessToken($_GET, unserialize($_SESSION['REQUEST_TOKEN'])));

How do I detect denied access??

Answering my own question again...

See: http://www.phpriot.com/articles/twitter-authentication-zend-oauth/5

Quote:

Next we use the Zend_Oauth_Consumer class to retrieve an access token. To do so, we use the getAccessToken() method. This method will throw an exception if a valid access token cannot be retrieved, so we wrap this entire block in a "try catch".