开发者

Twitter OAuth validation only good until I change pages?

开发者 https://www.devze.com 2023-02-10 06:00 出处:网络
I found a library online to get started with Twitter OAuth and it gets me connected, and able to pull down some data from Twitter. I save the tokens to a session (I will be putting them into a databas

I found a library online to get started with Twitter OAuth and it gets me connected, and able to pull down some data from Twitter. I save the tokens to a session (I will be putting them into a database for production, but I'm just trying to get the basics for now). The problem comes when I change to a different page and am no longer able to make API calls.

Here is my code:

(If my brackets don't exactly match here, it's because I stripped the twitter portion out to show)

session_start();
if(strtolower($_GET['via']) == 'twitter'){
    //login to twitter
    $from = strip_tags($_GET['from']);
    $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
     /* Get temporary credentials. */
    $request_token = $connection->getRequestToken($from);
    /* Save temporary credentials to session. */
    $_SESSION['oauth_token'] = $token = $request_token['oauth_token'];
    $_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
    switch ($connection->http_code) {
      case 200:
        /* Build authorize URL and redirect user to Twitter. */
        $url = $connection->getAuthorizeURL($token);
        header('Location: '开发者_运维问答 . $url);
        break;
      default:
        /* Show notification if something went wrong. */
        echo 'Could not connect to Twitter. Refresh the page or try again later.';
        }
    }elseif(!empty($_GET['oauth_verifier']) && !empty($_SESSION['oauth_token']) && !empty($_SESSION['oauth_token_secret'])){
/* If last connection failed don't display authorization link. */
$_SESSION['oauth_verifier'] = $_GET['oauth_verifier'];
$twitteroauth = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
// Let's request the access token
$access_token = $twitteroauth->getAccessToken($_SESSION['oauth_verifier']);
// Save it in a session var
$_SESSION['access_token'] = $access_token;
// Let's get the user's info
$user_info = $twitteroauth->get('account/verify_credentials');
$home_timeline = $twitteroauth->get('statuses/home_timeline', array('count' => 3));
// Print user's info
echo "<pre>";
print_r($user_info);
echo "</pre>";
echo "<pre>";
print_r($home_timeline);
echo "</pre>";
}

So after saving to a variable and authenticating, I then am able to query the API as expected. After I switch to a different page with essentially the same code as in the elseif() block, I simple recieve the following error message when I attempt to pull data:

stdClass Object
(
[request] => /1/account/verify_credentials.json?oauth_consumer_key=djtrixYaxkM4QFzhtfTg&oauth_nonce=8d27112c1ee645b4253c8f803cf428d4&oauth_signature=N6Ug5w%2BNqzo%2FY%2By7UuO0jDqWUdA%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1297720180&oauth_token=&oauth_version=1.0
[error] => Could not authenticate you.
)

Any insight on how I can get this authentication to "stick" across the session?

EDIT As pointed out below, in the URL oauth_token has no value. So I did a print_r($_SESSION) and I am seeing that $_SESSION['oauth_token'] does indeed have a value.

Array ( 
[oauth_token] => 12345
[oauth_token_secret] => 67890
[oauth_verifier] => [access_token] => Array (
    [ "1.0" encoding="UTF-8"?> /oauth/access_token?oauth_consumer_key=111111
    [amp;oauth_nonce] => 222222
    [amp;oauth_signature] => 777777= 
    [amp;oauth_signature_method] => HMAC-SHA1 
    [amp;oauth_timestamp] => 1297783851 
    [amp;oauth_token] => 12345
    [amp;oauth_version] => 1.0 Invalid / expired Token 
    )
)

This array looks like it might be malformed, but I'll freely admit I don't know what it should look like. And, as I didn't make any changes to the library - just the demo code - I'm not sure how that could have happened.


Notice that oauth_token has no value. On your other pages you are probably not initiating the session or you are not properly pulling the access token out of the session.


Try to increase OAuth oauth_timestamp by a couple of hours.

In PHP OAuth client it looks like this:

private static function generate_timestamp() {
    return time()+5*3600;
}

resources

http://www.backwardcompatible.net/149-Twitter-Timestamp-out-of-bounds-solved

0

精彩评论

暂无评论...
验证码 换一张
取 消