問(wèn)題描述

我正在使用 Twitter 將用戶登錄到一個(gè)網(wǎng)站，在我嘗試獲取有效的訪問(wèn)令牌之前，該網(wǎng)站似乎一直在工作.

require("twitteroauth.php");需要'twconfig.php';session_start();$twitteroauth = new TwitterOAuth(YOUR_CONSUMER_KEY, YOUR_CONSUMER_SECRET);$request_token = $twitteroauth->getRequestToken('http://****/tw_response.php');$oauth_token = $request_token['oauth_token'];$_SESSION['oauth_token'] = $oauth_token;$oauth_token_secret = $request_token['oauth_token_secret'];$_SESSION['oauth_token_secret'] = $oauth_token_secret;如果($twitteroauth->http_code == 200){url = $twitteroauth->getAuthorizeURL($request_token['oauth_token']);header('位置:'.$url);} 別的 {die('發(fā)生了一些錯(cuò)誤.');}

這似乎工作正常，將我重定向到 Twitter 以登錄并確認(rèn)訪問(wèn)，然后它返回到 tw_response.php(我的回調(diào) URL)，在 URL 中包含以下變量:

http://example.com/login.php?oauth_token=sO3X...yj0k&oauth_verifier=Ip6T...gALQ

在 tw_response.php 中，我嘗試獲取訪問(wèn)令牌，但它報(bào)告為無(wú)效.我嘗試使用 var_dump 查看訪問(wèn)令牌的內(nèi)容如下:

require("twitteroauth.php");需要'twconfig.php';session_start();$oauth_verifier = $_REQUEST['oauth_verifier'];$oauth_token = $_SESSION['oauth_token'];$oauth_token_secret = $_SESSION['oauth_token_secret'];$twitteroauth = new TwitterOAuth(YOUR_CONSUMER_KEY, YOUR_CONSUMER_SECRET, $oauth_token, $oauth_token_secret);$access_token = $twitteroauth->getAccessToken($data['oauth_verifier']);var_dump($access_token);

var_dump 的結(jié)果以無(wú)效/過(guò)期令牌"結(jié)尾:

array(8) {[oauth_url"] =>string(104) ""1.0" encoding="UTF-8"?>/oauth/access_token?oauth_consumer_key=ceE...9Dg"[oauth_nonce"]=>字符串(32)c52...d07"[oauth_signature"]=>字符串(28)ry7...Fcc="[oauth_signature_method"]=>字符串(9)HMAC-SHA1"[oauth_timestamp"]=>字符串(10)1359031586"[oauth_token"]=>字符串(40)sO3...j0k"[oauth_verifier"]=>字符串(43)IP6...ALQ"[oauth_version"]=>string(63) "1.0 無(wú)效/過(guò)期令牌 "}

$access_token = $twitteroauth->getAccessToken($data['oauth_verifier']);var_dump($access_token);

$data 神奇地來(lái)自哪里?您有變量 $oauth_verifier，但請(qǐng)記住，如果這是您注冊(cè)的回調(diào) URL，則您不需要它.

由于您在 getAccessToken 中使用了無(wú)效變量，它將返回?zé)o效值.

正確使用 TwitterOAuth 的方法:

if (!isset($_GET["oauth_token"])) {//在某處的配置文件中設(shè)置這些值.$twitter = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);//附加一個(gè) ?.如果您指定某些內(nèi)容，這就是您的回調(diào) URL.$credentials = $twitter->getRequestToken("http://example.com/test.php?");//嘗試讓 URL 更優(yōu)雅一些...這是一個(gè)最小的例子$url = $twitter->getAuthorizeUrl($credentials);回聲 $url;//這些是必須用于獲取新令牌的臨時(shí)令牌，//永久訪問(wèn)令牌.以某種方式存儲(chǔ)這些，//session 是一個(gè)不錯(cuò)的選擇.$_SESSION["token"] = $credentials["oauth_token"];$_SESSION["secret"] = $credentials["oauth_token_secret"];} 別的 {//在這里使用用戶之前存儲(chǔ)的臨時(shí)憑證$twitter = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET,$_SESSION["token"], $_SESSION["secret"]);//已經(jīng)使用了 oauth_token(來(lái)自請(qǐng)求).//您將這些憑據(jù)存儲(chǔ)在您的數(shù)據(jù)庫(kù)中(見(jiàn)下文).$credentials = $twitter->getAccessToken($_GET["oauth_verifier"]);//只是憑據(jù)的打印輸出.存儲(chǔ)這些，不要顯示它們.echo "
";var_dump($credentials);//有效憑據(jù)，前提是您授予應(yīng)用訪問(wèn)權(quán)限.echo "</pre>";}
為了便于使用，我只使用單個(gè)腳本進(jìn)行回調(diào)；如果您愿意(您可能應(yīng)該這樣做)，您可以將相關(guān)部分拆分為多個(gè)腳本.
對(duì)于您的數(shù)據(jù)庫(kù)來(lái)說(shuō)，憑據(jù)還包括 Twitter 用戶的用戶名.
編輯:Twitter 現(xiàn)在為用戶 ID 分配 64 位整數(shù).如果您無(wú)法在應(yīng)用程序的每個(gè)部分都處理 64 位整數(shù)，您應(yīng)該將其存儲(chǔ)為字符串，以確保不會(huì)以損壞的用戶 ID 和沖突結(jié)束.
array(4) {[oauth_token"]=>字符串(50)7041...wYupkS"[oauth_token_secret"]=>string(42) "O9ENq...21B2fk"[user_id"]=>//用戶身份.始終相同，永不改變(將其存儲(chǔ)為 ID)字符串(9)..."[屏幕名稱"]=>//用戶名.可以換.字符串(11)..."}
因此，如果您想通過(guò) Twitter 登錄用戶，而無(wú)需明確授予他們登錄您網(wǎng)站的權(quán)限，您可以使用 $_SESSION(我使用數(shù)據(jù)庫(kù)進(jìn)行登錄，如果您想保存那個(gè)狀態(tài))在上面的腳本中，您將把它添加到 else 塊的末尾:
$_SESSION["token"] = $credentials["oauth_token"];$_SESSION["secret"] = $credentials["oauth_secret"];$_SESSION["username"] = $credentials["screen_name"];
您還可以從 GET account/verify_credentials<獲取用戶的屏幕名稱等信息/code>，如果你想給他們一個(gè)用戶頁(yè)面(如果你使用javascript，通過(guò)這里的id_str獲取他們的用戶ID):
$user_array = $twitter->get("account/verify_credentials");
I am using Twitter to log users into to a website, which seems to be working up until I attempt to obtain a valid Access Token.
require("twitteroauth.php");
require 'twconfig.php';
session_start();

$twitteroauth = new TwitterOAuth(YOUR_CONSUMER_KEY, YOUR_CONSUMER_SECRET);
$request_token = $twitteroauth->getRequestToken('http://****/tw_response.php');

$oauth_token = $request_token['oauth_token'];
$_SESSION['oauth_token'] = $oauth_token;

$oauth_token_secret = $request_token['oauth_token_secret'];
$_SESSION['oauth_token_secret'] = $oauth_token_secret;

if ($twitteroauth->http_code == 200) {
    url = $twitteroauth->getAuthorizeURL($request_token['oauth_token']);
    header('Location: '.$url);
} else {
    die('Something wrong happened.');
}
This seems to be working correctly, redirecting me to twitter to sign in and confirm access, after which it returns me to tw_response.php (my Callback url), with the following variables in the url:
http://example.com/login.php?oauth_token=sO3X...yj0k&oauth_verifier=Ip6T...gALQ 
In tw_response.php I then try to get the Access Token, but it reports as invalid.  I tried using var_dump to view the content of the access token as follows:
require("twitteroauth.php");
require 'twconfig.php';
session_start();

$oauth_verifier = $_REQUEST['oauth_verifier'];
$oauth_token = $_SESSION['oauth_token'];
$oauth_token_secret = $_SESSION['oauth_token_secret'];

$twitteroauth = new TwitterOAuth(YOUR_CONSUMER_KEY, YOUR_CONSUMER_SECRET, $oauth_token, $oauth_token_secret);

$access_token = $twitteroauth->getAccessToken($data['oauth_verifier']);
var_dump($access_token);
The result of the var_dump ends in "invalid / expired Token":
array(8) {
    ["oauth_url"] => string(104) ""1.0" encoding="UTF-8"?>/oauth/access_token?oauth_consumer_key=ceE...9Dg"
    ["oauth_nonce"]=> string(32) "c52...d07"
    ["oauth_signature"]=> string(28) "ry7...Fcc="
    ["oauth_signature_method"]=> string(9) "HMAC-SHA1"
    ["oauth_timestamp"]=> string(10) "1359031586"
    ["oauth_token"]=> string(40) "sO3...j0k"
    ["oauth_verifier"]=> string(43) "Ip6...ALQ"
    ["oauth_version"]=> string(63) "1.0 Invalid / expired Token "
}

 解決方案 
$access_token = $twitteroauth->getAccessToken($data['oauth_verifier']);
var_dump($access_token);
Where did $data magically come from? You have the variable $oauth_verifier, but keep in mind you don't need this if this is your registered callback URL.


Since you used an invalid variable inside getAccessToken, it will return an invalid value back.

The correct way to use TwitterOAuth:
if (!isset($_GET["oauth_token"])) {
    // set these values in a config file somewhere.
    $twitter = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);

    // append a ?. This is your callback URL if you specify something.
    $credentials = $twitter->getRequestToken("http://example.com/test.php?");

    // try and be a bit more elegant with the URL... This is a minimal example
    $url = $twitter->getAuthorizeUrl($credentials);
    echo $url;

    // these are temporary tokens that must be used to fetch the new,
    // permanent access tokens. store these in some way,
    // session is a decent choice.
    $_SESSION["token"] = $credentials["oauth_token"];
    $_SESSION["secret"] = $credentials["oauth_token_secret"];
} else {

    // use the user's previously stored temporary credentials here
    $twitter = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET,
                    $_SESSION["token"], $_SESSION["secret"]);

    // uses the oauth_token (from the request) already.
    // you store these credentials in your database (see below).
    $credentials = $twitter->getAccessToken($_GET["oauth_verifier"]);

    // just a printout of credentials. store these, don't display them.
    echo "<pre>";
    var_dump($credentials);
    // valid credentials, provided you give the app access to them.
    echo "</pre>";
}
I just use a single script for callbacks for ease of use; you can split the relevant sections into multiple scripts if you like (and you probably should).

Handily for your database, the credentials include the twitter user's username, too.

Edit: Twitter is now allocating 64bit integers for user IDs. You should store this as a string to ensure that you don't end up with mangled user IDs and collisions if you can't handle 64bit integers in every part of your application.
array(4) {
  ["oauth_token"]=>
  string(50) "7041...wYupkS"
  ["oauth_token_secret"]=>
  string(42) "O9ENq...21B2fk"
  ["user_id"]=> // user ID. always the same, never changes (store this as ID)
  string(9) "..."
  ["screen_name"]=> // username. can change.
  string(11) "..."
}
So, if you want to log users in through twitter, without explicitly giving them a login to your site, you could use $_SESSION (I use databases for my logins, which is recommended if you want to save that state)
In the above script you would add this to the end of the else block:
$_SESSION["token"] = $credentials["oauth_token"];
$_SESSION["secret"] = $credentials["oauth_secret"];
$_SESSION["username"] = $credentials["screen_name"];
You can also get the user's screen name and more from GET account/verify_credentials, if you want to give them a user page (if you use javascript, grab their userid through id_str here):
$user_array = $twitter->get("account/verify_credentials");


                        
這篇關(guān)于為什么我的 twitter oauth 訪問(wèn)令牌無(wú)效/過(guò)期的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！
                
【網(wǎng)站聲明】本站部分內(nèi)容來(lái)源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問(wèn)題，如果有圖片或者內(nèi)容侵犯了您的權(quán)益，請(qǐng)聯(lián)系我們刪除處理，感謝您的支持！