1

I have been trying to follow the steps laid out in the docs for twitter sign in here: https://dev.twitter.com/docs/auth/implementing-sign-twitter

My Code:

$oauth_consumer_secret = '***';
$access_token_secret = '***';

$oauth_consumer_key = '***';
$oauth_nonce = createNonce();
$oauth_signature_method = 'HMAC-SHA1';
$oauth_time = time();
$oauth_token = '***';
$oauth_version = '1.0';

$oauth = array(
    'oauth_callback' => '***',
    'oauth_consumer_key'=>$oauth_consumer_key,
    'oauth_nonce'=>$oauth_nonce,
    'oauth_signature_method'=>$oauth_signature_method,
    'oauth_timestamp'=>$oauth_time,
    'oauth_token'=>$oauth_token,
    'oauth_version'=>$oauth_version
);

$baseURI = 'https://api.twitter.com/1.1/oauth/request_token';
$baseString = buildBaseString($baseURI,$oauth);
$compositeKey = getCompositeKey($oauth_consumer_secret,null);
$oauth_signature = base64_encode(hash_hmac('sha1', $baseString, $compositeKey, true));
$oauth['oauth_signature'] = $oauth_signature; //add the signature to our oauth array

$header = array(buildAuthorizationHeader($oauth));
$login = loginUser($baseURI,$header);
echo $login;

function loginUser($baseURI,$header){
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $baseURI);
    curl_setopt($ch, CURLOPT_HEADER, TRUE);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
    $output = curl_exec($ch);
    curl_close($ch);
    if ($output!=''){
        return $output;
    } else {
        return 'fail';
    };
};

function buildBaseString($baseURI,$params){
    $r = array(); // temp array
    ksort($params); // sorts params alphabetically by key
    foreach($params as $key=>$value){
        $r[] = '$key='.rawurlencode($value);
    };
    return 'POST&'.rawurlencode($baseURI).'&'.rawurlencode(implode('&', $r)); // returns complete base string
};

// Create composite key
function getCompositeKey($consumerSecret,$requestToken){
    return rawurlencode($consumerSecret) . '&' . rawurlencode($requestToken);
};

function createNonce(){
    $characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
    $string = '';
    for ($i=0; $i<32; $i++) {
            $string .= $characters[rand(0, strlen($characters) - 1)];
    };
    return $string;
};

function buildAuthorizationHeader($oauth){
    $r = 'Authorization: OAuth '; //header prefix
    $values = array(); //temporary key=value array
    foreach($oauth as $key=>$value)
    $values[] = "$key=\"" . rawurlencode($value) . "\""; //encode key=value string
    $r .= implode(', ', $values); //reassemble
    return $r; //return full authorization header
};

The Problem I am having is that I am getting no response what so ever! So the login function just keeps returning 'fail'.

When I change curlopt_ssl_verifypeer to false I get a HTTP/1.1 401 Unauthorized error.

Any help or clues would be appreciated.

4

1 回答 1

1

SSL 和 OAuth 问题很可能是分开的。

至于 SSL,您的证书授权 (CA) 包很可能已过期。您可以告诉 curl 不验证对等 CURLOPT_SSL_VERIFYPEER = 0 或更新 CA 包。您可以在此处下载当前的 CA 捆绑包。大多数人(包括我自己)只是关闭 VERIFYPEER。尽管不鼓励这种做法,但它是一种常见的解决方案。

生成请求令牌时,您的 oauth 参数中不需要 oauth_token。您正在请求一个请求令牌,但您还没有。不确定这是否重要,但仅用作','分隔符,而不是', '$r .= implode(', ', $values); //reassemble

我查看了您的其余实现,它看起来正确。写了我自己的,我可以理解这里的困难。

于 2013-07-12T15:17:45.577 回答