当我尝试执行时使用休息客户端扩展:
http://api.domain.com/app_dev.php/api/1.0/resource/get?id=1
请求标头:
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36
Authorization: Bearer %TOKEN%
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,ar;q=0.6
Cookie: __cfduid=db9759a3f1a39eb02d8daa62ef240c1031392572386844; _ga=GA1.2.972638156.1393664034; PHPSESSID=c15c8de4a1ee3a957274d4328448ff37
它返回
{"error":"access_denied","error_description":"OAuth2 authentication required"}
但是当我尝试在查询字符串中传递 access_token 时 http://api.domain.com/app_dev.php/api/1.0/resource/get?id=1&access_token=%TOKEN%
我正在使用 Symfony2、FOSRestBundle 和 NelmioCorsBundle,这就是我的 config.yml 的样子
fos_rest:
param_fetcher_listener: true
body_listener: true
format_listener: true
view:
view_response_listener: 'force'
formats:
xml: true
json : true
templating_formats:
html: true
force_redirects:
html: true
failed_validation: HTTP_BAD_REQUEST
default_engine: php
routing_loader:
default_format: json
fos_oauth_server:
db_driver: orm
client_class: MyApp\ApiBundle\Entity\Client
access_token_class: MyApp\ApiBundle\Entity\AccessToken
refresh_token_class: MyApp\ApiBundle\Entity\RefreshToken
auth_code_class: MyApp\ApiBundle\Entity\AuthCode
service:
user_provider: fos_user.user_manager
options:
# Changing tokens and authcode lifetime
access_token_lifetime: 300000000
refresh_token_lifetime: 300000000
auth_code_lifetime: 30
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: ['*']
allow_headers: ['*']
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
paths:
'^/api/':
allow_origin: ['*']
allow_headers: ['X-Custom-Auth']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
max_age: 3600
'^/':
allow_origin: ['*']
allow_headers: ['X-Custom-Auth']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
max_age: 3600
hosts: ['^api\.']