Beruflich Dokumente
Kultur Dokumente
Steps
1. Client Credentials: making API requests for our own account
2. Authorization Code: Getting a token for another user’s account
3. Logging in via OAuth
4. OAuth with Facebook
5. OAuth in JavaScript with Google+
6. Handling Expired Tokens
7. Using Refresh Tokens
8. Tightening up Security
Credentials
OAuth Token
So what’s this token? It’s just a unique string tied to my account that gives you access to make API requests
on my behalf. It’s like a
username and password all rolled into one.
For example, if ABCD1234 is a valid token to my Facebook account, then an HTTP request that
looks like this would post to my timeline:
http://coop.apps.knpuniversity.com/api
Gallinero
Client ID Gallinero
Client Secret 1acccea927d286d4b13cf21a98ca7817
Redirect URI
Scope eggs-collect
Client Credentials
Client (application) ———————> Resource Server
(‘collect-eggs.php’) ———————> (COOP API)
<?php
include __DIR__.'/vendor/autoload.php';
use Guzzle\Http\Client;
$request = $http->post('/api/540/eggs-collect');
$request->addHeader('Authorization', 'Bearer e48a8653d70d4163ff89fdf06751a9
53cc2664ea');
$response = $request->send();
echo $response->getBody();
echo "\n\n";
Access Credentials
Every OAuth server has an API endpoint used to request access tokens. Por ejemplo la authenticación de
COOPS indica
POST /token
The endpoint used for requesting an access token, using either the authoriz
ation_code or client_credentials grant type.
http://coop.apps.knpuniversity.com/token
This accepts the following POST fields:
client_id
client_secret
grant_type Either client_credentials or authorization_code
redirect_uri (authorization_code only) Must match redirect_uri from the
original /authorize call
code (authorization_code only) The authorization code
<?php
include __DIR__.'/vendor/autoload.php';
use Guzzle\Http\Client;
Se recibe:
Fresh tokens
Ahora se puede usar el access_token en lugar de valor que estaba pegado carepalo al principio. Y en cada
llamada se refrescan:
<?php
include __DIR__.'/vendor/autoload.php';
use Guzzle\Http\Client;
$request = $http->post('/api/540/eggs-collect');
$request->addHeader('Authorization', 'Bearer ' . $accessToken);
$response = $request->send();
echo $response->getBody();
Authorization Code
Se puede tener un server de prueba así (ojo con la carpeta donde se echa a correr):
A la vez este sitio local va a correr toda una implementación, así que para que esa implementación funcione
copio composer.phar a la carpeta
yerco@yerco:~/Documents/knp_oauth/start/client$ ls -lah
total 1.2M
drwx------ 7 yerco yerco 4.0K Jan 27 00:32 .
drwx------ 7 yerco yerco 4.0K Jan 13 22:43 ..
-rw------- 1 yerco yerco 132 Jan 13 22:43 behat.yml.dist
-rw------- 1 yerco yerco 342 Jan 13 22:43 bootstrap.php
-rw------- 1 yerco yerco 518 Jan 13 22:43 composer.json
-rw------- 1 yerco yerco 66K Jan 13 22:43 composer.lock
-rwxr-xr-x 1 yerco yerco 1.1M Jan 26 00:24 composer.phar
drwx------ 2 yerco yerco 4.0K Jan 13 22:43 data
drwx------ 3 yerco yerco 4.0K Jan 13 22:43 features
-rw------- 1 yerco yerco 904 Jan 13 22:43 README.md
drwx------ 3 yerco yerco 4.0K Jan 13 22:43 src
drwx------ 3 yerco yerco 4.0K Jan 13 22:43 views
drwx------ 6 yerco yerco 4.0K Jan 13 22:43 web
sqlite
sqlite> .tables
speurders
Notes
Para compilar este documento (a pdf):