GET 更改为 POST 后身份验证不再有效
Authentication no longer works after GET to POST change
我使用下面的 PHP 代码成功获取了 Twitter 用户的时间线 (REST API / OAuth 1.0a)
现在我想在 Twitter 上关注一个用户。我需要将 GET 更改为 POST 请求,现在代码不再有效。
错误:
[code] => 32 [message] => Could not authenticate you.
需要更改什么才能使其正常工作?
PHP:
// ("x" = I removed the values)
$token = "x";
$token_secret = "x";
$consumer_key = "x";
$consumer_secret = "x";
$host = 'api.twitter.com';
/*
// NOT WORKING:
$method = 'POST';
$path = '/1.1/friendships/create.json'; // api call path
*/
// WORKS:
$method = 'GET';
$path = '/1.1/statuses/user_timeline.json'; // api call path
$query = array( // query parameters
'screen_name' => 'twitter',
//'count' => '2'
);
$oauth = array(
'oauth_consumer_key' => $consumer_key,
'oauth_token' => $token,
'oauth_nonce' => (string)mt_rand(), // a stronger nonce is recommended
'oauth_timestamp' => time(),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_version' => '1.0'
);
$oauth = array_map("rawurlencode", $oauth); // must be encoded before sorting
$query = array_map("rawurlencode", $query);
$arr = array_merge($oauth, $query); // combine the values THEN sort
asort($arr); // secondary sort (value)
ksort($arr); // primary sort (key)
// http_build_query automatically encodes, but our parameters
// are already encoded, and must be by this point, so we undo
// the encoding step
$querystring = urldecode(http_build_query($arr, '', '&'));
$url = "https://$host$path";
// mash everything together for the text to hash
$base_string = $method."&".rawurlencode($url)."&".rawurlencode($querystring);
// same with the key
$key = rawurlencode($consumer_secret)."&".rawurlencode($token_secret);
// generate the hash
$signature = rawurlencode(base64_encode(hash_hmac('sha1', $base_string, $key, true)));
// this time we're using a normal GET query, and we're only encoding the query params
// (without the oauth params)
$url .= "?".http_build_query($query);
$oauth['oauth_signature'] = $signature; // don't want to abandon all that work!
ksort($oauth); // probably not necessary, but twitter's demo does it
// also not necessary, but twitter's demo does this too
function add_quotes($str) { return '"'.$str.'"'; }
$oauth = array_map("add_quotes", $oauth);
// this is the full value of the Authorization line
$auth = "OAuth " . urldecode(http_build_query($oauth, '', ', '));
// if you're doing post, you need to skip the GET building above
// and instead supply query parameters to CURLOPT_POSTFIELDS
$options = array( CURLOPT_HTTPHEADER => array("Authorization: $auth"),
//CURLOPT_POSTFIELDS => $postfields,
CURLOPT_HEADER => false,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false);
// do our business
$feed = curl_init();
curl_setopt_array($feed, $options);
$json = curl_exec($feed);
curl_close($feed);
$twitter_data = json_decode($json);
print_R($twitter_data);
?>
您指定了用于签名的方法,但实际上并未提出 POST 请求。
您必须设置 curl_setopt($feed, CURLOPT_POST, true) 和 curl_setopt($feed, CURLOPT_POSTFIELDS, $query) 而不是将您的参数添加到 URL 作为查询字符串。
有关使用 CURL 的 POST 请求的更多信息,请访问 documentation page。那里是文件上传,但唯一的区别是你必须删除 @。
注意:如果 Twitter 要求数据采用 application/x-www-form-urlencoded 格式,则必须使用 http_build_query 而不是为 CURLOPT_POSTFIELDS 选项传递数组。
我使用下面的 PHP 代码成功获取了 Twitter 用户的时间线 (REST API / OAuth 1.0a) 现在我想在 Twitter 上关注一个用户。我需要将 GET 更改为 POST 请求,现在代码不再有效。 错误:
[code] => 32 [message] => Could not authenticate you.
需要更改什么才能使其正常工作?
PHP:
// ("x" = I removed the values)
$token = "x";
$token_secret = "x";
$consumer_key = "x";
$consumer_secret = "x";
$host = 'api.twitter.com';
/*
// NOT WORKING:
$method = 'POST';
$path = '/1.1/friendships/create.json'; // api call path
*/
// WORKS:
$method = 'GET';
$path = '/1.1/statuses/user_timeline.json'; // api call path
$query = array( // query parameters
'screen_name' => 'twitter',
//'count' => '2'
);
$oauth = array(
'oauth_consumer_key' => $consumer_key,
'oauth_token' => $token,
'oauth_nonce' => (string)mt_rand(), // a stronger nonce is recommended
'oauth_timestamp' => time(),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_version' => '1.0'
);
$oauth = array_map("rawurlencode", $oauth); // must be encoded before sorting
$query = array_map("rawurlencode", $query);
$arr = array_merge($oauth, $query); // combine the values THEN sort
asort($arr); // secondary sort (value)
ksort($arr); // primary sort (key)
// http_build_query automatically encodes, but our parameters
// are already encoded, and must be by this point, so we undo
// the encoding step
$querystring = urldecode(http_build_query($arr, '', '&'));
$url = "https://$host$path";
// mash everything together for the text to hash
$base_string = $method."&".rawurlencode($url)."&".rawurlencode($querystring);
// same with the key
$key = rawurlencode($consumer_secret)."&".rawurlencode($token_secret);
// generate the hash
$signature = rawurlencode(base64_encode(hash_hmac('sha1', $base_string, $key, true)));
// this time we're using a normal GET query, and we're only encoding the query params
// (without the oauth params)
$url .= "?".http_build_query($query);
$oauth['oauth_signature'] = $signature; // don't want to abandon all that work!
ksort($oauth); // probably not necessary, but twitter's demo does it
// also not necessary, but twitter's demo does this too
function add_quotes($str) { return '"'.$str.'"'; }
$oauth = array_map("add_quotes", $oauth);
// this is the full value of the Authorization line
$auth = "OAuth " . urldecode(http_build_query($oauth, '', ', '));
// if you're doing post, you need to skip the GET building above
// and instead supply query parameters to CURLOPT_POSTFIELDS
$options = array( CURLOPT_HTTPHEADER => array("Authorization: $auth"),
//CURLOPT_POSTFIELDS => $postfields,
CURLOPT_HEADER => false,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false);
// do our business
$feed = curl_init();
curl_setopt_array($feed, $options);
$json = curl_exec($feed);
curl_close($feed);
$twitter_data = json_decode($json);
print_R($twitter_data);
?>
您指定了用于签名的方法,但实际上并未提出 POST 请求。
您必须设置 curl_setopt($feed, CURLOPT_POST, true) 和 curl_setopt($feed, CURLOPT_POSTFIELDS, $query) 而不是将您的参数添加到 URL 作为查询字符串。
有关使用 CURL 的 POST 请求的更多信息,请访问 documentation page。那里是文件上传,但唯一的区别是你必须删除 @。
注意:如果 Twitter 要求数据采用 application/x-www-form-urlencoded 格式,则必须使用 http_build_query 而不是为 CURLOPT_POSTFIELDS 选项传递数组。