Хорошо, поэтому мне нужно использовать заголовок PHP для перенаправления на веб-сайт с appID и перенаправлением в конце. Это то, что у меня есть до сих пор.
Я отправил электронное письмо учителю, и вот информация, которую он мне дал:
"Для первого вы направите заголовок на конечную точку OAuth (http://oauth.jseis.me/auth/token) и иметь app_id и URL-адрес перенаправления в конце URL-адреса "
//The user want to log in
if(isset($_GET["action"]) && $_GET["action"] == "login")
{
$newURL = 'http://oauth.jseis.me/auth/token'.$app_id.'/'.$redirect;
//TODO: Redirect to the token endpoint with the app_id and redirect in the URL
header('Location: '.$newURL);
}
Когда я делаю это, я должен получить токен в URL-адресе веб-сайта приводит меня к этому http://oauth.jseis.me/auth/token22e5d9ca9d4a1d84769c0291166e0caf/http: //elliotwyllie.com/index.php, который просто повторяет, почему я послал, но мой учитель сказал мне, что должен вернуть мне токен, который я могу используйте.
Для справки вот мой весь код:
<?
session_start();
/*
For this assignment the grant token endpoint is:
https://oauth.jseis.me/auth/token
and the access token endpoint is:
https://oauth.jseis.me/auth/access
*/
//TODO: Fill these in using the information from
//the user page at https://oauth.jseis.me
$app_id = "22e5d9ca9d4a1d84769c0291166e0caf";
$redirect = "http://elliotwyllie.com/index.php";
//The server has redirected back to here with a token in the URL
if(isset($_GET["token"]))
{
$token = $_GET["token"];
//TODO: Send a POST request with the token to the access_token endpoint
//Save the access token you get back as $_SESSION["access_token"]
//The response will be in JSON format so you'll need to learn about json_decode()
}
//The user want to log in
if(isset($_GET["action"]) && $_GET["action"] == "login")
{
$newURL = 'http://oauth.jseis.me/auth/token'.$app_id.'?redirect='.$redirect;
//TODO: Redirect to the token endpoint with the app_id and redirect in the URL
header('Location: '.$newURL);
}
//The user wants to log out
else if(isset($_GET["action"]) && $_GET["action"] == "logout")
{
session_destroy();
header("Location: index.php");
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>CSCI 3000 - oAuth 2.0 Example</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
<script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
<style tyle="text/css">
body,html
{
margin:0px;
padding:0px;
background-color:#EEE;
font-family: Arial, Helvetica, sans-serif;
font-size:12px;
}
#container
{
margin:100px auto;
width:800px;
background-color:#FFF;
border:1px solid #AAA;
padding:20px;
}
label
{
display:inline-block;
width:150px;
font-weight:bold;
}
</style>
</head>
<body>
<div id="container">
<?
if(isset($_SESSION["access_token"]))
{
?><div style='text-align:right'>
<a href="index.php?action=logout">Log Out</a>
</div><?
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, "https://oauth.jseis.me/api/userinfo");
curl_setopt($ch,CURLOPT_HTTPHEADER,array("Token: ".$_SESSION["access_token"]));
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$userinfo = curl_exec($ch);
curl_close($ch);
echo "<p>Here's what I found out about this user from the remote service:</p><p style='font-weight:bold;'>".$userinfo."</p>";
}
else
{
?>You are not currently logged in. <a href="index.php?action=login">Click here</a> to authenticate with OAuth 2.0<?
}
?>
</div>
</body>
</html>
Кто-то спросил инструкции, вот они!
Part 1 – IDP Setup
In order for the Service Provider script on your own website to be able to log in
correctly, it needs to establish a trust with my Identity Provider.
Register and log in to https://oauth.jseis.me/ and it will provide you with the information
that you need to configure your script. You’ll need to input the address of your script for
the redirect URL (Something like http://yoursite.com/A4/index.php)
You can also fill in some information here that is your “Private information” that only
authenticated websites should be able to read.
Part 2 – SP Setup
Create a folder called “A4” on your server and make a new index.php file inside it. Copy
this script and paste it into the new file. Complete each of the three areas of the script
that are marked “TODO”. If you do it correctly, then you should be able to browse to that
page and click the log in button. You’ll be directed to my website where you will be able
to log in using the same account you registered before. Next, your script will perform the
OAuth flow detailed above and you’ll be logged in on your own website.
The interesting thing here is that now you’ll see the “secret information” you put into my
website on your own website. It is being retrieved directly from the remote server using
the access token to verify who you are.
The fun part about this is that now any student in the class can also browse to your
website and log in and see their own secret information. But your website never needs
to ask them for their username or password. It simply asks mine, and believes they are
who I saw they are. Cool eh?