好的,我需要使用PHP头部重定向到一个带有appID和重定向结尾的网站。 以下是我目前的代码:
我给老师发了邮件,他给了我以下信息:
"对于第一个问题,您需要将header重定向到OAuth端点(http://oauth.jseis.me/auth/token),并在URL结尾处添加app_id和重定向URL。"
//The user want to log in
if(isset($_GET["action"]) && $_GET["action"] == "login")
{
$newURL = 'http://oauth.jseis.me/auth/token'.$app_id.'/'.$redirect;
//TODO: Redirect to the token endpoint with the app_id and redirect in the URL
header('Location: '.$newURL);
}
当我执行此操作时,我应该在URL中获取一个令牌,以便将我带到以下网站:http://oauth.jseis.me/auth/token22e5d9ca9d4a1d84769c0291166e0caf/http://elliotwyllie.com/index.php,这只是重复了我发送的内容,但我的老师告诉我它应该返回一个我可以使用的令牌。
供参考,以下是目前为止我所有的代码:
<?
session_start();
/*
For this assignment the grant token endpoint is:
https://oauth.jseis.me/auth/token
and the access token endpoint is:
https://oauth.jseis.me/auth/access
*/
//TODO: Fill these in using the information from
//the user page at https://oauth.jseis.me
$app_id = "22e5d9ca9d4a1d84769c0291166e0caf";
$redirect = "http://elliotwyllie.com/index.php";
//The server has redirected back to here with a token in the URL
if(isset($_GET["token"]))
{
$token = $_GET["token"];
//TODO: Send a POST request with the token to the access_token endpoint
//Save the access token you get back as $_SESSION["access_token"]
//The response will be in JSON format so you'll need to learn about json_decode()
}
//The user want to log in
if(isset($_GET["action"]) && $_GET["action"] == "login")
{
$newURL = 'http://oauth.jseis.me/auth/token'.$app_id.'?redirect='.$redirect;
//TODO: Redirect to the token endpoint with the app_id and redirect in the URL
header('Location: '.$newURL);
}
//The user wants to log out
else if(isset($_GET["action"]) && $_GET["action"] == "logout")
{
session_destroy();
header("Location: index.php");
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>CSCI 3000 - oAuth 2.0 Example</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
<script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
<style tyle="text/css">
body,html
{
margin:0px;
padding:0px;
background-color:#EEE;
font-family: Arial, Helvetica, sans-serif;
font-size:12px;
}
#container
{
margin:100px auto;
width:800px;
background-color:#FFF;
border:1px solid #AAA;
padding:20px;
}
label
{
display:inline-block;
width:150px;
font-weight:bold;
}
</style>
</head>
<body>
<div id="container">
<?
if(isset($_SESSION["access_token"]))
{
?><div style='text-align:right'>
<a href="index.php?action=logout">Log Out</a>
</div><?
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, "https://oauth.jseis.me/api/userinfo");
curl_setopt($ch,CURLOPT_HTTPHEADER,array("Token: ".$_SESSION["access_token"]));
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$userinfo = curl_exec($ch);
curl_close($ch);
echo "<p>Here's what I found out about this user from the remote service:</p><p style='font-weight:bold;'>".$userinfo."</p>";
}
else
{
?>You are not currently logged in. <a href="index.php?action=login">Click here</a> to authenticate with OAuth 2.0<?
}
?>
</div>
</body>
</html>
有人要求指令,所以在这里呈现出来!
Part 1 – IDP Setup
In order for the Service Provider script on your own website to be able to log in
correctly, it needs to establish a trust with my Identity Provider.
Register and log in to https://oauth.jseis.me/ and it will provide you with the information
that you need to configure your script. You’ll need to input the address of your script for
the redirect URL (Something like http://yoursite.com/A4/index.php)
You can also fill in some information here that is your “Private information” that only
authenticated websites should be able to read.
Part 2 – SP Setup
Create a folder called “A4” on your server and make a new index.php file inside it. Copy
this script and paste it into the new file. Complete each of the three areas of the script
that are marked “TODO”. If you do it correctly, then you should be able to browse to that
page and click the log in button. You’ll be directed to my website where you will be able
to log in using the same account you registered before. Next, your script will perform the
OAuth flow detailed above and you’ll be logged in on your own website.
The interesting thing here is that now you’ll see the “secret information” you put into my
website on your own website. It is being retrieved directly from the remote server using
the access token to verify who you are.
The fun part about this is that now any student in the class can also browse to your
website and log in and see their own secret information. But your website never needs
to ask them for their username or password. It simply asks mine, and believes they are
who I saw they are. Cool eh?
