开发者

Google API 2 legged Oauth : "Token invalid - Invalid AuthSub token."

问答 作者:

I've based my code on http://gdatatips.blogspot.com/2008/11/2-legged-oauth-in-php.html.

Here's my code, I want to work with the Google Doc (Document List) API :

        $endpoint = 'https://www.google.com/accounts/OAuthGetRequestToken';
        $consumer = new OAuthConsumer(GOOGLE_API_DOCLIST_CONSUMER_KEY, GOOGLE_API_DOCLIST_CONSUMER_SECRET, NULL);

        $arrParams = array(
                    'scope' => 'https://docs.google.com/feeds/'
                    ,'xoauth_requestor_id' => GOOGLE_API_DOCLIST_USER_EMAIL
                    );
        $req = OAuthRequest::from_consumer_and_token($consumer, NULL, "GET", $endpoint, $arrParams);
        $req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, null);


        $curl = new Auth_Curl();
        $content = $curl->request($req->to_url());


        $docAPI = new GoogleAPI_DocumentList(new Auth_Curl(), $req->to_header());

开发者_StackOverflow        var_dump($req->to_header());
        echo '<br />-- Getting Collections list';

        $url = 'https://docs.google.com/feeds/default/private/full/-/folder' . '?xoauth_requestor_id=' . GOOGLE_API_DOCLIST_USER_EMAIL;
        $raw = $docAPI->getCollectionList($url);
        var_dump($raw);
        die();

I constantly get:

Token invalid - Invalid AuthSub token.

What am I doing wrong ?

Edit: Here's some "hints":

  • They seem to mix the API endpoint and the base feed. I've put the OAuthGetRequestToken for the endpoint. It seem to generate a valid response.
  • I've kept it, but I'm not sure that the xoauth_requestor_id is required.
  • The documentation tells us to use space to separate the parameters in the Authorization header. the library use comma.

Here's the corrected code:

    $endpoint = 'https://docs.google.com/feeds/default/private/full/-/folder';
    $consumer = new OAuthConsumer(GOOGLE_API_DOCLIST_CONSUMER_KEY, GOOGLE_API_DOCLIST_CONSUMER_SECRET, NULL);

    $arrParams = array(
                'xoauth_requestor_id' => GOOGLE_API_DOCLIST_USER_EMAIL
                );
    $req = OAuthRequest::from_consumer_and_token($consumer, NULL, "GET", $endpoint, $arrParams);
    $req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, null);

    $docAPI = new GoogleAPI_DocumentList(new Auth_Curl(), $req->to_header());

    var_dump($req->to_header());
    echo '<br />-- Getting Collections list';

    $url = 'https://docs.google.com/feeds/default/private/full/-/folder' . '?xoauth_requestor_id=' . GOOGLE_API_DOCLIST_USER_EMAIL;
    $raw = $docAPI->getCollectionList($url);
    var_dump($raw);
    die();
  • The API and EndPoint were not mixed. On OAuth v1.0, you don't ask the server to generate a token to be used in the authorization header, the authorization header is generated 100% locally. ( I think the URL is used at some point to render the authorization header )
  • As you don't generate an access_token, you don't need to define a scope.
  • Make sure you have a business account
    • Only business account allow you to activate 2 legged Authentication.

继续阅读:2-leggedoauthphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9