1. 首頁
  2. 問答
  3. OAuth2 curl請求返回「客戶端憑據無效」爲「grant_type ='密碼'」

OAuth2 curl請求返回「客戶端憑據無效」爲「grant_type ='密碼'」

2017-04-22 294 views
0

我試圖爲具有OAuth2的數據庫中註冊的憑證獲取用戶的訪問令牌。 在我的oauth_clients我有一個有效的客戶端'client_id = myclientid','client_secret = myclientsecret','grant_types = password'。 在我的oauth_users表中,我有'用戶名= Beno','password = aa888'的測試用戶。 我喜歡這個OAuth2 curl請求返回「客戶端憑據無效」爲「grant_type ='密碼'」

$ch = curl_init('http://myserver.com/token.php'); 

      curl_setopt($ch, CURLOPT_HEADER, true); 
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
      curl_setopt($ch, CURLOPT_POST, true); 

      curl_setopt($ch, CURLOPT_POSTFIELDS, array(
       'client_id'  => 'myclientid', 
       'client_secret' => 'myclientsecret', 
       'grant_type' => 'password', 
       'username'  => 'Beno', 
       'password'  => 'aa888', 
       'u_id'   => 53 
      )); 

      $auth = curl_exec($ch);

上token.php我有這個

<?php 

    if(file_exists("system/includes/autoload.php")): 
     require_once("system/includes/autoload.php"); 
    else: 
     require_once("../system/includes/autoload.php"); 
    endif; 
    require_once('oauth2-server-php/src/OAuth2/Autoloader.php'); 

    $dsn = 'mysql:dbname='.DATABASENAME.';host='.DBSERVERADDRESS.''; 

    // error reporting (this is a demo, after all!) 
    ini_set('display_errors',1);error_reporting(E_ALL); 

    // Autoloading (composer is preferred, but for this example let's just do this) 

    OAuth2\Autoloader::register(); 

    // $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost" 
    $storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => DBUSERNAME, 'password' => DBPASSWORD)); 

    // Pass a storage object or array of storage objects to the OAuth2 server class 
    $server = new OAuth2\Server($storage); 

    // Add the "Client Credentials" grant type (it is the simplest of the grant types) 
    $server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage)); 
    // Add the "Authorization Code" grant type (this is where the oauth magic happens) 
    $server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage)); 
    $server->addGrantType(new OAuth2\GrantType\RefreshToken($storage)); 

    $username = IO::post('username'); 
    $password = IO::post('password'); 
    $user_id = IO::post('u_id'); 

    if (! empty($username) && ! empty($password) & ! empty($user_id)){ 
     $users = array($username => array('user_id'=> intval($user_id) ,'password' => $password)); 
    $clients = array($client_id => array('client_secret' => $client_secret)); 

    // create a storage object 
    $storage = new OAuth2\Storage\Memory(array('user_credentials' => $users, 'client_credentials' => $clients)); 
    echo "<pre>"; 
    var_dump($storage); 
    echo "</pre>"; 
    // create the grant type 
    $grantType = new OAuth2\GrantType\UserCredentials($storage); 
    // add the grant type to your OAuth server 
    $server->addGrantType($grantType); 

    // Handle a request for an OAuth2.0 Access Token and send the response to the client 
    $response = new OAuth2\Response(); 

    $re = $server->handleTokenRequest(OAuth2\Request::createFromGlobals(),$response)->send(); 
     echo $re; 

    }else{ 
     echo "no data"; 
    }

所有數據在DB正如我上面提到的將數據發送到「http://myserver.com/token.php」。但是,當我得到響應返回我的400錯誤

{「錯誤」:「invalid_client」,「ERROR_DESCRIPTION」:「客戶端憑證無效」}

來源

2017-04-22 Anna Gabrielyan

回答

0

檢查有您的授權服務器接收客戶端證書。

您正在呈現客戶端憑證作爲表單發佈參數,但您的授權服務器可能希望將客戶端憑證嵌入到Authorization標頭(基本認證)中。仔細閱讀「RFC 6749,2.3.1. Client Password。根據規範,「授權服務器必須支持HTTP基本身份驗證方案,用於對發佈了客戶端密碼的客戶端進行身份驗證。」因此,在Authorization標頭中嵌入客戶端憑證必須適用於任何正確的授權服務器實現。

來源

2017-04-22 19:09:21

+0

我試圖將客戶端數據傳遞到存儲,但得到相同的錯誤。 $ clients = array($ client_id => array('client_secret'=> $ client_secret)); (數組('user_credentials'=> $ users,'client_credentials'=> $ clients)); $ storage = new OAuth2 \ Storage \ –

相關問題

 相關問題