phpを使用してアクセストークンとAccessTokenシークレットを取得するには？

Question

<?php 

//のOauth基本構成

$oauthbaseurl = "https://sandbox.woohoo.in/"; 
$requestTokenUrl = "https://sandbox.woohoo.in/oauth/initiate?oauth_callback=oob"; 
$accessTokenUrl = "https://sandbox.woohoo.in/oauth/token"; 
$consumerkey  = "8af50260ae5444bdc34665c2b6e6daa9"; 
$consumersecret = "93c1d8f362749dd1fe0a819ae8b5de95"; 
$callbackUrl  = "https://sandbox.woohoo.in/"; 

// OAuthのライブラリファイルが

include_once "../../library/OAuthStore.php"; 
include_once "../../library/OAuthRequester.php"; 
define("WOOHOO_CONSUMER_KEY", "8af50260ae5444bdc34665c2b6e6daa9"); // 
define("WOOHOO_CONSUMER_SECRET", "93c1d8f362749dd1fe0a819ae8b5de95"); 

を含ま//定数、変数

OAuthStore

初期

define("WOOHOO_OAUTH_HOST", "https://sandbox.woohoo.in/"); 
define("WOOHOO_REQUEST_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/initiate?oauth_callback=oob"); 
define("WOOHOO_AUTHORIZE_URL", WOOHOO_OAUTH_HOST . "oauth/authorize/customerVerifier"); 
define("WOOHOO_ACCESS_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/token"); 
define('OAUTH_TMP_DIR', function_exists('sys_get_temp_dir') ? sys_get_temp_dir() : realpath($_ENV["TMP"])); 

//を定義します

$options = array(
    'consumer_key' => WOOHOO_CONSUMER_KEY, 
    'consumer_secret' => WOOHOO_CONSUMER_SECRET, 
    'server_uri' => WOOHOO_OAUTH_HOST, 
    'request_token_uri' => WOOHOO_REQUEST_TOKEN_URL, 
    'access_token_uri' => WOOHOO_ACCESS_TOKEN_URL 
); 

// Note: do not use "Session" storage in production. Prefer a database 
// storage, such as MySQL. 

OAuthStore::instance("Session", $options); 
try { 
    if (empty($_GET["oauth_token"])) { 
     $getAuthTokenParams = array(
      'scope' => 'https://sandbox.woohoo.in/', 
      'xoauth_displayname' => 'Oauth test', 
      'oauth_callback' => 'https://sandbox.woohoo.in/' 
     ); 

     // get a request token 

     $tokenResultParams = OAuthRequester::requestRequestToken(WOOHOO_CONSUMER_KEY, 0, $getAuthTokenParams); 

//

 echo "Token verrified response"; 
     echo "<pre>"; 
     print_r($woohoovery_response); 

     //exit; 

     $oauthTimestamp = time(); 
     $characters  = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; 
     $nonce   = ''; 
     for ($i = 0; $i < 32; $i++) { 
      $nonce .= $characters[mt_rand(0, strlen($characters) - 1)]; 
     } 
     $oauthSignatureMethod = "HMAC-SHA1"; 
     $oauthVersion   = "1.0"; 
     $params    = array(
      'oauth_consumer_key' => $consumerkey, 
      'oauth_signature_method' => 'HMAC-SHA1', 
      'oauth_timestamp' => $oauthTimestamp, 
      'oauth_nonce' => $nonce, 
      'oauth_verifier' => $verifier, 
      'oauth_token' => $tokenResultParams['token'], 
      'oauth_version' => '1.0' 
     ); 
     echo "<pre>"; 
     print_r($params); 

     //exit; 

     $post_string = urlencode('GET') . "&" . urlencode(WOOHOO_ACCESS_TOKEN_URL) . "?"; 
     echo "<pre>"; 
     print_r($post_string); 
     //exit; 
     foreach ($params as $key => $value) { 
      $stringPart = urlencode($key . "=" . $value . "&"); 
      $post_string .= $stringPart; 
     } 
     //exit; 
     $post_string = rtrim($post_string, '%26'); 


     $signatureKey = urlencode($consumersecret) . "&" . urlencode($tokenResultParams['token_secret']); 
     echo "<pre>"; 
     print_r($signatureKey); 
     $signature = base64_encode(hash_hmac('sha1', $post_string, $signatureKey)); 
     $signature = urlencode($signature); 

//署名

 echo "<pre>"; 
     echo " signature "; 
     print_r($signature); 
     $curl = curl_init(); 
     curl_setopt_array($curl, array(
      CURLOPT_URL => WOOHOO_ACCESS_TOKEN_URL . "?oauth_consumer_key=" . WOOHOO_CONSUMER_KEY . "&oauth_verifier=" . $verifier . "&oauth_token=" . $tokenResultParams['token'] . "&oauth_signature_method=" . $oauthSignatureMethod . "&oauth_signature=" . $signature . "&oauth_nonce=" . $nonce . "&oauth_timestamp=" . $oauthTimestamp . "&oauth_version=1.0", 
      CURLOPT_RETURNTRANSFER => true, 
      CURLOPT_ENCODING => "", 
      CURLOPT_MAXREDIRS => 10, 
      CURLOPT_TIMEOUT => 30, 
      CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, 
      CURLOPT_CUSTOMREQUEST => "GET", 
      CURLOPT_HTTPHEADER => array(
       "cache-control: no-cache" 
      ) 
     )); 
     $woohoospendresponse = curl_exec($curl); 
     $err     = curl_error($curl); 
     curl_close($curl); 

を印刷検証を印刷

 echo "Token obtain response"; 
     echo "<pre>"; 
     print_r($tokenResultParams); 




     $curl = curl_init(); 
     curl_setopt_array($curl, array(
      CURLOPT_URL => WOOHOO_AUTHORIZE_URL . "?oauth_token=" . $tokenResultParams['token'] . "&username=finnovationapisandbox@woohoo.in&password=finnovationapisandbox@1234", 
      CURLOPT_RETURNTRANSFER => true, 
      CURLOPT_ENCODING => "", 
      CURLOPT_MAXREDIRS => 10, 
      CURLOPT_TIMEOUT => 30, 
      CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, 
      CURLOPT_CUSTOMREQUEST => "GET", 
      CURLOPT_HTTPHEADER => array(
       "cache-control: no-cache" 
      ) 
     )); 
     $woohoovery_response = curl_exec($curl); 
     $err     = curl_error($curl); 
     curl_close($curl); 
     if ($err) { 
      echo "cURL Error #:" . $err; 
     } else { 
      echo $woohoovery_response; 
     } 
     $woohoovery = json_decode($woohoovery_response); 
     $verifier = $woohoovery->verifier; 

// paramsはトークン結果を印刷

//プリント最終アクセストークン及び秘密鍵 ここで署名が無効なエラーになる

 echo "<pre>"; 
     print_r($woohoospendresponse); 
     exit; 
     if ($err) { 
      echo "cURL Error #:" . $err; 
     } else { 
      echo $woohoospendresponse; 
     } 
    } 
} 
catch (OAuthException2 $e) { 
    echo "OAuthException: " . $e->getMessage(); 
    var_dump($e); 
} 
?> 

Answer 1

あなたが参照しようとしているアクセストークンの秘密とは何ですか？任意のOAuth実装では、認証コード、アクセストークン、リフレッシュトークン、ベアラトークンを取得します。 PHPコードを実行する前にCurlリクエストを確認しましたか？ Curlコマンドを呼び出し、必要な値を取得できたかどうかを確認します。

以下は、テストに使用できるいくつかのCurlリクエストです。あなたのカールが機能していることを確認してから、あなたのPHPコードを修正してください。

#To retrieve Authorization Code 
Curl -X POST -d "client_id=6731de76-14a6-49ae-97bc-6eba6914391e 
&response_type=code 
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F 
&response_mode=query 
&resource=https%3A%2F%2Fservice.contoso.com%2F 
&state=12345" 'https://login.microsoftonline.com/{tenant}/oauth2/authorize?' 


#To retrieve acess token using Authorization code 
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "code=AQABAAIAAABnfi&client_id=12456&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F" 'https://login.microsoftonline.com/common/oauth2/v2.0/token' 


#This will retrieve new access token and refresh token. This is for native client which doesn't require client_secret 
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=123456&refresh_token=dlfldfdklfdfsADS2sd&grant_type=refresh_token&client_secret=" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'