【原创】GitHub OAuth第三方登录认证获取用户信息错误403

作者Veris 文章分类 分类:PHP 文章评论 0条评论 阅读次数 已被围观 1468

GitHub的OAuth认证流程可参考文档 OAuth documentation

access_token的获取如下:

POST https://github.com/login/oauth/access_token 

Parameters

Name Type Description
client_id string Required. The client ID you received from GitHub for your GitHub App.
client_secret string Required. The client secret you received from GitHub for your GitHub App.
code string Required. The code you received as a response to Step 1.
redirect_uri string The URL in your application where users are sent after authorization.
state string The unguessable random string you provided in Step 1.

Response

By default, the response takes the following form:

access_token=e72e16c7e42f292c6912e7710c838347ae178b4a&token_type=bearer

You can also receive the content in different formats depending on the Accept header:

Accept: application/json
{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a", "scope":"repo,gist", "token_type":"bearer"}

Accept: application/xml
<OAuth>
  <token_type>bearer</token_type>
  <scope>repo,gist</scope>
  <access_token>e72e16c7e42f292c6912e7710c838347ae178b4a</access_token>
</OAuth>
你可以修改Accept参数使接收数据为JSON格式,当我们获取到access_token后重头戏来了。


Use the access token to access the API

The access token allows you to make requests to the API on a behalf of a user.

GET https://api.github.com/user?access_token=...

You can pass the token in the query params as shown above, but a cleaner approach is to include it in the Authorization header.

Authorization: token OAUTH-TOKEN

For example, in curl you can set the Authorization header like this:

curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/user
说明文档中值得注意的是可以有多种方式来获取用户信息:

1. 直接GET请求API,参数为 access_token=获取到的access_token

2. 使用Authorization头信息( Authorization: token OAUTH-TOKEN )这里的OAUTH-TOKEN就是access_token

3. 其他认证方法详见 Other Authentication Methods( 通过用户名和密码 / 通过OAuth令牌 / 验证SAML SSO )


我使用了第一种方法对API进行了请求,无奈他给我返回了错误,使用第二种方式也是如此

Request forbidden by administrative rules.
Please make sure your request has a User-Agent header (http://developer.github.com/v3/#user-agent-required).
Check https://developer.github.com for other possible causes. 

设置了我的浏览器User-Agent,显示错误403:

HTTP/1.0 403 Forbidden
Connection: close
Content-Type: text/html

Request forbidden by administrative rules.
Please make sure your request has a User-Agent header.
Check https://developer.github.com for other possible causes.

直到我看了之前他返回的User-Agent文档http://developer.github.com/v3/#user-agent-required

User Agent Required

All API requests MUST include a valid User-Agent header. Requests with no User-Agent header will be rejected. We request that you use your GitHub username, or the name of your application, for the User-Agent header value. This allows us to contact you if there are problems.

Here's an example:

User-Agent: Awesome-Octocat-App

If you provide an invalid User-Agent header, you will receive a 403 Forbidden response:

curl -iH 'User-Agent: ' https://api.github.com/meta HTTP/1.0 403 Forbidden Connection: close Content-Type: text/html Request forbidden by administrative rules. Please make sure your request has a User-Agent header. Check https://developer.github.com for other possible causes.
从文中可以看出:

所有API请求都必须包含一个有效的用户代理头。 没有用户代理头的请求将被拒绝。 我们要求您使用您的GitHub用户名或应用程序的名称作为User-Agent头值。

后面有句话说的是如果您提供无效的User-Agent标头,您将收到403 Forbidden响应,知道问题后就好办了。

User-Agent: 你的GitHub用户名或应用程序名

最后终于获取到用户信息了,这里说个PHP cURL请求的问题:

我之前一直用如下方法去设置header头,但一直失败,最后发现是我格式写错了……

curl_setopt($ch,CURLOPT_HTTPHEADER,array(
    'User-Agent'=>'VerisFung'
));
正确的格式:
curl_setopt($ch,CURLOPT_HTTPHEADER,array(
    'User-Agent:VerisFung'
));

许多问题的解决方法可以从官方文档中获知,这里吐槽一下某讯的文档真的是该好好改进改进

=====================

转载请注明出处:

作者:Veris

最族 [ http://www.mostclan.com ]

分类:PHP
标签: oauth github

发表评论: