oauth-provider

问题 I try to use OAuth Provider in PHP (PECL Package) behind a apache reverse-proxy the client uses POST https://api.com/resource/oauth/request-token but my oauth provider receives POST http://api.com/mywebservice/resource/oauth/request-token the signature cannot be verified so the request fails have you any idea about resolving this issue? 回答1: I had to do this once. I ended up modifying the OAuth code to pass along the actual URL the provider will receive as well the URL I need to send to from

问题 Alright I am trying to set up an OAuth Provider in PHP, but I just cannot get the hang of it. I've been referenced to this page a number of times, but I cannot wrap my head around it. Could someone help me out, step by step, or reference me to a more direct guide? Thank you very much. 回答1: http://djpate.com/2011/01/13/how-to-write-a-complete-oauth-provider-in-php5 thast a pretty good tutorial to get a clue on the provider side 回答2: Pate's is good and here is another one by Rasmus: http://toys

问题 Alright I am trying to set up an OAuth Provider in PHP, but I just cannot get the hang of it. I've been referenced to this page a number of times, but I cannot wrap my head around it. Could someone help me out, step by step, or reference me to a more direct guide? Thank you very much. 回答1: http://djpate.com/2011/01/13/how-to-write-a-complete-oauth-provider-in-php5 thast a pretty good tutorial to get a clue on the provider side 回答2: Pate's is good and here is another one by Rasmus: http://toys

问题 I have a rails 2.3.5 application with an API I wish to protect. There is no user - it is an app to app style webservice (more like an Amazon service than facebook), and so I would like to implement it using a two-legged OAuth approach. I have been trying to use the oauth-plugin server implementation as a start: http://github.com/pelle/oauth-plugin ...but it is built expecting three-legged (web redirect flow) oauth. Before I dig deeper into making changes to it to support two-legged, I wanted

问题 I'm building a web app which will have an api and an authorization service using DotNetOpenAuth. I found this example on how you can authorize using a service provider that already exists but I would like an example on how to implement a service provider that can create tokens, persist them and do evaluation. Is there any great articles or sample providers that I can download? 回答1: Update DotNetOpenAuth has moved on since this was initially posted. I strongly suggest you follow Ashish's

问题 I am implementing an OAuth Provider using DevDefined library. I wonder if there is any recommended database structure for storing consumer and token data on the server side. Any advice on this would be appreciated. 回答1: NB: The answer below is applicable mostly to OAuth 1.0 I don't really know anything about the DevDefined library. But here is a non-technical description of the database design I ended up working with in my latest project, using an SQL database. It should cover everything

问题 The OAuth 2.0 specification defines the Resource Owner Password Credentials Grant Type, which allows the resource owner password credentials (i.e. username and password) to be used directly as an authorization grant to obtain an access token. I want to allow a user to 'login via Facebook' on the client instead of providing the credentials directly. The client could then exchange the user's Facebook access token for an access token for the authorization server. Does this scheme fit into the

问题 In our API we implemented DotNetOpenAuth (v3.4.7). We frequently receive the exception "A token in the message was not recognized by the service provider", along with this stack trace: at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args) at DotNetOpenAuth.Messaging.ErrorUtilities.ThrowProtocol(String message, Object[] args) at DotNetOpenAuth.OAuth.ChannelElements.TokenHandlingBindingElement.VerifyThrowTokenTimeToLive

问题 I have a controller action that may be hit by the client with a oauth client token (no authenticated user), or may be hit by an authorized client with an access token (for a specific user). I want to set up a nice little before filter to accomodate this. I tried: oauthenticate :strategies => [:oauth10_request_token, :oauth10_access_token], :interactive => false, :only => [:wonky_action] If I try to hit this action with an access-token request, then it complains because it tries to remember

问题 I am using oauth2_provider for my rest_framework . I am trying to write test case for my api. I have obtained an access token. But I am not able to authenticate user using access token in APIClient I am looking to get this curl command work with APIClient . curl -H "Authorization: Bearer <your_access_token>" http://localhost:8000/api/v1/users/current/ I have tried client.get('/api/v1/users/current/', headers={'Authorization': 'Bearer {}'.format(self.access_token)}) and client.credentials(HTTP