问题
I currently have a SurveyMonkey developer Draft App set up and am implementing OAuth as described by their documentation. I have completed Step 1 (Direct user to SurveyMonkey’s OAuth authorization page) but once the user enters their username and password to authorize SurveyMonkey access, as specified in Step 2 of the link above, how do I gain access to the short-lived code included as a query parameter? In essence, once we have left the website I'm building, how do I gain access to URL parameters from the SurveyMonkey page that the user is viewing but my site, as far as I can tell, does not have immediate access to?
回答1:
The short-lived code is included as a query parameter at your redirect_uri. In the Settings page of your app you'll set the option with label "OAuth Redirect URL" to be a link to your server.
So let's say your site is https://www.example.com, your redirect URI may be something like https://www.example.com/surveymonkey/oauth and you would save that in the settings of your app.
So for step 1, you would send the user to:
https://api.surveymonkey.net/oauth/authorize?response_type=code&redirect_uri=https://www.example.com/surveymonkey/oauth&client_id=<your_client_id>&api_key=<your_api_key>
When the user clicks "Authorize" in the OAuth form, we will send over the short-lived code to your redirect_uri as a query parameter. So the user will be sent to:
https://www.example.com/surveymonkey/oauth?code=<short_lived_code>
Normally you wouldn't render a page (although you could and then check the code in JavaScript via window.location.search or something) but instead on the server side of your host you would grab the code from the GET parameter (depending on your language/framework) and exchange that short-lived token for a long-lived access token at https://api.surveymonkey.net/oauth/token?api_key=<your_api_key>.
A python example:
import requests
def surveymonkey_oauth(request):
code = request.GET['code']
post_body = {
"client_secret": "your_client_secret",
"redirect_uri": "https://www.example.com/surveymonkey/oauth",
"grant_type": "authorization_code",
"code": code
}
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
response = requests.post("https://api.surveymonkey.net/oauth/token?api_key=<your_api_key>", headers=headers, data=post_body)
access_token = response['access_token']
You can then store that access token and fetch it for the user whenever you want to make a request to the SurveyMonkey API for that user.
I haven't used node.js in a while but let me try a node example for you since I see you have express as a tag:
var http = require('http');
var querystring = require("querystring");
app.get('/surveymonkey/oauth', function (req, res) {
var code = req.query.code;
var post_body = querystring.stringify({
"client_secret": "your_client_secret",
"redirect_uri": "https://www.example.com/surveymonkey/oauth",
"grant_type": "authorization_code",
"code": code
});
var options = {
host: 'api.surveymonkey.net',
port: 443,
path: '/oauth/token?api_key=<your_api_key>',
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': Buffer.byteLength(post_body)
}
}
var req = http.request(options, function(res) {
res.setEncoding('utf8');
res.on('data', function (body) {
// Get access_token from body and do what you like with it
});
});
req.write(post_body);
req.end();
});
Note that if you just want to access your own account, if you scroll down near the bottom of the Settings page of your app in the Credentials section there is an access token provided for your own account already.
Also note that apps in "Draft" mode only have access to your own account either way.
来源:https://stackoverflow.com/questions/37899756/implementing-oauth-for-surveymonkey-step-2