使用OAuth2的Basecamp API身份驗證：內部校驗和失敗錯誤

Question

我正在嘗試編寫一個CodeIgniter控制器來處理37signals的Basecamp API的OAuth2身份驗證。

問題是我試圖連接（通過cURL）到https://launchpad.37signals.com/authorization.json，在HTTP標頭中提供Auth令牌時，我一直遇到'內部校驗和失敗'錯誤。

這裏的指數和_authcode功能從我的控制器類：

<?php 

// constants: 
// BC_REQUEST_URL = 'https://launchpad.37signals.com/authorization/new' 
// BC_TOKEN_URL = 'https://launchpad.37signals.com/authorization/token' 

// ... 

public function index() { 
    // if get data is set. 
    if ($this->input->get()) { 

     // if auth code is provided via GET, switch to _authcode method. 
     if ($code = $this->input->get('code')) { 
      return $this->_authcode($code); 
     } 

     // On error, kill yourself. 
     if ($error = $this->input->get('error')) { 
      die($error); 
     } 

    } 

    // redirect to 37 signals to get an authcode 
    header("Location: ".BC_REQUEST_URL."?type=web_server&client_id=".BC_CLIENT_ID."&redirect_uri=".BC_REDIRECT_URL.""); 
} 

// handles the Authentication code that is returned by 37 Signals. 
private function _authcode($code) { 
    // set vars to POST 
    $vars = array(
     'type' => 'web_server', 
     'client_id' => BC_CLIENT_ID, 
     'redirect_uri' => BC_REDIRECT_URL, 
     'client_secret' => BC_CLIENT_SECRET, 
     'code' => $code 
    ); 

    // make a request for the access_token 
    $url = BC_TOKEN_URL; 
    $c = curl_init($url); 
    curl_setopt($c, CURLOPT_POST, true); 
    curl_setopt($c, CURLOPT_POSTFIELDS, http_build_query($vars)); 
    curl_setopt($c, CURLOPT_RETURNTRANSFER, true); 
    $response = json_decode(curl_exec($c)); 
    curl_close($c); 
    unset($c,$url); 

    // get the access vars from this request 
    $expiry_seconds = $response->expires_in; // default: 1209600 (14 days) 
    $refresh_token = $response->refresh_token; 
    $access_token = $response->access_token; 
    unset($response); 

    // make a separate request to get user info for current user. 
    $url = "https://launchpad.37signals.com/authorization.json"; 
    $c = curl_init($url); 

    curl_setopt($c, CURLOPT_HTTPHEADER, array(
     "Authorization: Bearer <$access_token>", 
     "Content-Type: application/json; charset=utf-8", 
     "User-Agent: MyApp (http://myapp.example.com)" 
    )); 
    curl_setopt($c, CURLOPT_RETURNTRANSFER, true); 
    $response = json_decode(curl_exec($c)); // reply from 37 signal auth 
    curl_close($c); 
    unset($c,$url); 

    echo "response obj = " . print_r($response,1); 
    /* prints: response obj = stdClass Object ([error] => OAuth token could not be verified. The internal checksum failed, so the token data was somehow mangled or tampered with.) */ 

    // get the user data from this request 
    // $expires_at = $response->expires_at; // the timestamp for when this request expires 
    // $identity = $response->identity; // the current user 
    // $accounts = $response->accounts; // list of accounts we can access 
    // unset($response); 

    // store the response data to the database for easy recall. 
    // $this->db->query("REPLACE INTO `sometable` SET `key1`='value', `key2`='value'); 

} 
// ... 
?> 

Answer 1

我節約與VARCHAR（255）數據庫中的身份驗證令牌時，就遇到了這個錯誤。 Basecamp的身份驗證令牌具有一些校驗和數據，可以使令牌超過255個字符。

在您的示例中，您似乎沒有將其從數據庫中拉出來，因此這可能不會影響到您，但檢查Basecamp的令牌被切斷是我首先會看到的。

（可選）在設置承載頭時，可以在$ access_token周圍刪除> <>字符。