我的场景如下:我的移动应用程序向外部网站发送一个请求,请求授权接收授权码,该授权码被发送到重定向URI以交换"访问令牌".我想将此令牌存储在Firebase实时数据库中,但使用通过我的应用程序发出该请求的用户的唯一用户ID.原因是,可能有多个用户向网站发出该请求,当然我需要将他们分开,包括安全存储令牌.没有UUID,一切都会正常工作,令牌将保存到Firebase.
我现在已经开始更新我的代码.虽然使用了OAuth 2.0,但是第三方Wesbit没有设置状态管理,所以我不能只传递编码的UUID,因为服务器只返回授权码.因此,我编写了一个脚本(store Uuid.php),它接收编码的UUID,对其进行解码,并将其保存在计时Cookie中,以便同一域(auth.example.com)上的其他脚本可以访问和使用该Cookie.服务器上还有第二个脚本(redirect.php),它由对第三方网站的授权请求触发,接收授权码,并应将其交换为访问令牌.然而,在此之前,它应该访问cookie并提取UUID.但是,它总是抛出{Error:UUID Not Found in the Cookie}.
<?php
// storeUuid.php
session_start();
// Function to return JSON response
function jsonResponse($data) {
header('Content-Type: application/json');
echo json_encode($data);
}
// Function to log errors
function logError($message) {
error_log("Error: $message");
}
session_set_cookie_params([
'lifetime' => 3600,
'path' => '/',
'domain' => 'auth.example.com',
'secure' => true,
'httponly' => true,
'samesite' => 'None'
]);
// Function to store UUID in session and cookie
function storeUUID($encodedUUID) {
$decodedUUID = base64_decode($encodedUUID);
if ($decodedUUID) {
$_SESSION['userUid'] = $decodedUUID;
setcookie("decodedUUID", $decodedUUID, time()+3600, "/", "auth.example.com");
jsonResponse(["success" => "UUID stored in session and cookie.", "decodedUUID" => htmlspecialchars($decodedUUID), "sessionId" => session_id(), "cookie" => ($_COOKIE)]);
} else {
logError("No UUID provided or decoding failed.");
jsonResponse(["error" => "No UUID provided or decoding failed.", "sessionId" => session_id()]);
}
}
// Check if the request method is POST
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$data = json_decode(file_get_contents('php://input'), true);
$encodedUUID = isset($data['encodedUserUid']) ? $data['encodedUserUid'] : null;
if ($encodedUUID) {
storeUUID($encodedUUID);
} else {
logError("No encoded UUID provided in POST request.");
jsonResponse(["error" => "No encoded UUID provided in POST request.", "sessionId" => session_id()]);
}
} else {
logError("Invalid request method.");
jsonResponse(["error" => "Invalid request method.", "sessionId" => session_id()]);
}
?>
<?php
// redirect.php
session_start();
require __DIR__.'/vendor/autoload.php';
use Kreait\Firebase\Factory;
use Kreait\Firebase\Exception\FirebaseException;
$serviceAccountPath = __DIR__.'/1234ABCD.json';
$databaseUrl = 'https://fundraiser-application-example.com';
function jsonResponse($data) {
header('Content-Type: application/json');
echo json_encode($data);
}
// Function to log errors
function logError($message) {
error_log("Error: $message");
}
// Retrieve the decoded UUID from the cookie
if (isset($_COOKIE['decodedUUID'])) {
$decodedUUID = $_COOKIE['decodedUUID'];
} else {
logError("UUID not found in the cookie");
jsonResponse(["error" => "UUID not found in the cookie"]);
exit;
}
print_r($_COOKIE);
if (!isset($_SESSION['userUid'])) {
logError("User UID not found in session");
jsonResponse(["error" => "User UID not found in session"]);
exit;
}
try {
$firebase = (new Factory)
->withServiceAccount($serviceAccountPath)
->withDatabaseUri($databaseUrl)
->createDatabase();
} catch (FirebaseException $e) {
logError("Firebase Error: " . $e->getMessage());
jsonResponse(["error" => "Firebase Error: " . $e->getMessage()]);
exit;
} catch (Exception $e) {
logError("General Error: " . $e->getMessage());
jsonResponse(["error" => "General Error: " . $e->getMessage()]);
exit;
}
$clientID = 'MY_CLIENT_ID';
$clientSecret = 'MY_SECRET_Key';
$tokenURL = 'https://auth.3rdparty.com/oauth/token';
if (isset($_GET['code'])) {
$authorizationCode = $_GET['code'];
$postData = http_build_query([
'grant_type' => 'authorization_code',
'client_id' => $clientID,
'client_secret' => $clientSecret,
'code' => $authorizationCode,
'redirect_uri' => 'https://auth.example.com/redirect'
]);
$context = stream_context_create([
'http' => [
'method' => 'POST',
'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
'content' => $postData
]
]);
$response = file_get_contents($tokenURL, false, $context);
if ($response === FALSE) {
logError("Error in token request");
jsonResponse(["error" => "Error in token request"]);
exit;
}
$responseData = json_decode($response, true);
if (isset($responseData['access_token'])) {
$accessToken = $responseData['access_token'];
$userUid = $_SESSION['userUid'];
$firebase->getReference('users/' . $userUid . '/example/access_token/')->set($accessToken);
jsonResponse(["success" => "Access Token stored successfully for user", "userUid" => htmlspecialchars($userUid)]);
$_SESSION = array();
session_destroy();
} else {
logError("Access token not found in response or user UID not available in session");
jsonResponse(["error" => "Access token not found in response or user UID not available in session", "response" => $responseData]);
}
} else {
logError("Authorization code not found");
jsonResponse(["error" => "Authorization code not found"]);
}
?>
这就是那两份文件.如上所述,我从store Uuid.php获得的响应日志(log)显示,据我所知,一切都在运行:
LOG Initiating OAuth process...
LOG Encoded user UID: ABCD1234
LOG Response from storeUuid.php: Array
(
[decodedUUID] => BFM6OIHuCBe56s08cgcnmiEotff1
[PHPSESSID] => lgh2gphfbbolcimv0abkkmrere
)
{"success":"UUID stored in session and cookie.","decodedUUID":"5678DCBA","sessionId":"my_session_id","cookie":{"decodedUUID":"5678DCBA","PHPSESSID":"my_session_id"}}
LOG Authorization URL: https://auth.3rdparty.com/oauth/authorize?response_type=code&client_id=(MY_CLIENT_ID)&redirect_uri=https://auth.example.com/redirect&scope=read
LOG OAuth URL opened successfully.
但我正在测试的应用程序的设备上的浏览器抛出了这个错误,它在cookie或会话中找不到UUID.
我在redirect.php中添加了print_r($_cookie);以查看cookie内容,但没有显示任何内容.
任何建议都会非常有帮助!