我的 OAuth 实现遇到问题,特别是在尝试获取凭据时。我收到的错误消息是:
获取 OAuth 凭据时出错:“缺少必需参数 [code_verifier]。”
我将 Symfony 与 knpu/oauth2-client 捆绑包一起使用,以与 OAuth 2.0 提供商(例如 Twitter)集成。我使用的具体提供程序类是 \Smolblog\OAuth2\Client\Provider\Twitter。
以下是我的 Symfony 配置 (knpu_oauth2_client.yaml) 的相关部分,特别是与 Twitter 提供商相关的部分:
knpu_oauth.yaml:
```type: generic
provider_class: '\Smolblog\OAuth2\Client\Provider\Twitter'
client_id: '%env(resolve:TWITTER_CLIENT_ID)%'
client_secret: '%env(resolve:TWITTER_CLIENT_SECRET)%'
redirect_route: connect_twitter_check
redirect_params: {}
# Other relevant configurations```
public function redirectToTwitter(ClientRegistry $clientRegistry)
{
return $clientRegistry
->getClient('twitter')
->redirect(['users.read'], ['code_challenge']); // Scopes you need
}
#[Route(path: '/Connexion/twitter/check', name: 'connect_twitter_check')]
public function connectTwitter(Request $request, ClientRegistry $clientRegistry)
{}
验证方法:
{
$client = $this->clientRegistry->getClient('twitter');
//dd($client);
$accessToken = $this->fetchAccessToken($client);
// dd($client);
return new SelfValidatingPassport(
new UserBadge($accessToken->getToken(), function () use ($accessToken, $client) {
/** @var TwitterUser $twitterUser */
$twitterUser = $client->fetchUserFromToken($accessToken);
dd($twitterUser);
$email = $twitterUser->getEmail();
// dd($email);
// dd($accessToken);
// 1) have they logged in with Twitter before? Easy!
$existingUser = $this->entityManager->getRepository(User::class)->findOneBy(['twitterId' => $twitterUser->getId()]);
// dd($existingUser);
if ($existingUser) {
return $existingUser;
} else {
// 2) do we have a matching user by email?
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $email]);
// dd($user);
if (!$user) {
/** @var Particulier $user */
$user = new Particulier();
$user->setEmail($email);
$user->setPassword($this->encoder->hashPassword($user, '@user0123456'));
$user->setTypeCompte("Particulier");
$user->setTel("+221765897845");
$user->setPrenom("nom");
$user->setNom("nom");
$user->setcivility("Mr");
}
我点击授权按钮后出现此错误:
问题:
更新后我终于明白了:
#[Route(path: '/Connexion/twitter', name: 'app_twitter_start')]
public function redirectToTwitter(ClientRegistry $clientRegistry, Request $request)
{
$session = $request->getSession();
$codeVerifier = bin2hex(random_bytes(64));
// URL-encode the code verifier
$urlEncodedCodeVerifier = urlencode($codeVerifier);
// Use SHA-256 to hash the URL-encoded code verifier
$codeChallenge = rtrim(strtr(base64_encode(hash('sha256', $urlEncodedCodeVerifier, true)), '+/', '-_'), '=');
// Log or print the values for debugging
echo "Code Verifier: $codeVerifier\n";
echo "Code Challenge: $codeChallenge\n";
// Store the code verifier in the session
$session->set('oauth2verifier', $codeVerifier);
$authUrl = $clientRegistry
->getClient("twitter")
->redirect(["users.read","offline.access","tweet.read"], ["code_challenge" => $codeChallenge,"code_challenge_method" => "S256"]);
// dd($authUrl);
return $authUrl;
}
这在身份验证方法中:
$client = $this->clientRegistry->getClient('twitter');
$session = $request->getSession();
// Get the code verifier from the session
$codeVerifier = $session->get('oauth2verifier');
// echo "Code Verifier for Access Token Request: $codeVerifier\n";
$authorizationCode = $request->query->get('code');
// rtrim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '=');
// dd($authorizationCode);
// dd($codeVerifier);
$provider = $client->getOAuth2Provider();
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $authorizationCode,
'code_verifier' => $codeVerifier,
]);
return new SelfValidatingPassport(
new UserBadge($accessToken->getToken(), function () use ($accessToken, $client) {
/** @var TwitterUser $twitterUser */
$twitterUser = $client->fetchUserFromToken($accessToken);
.........}
我忘记包含默认范围offline.access和tweet.read