Setting up an OAuth2 provider is rather easy once you know how the protocol works. It's a 2-or-3 step process (depending on your set-up and whether you're getting tokens on behalf of a user or just from the server).

一旦您了解了协议的工作原理，设置 OAuth2 提供程序就相当容易了。这是一个 2 或 3 个步骤的过程（取决于您的设置以及您是代表用户还是仅从服务器获取令牌）。

What you'll need:

你需要什么：

• Working code for an OAuth2 provider
• Patience

• OAuth2 提供程序的工作代码
• 耐心

What you'll need to figure out how to do on your code:

您需要弄清楚如何处理您的代码：

• Create a client (public and private access tokens)
• Figure out how the authorize and token endpoints are named (typically /authorizeand /token)
• Figure out how the scopes are dealt with

• 创建客户端（公共和私有访问令牌）
• 弄清楚授权和令牌端点是如何命名的（通常是/authorize和/token）
• 弄清楚如何处理范围

The first step to getting a token is to call /authorize?response_type=code&client_id=[YOUR ID]&redirect_uri=[YOUR REDIRECT URI]&scope=[YOUR SCOPE], where:

获取令牌的第一步是调用/authorize?response_type=code&client_id=[YOUR ID]&redirect_uri=[YOUR REDIRECT URI]&scope=[YOUR SCOPE]，其中：

• clientid ([YOUR ID]) is your public access token
• redirect_uri ([YOUR REDIRECT URI]) is your redirect URI. You will be redirected to this once you complete the autorize step
• scope is the scope of your future token

• clientid ([YOUR ID]) 是您的公共访问令牌
• redirect_uri ([YOUR REDIRECT URI]) 是您的重定向 URI。完成 autorize 步骤后，您将被重定向到此
• scope 是你未来代币的范围

On completion (there's usually a submit button), your browser will be redirected to the URI specified with a code in the URL (code=blah). Save this value.

完成后（通常有一个提交按钮），您的浏览器将被重定向到使用 URL 中的代码指定的 URI (code=blah)。保存此值。

When you've got this code, call the other endpoint: /token?client_id=[YOUR ID]&client_secret=[YOUR SECRET]&grant_type=authorization_code&scope=[YOUR SCOPE]&code=[YOUR CODE]&redirect_uri=[YOUR REDIRECT URI]

获得此代码后，调用另一个端点： /token?client_id=[YOUR ID]&client_secret=[YOUR SECRET]&grant_type=authorization_code&scope=[YOUR SCOPE]&code=[YOUR CODE]&redirect_uri=[YOUR REDIRECT URI]

The parameters: - client_id - again, your client public key - client_secret - your private key (this is supposed to be a server-side call) - scope - the scope for the token - MUST MATCH THE FIRST CALL - redirect_uri - the redirect URI - MUST MATCH THE FIRST CALL - code - the code you received

参数： - client_id - 同样，您的客户端公钥 - client_secret - 您的私钥（这应该是服务器端调用） - scope - 令牌的范围 - 必须匹配第一次调用 - redirect_uri - 重定向 URI - 必须匹配第一次呼叫 - 代码 - 您收到的代码

If everything went okay, you'll see a JSON object on your screen containing the token info.

如果一切顺利，您将在屏幕上看到一个包含令牌信息的 JSON 对象。

What happens in the background

后台发生了什么

Step 1 (authorize)

第一步（授权）

When you confirm the form, the server creates a temporary token (auth token as they're called), which typically has a very short life (my oauth2 sp code typically sets this to 60 seconds). This is the time your server has to go from receiving the code to triggering step 2. It is justa confirmation system, and its purpose is to also store the info provided in step 1 to prevent hiHymans.

当您确认表单时，服务器会创建一个临时令牌（称为 auth 令牌），它的生命周期通常很短（我的 oauth2 sp 代码通常将其设置为 60 秒）。这是您的服务器必须从接收代码到触发第 2 步的时间。它只是一个确认系统，其目的还在于存储在第 1 步中提供的信息以防止被劫持。

Step 2 (token)

第 2 步（代币）

This is where your access token is actually created. Lots of verifications, lots of stuff, but in the end, the token is just a value that links your client_id and your token. That's all it is.

这是您实际创建访问令牌的地方。很多验证，很多东西，但最终，令牌只是一个链接你的 client_id 和你的令牌的值。这就是全部。

Shameless plug: if you're using the Laravel framework, I've built exactly this from scratch (rather than using the crappy, undocumented sample code): http://bundles.laravel.com/bundle/oauth2-sp

无耻的插件：如果你使用 Laravel 框架，我已经完全从头开始构建（而不是使用蹩脚的、未记录的示例代码）：http: //bundles.laravel.com/bundle/oauth2-sp

PHP has a PECL client: http://www.php.net/manual/en/book.oauth.php

PHP 有一个 PECL 客户端：http: //www.php.net/manual/en/book.oauth.php

Nice intro on oauth2: http://www.slideshare.net/aaronpk/an-introduction-to-oauth-2

oauth2 的精彩介绍：http://www.slideshare.net/aaronpk/an-introduction-to-oauth-2

This site oauth2.net/2/list out 3 oauth server in different stages of development.

该站点oauth2.net/2/列出了 3 个处于不同开发阶段的 oauth 服务器。

Big providers (Facebook, Google, Yahoo, Twitter, etc) implements their own flavour of Oauth, and moreover Oauth 2.0 is still in draft revision, each provider follows a different revision

大供应商（Facebook、谷歌、雅虎、推特等）实现了他们自己的 Oauth 风格，而且 Oauth 2.0 仍在草案修订中，每个供应商遵循不同的修订

I'm working on some type of this PHP client which does the following:

我正在研究某种类型的这种 PHP 客户端，它执行以下操作：

• Listen on a socket
• Authentication -> Request
• Authentication Process -> Server Side Rules
• Authentication -> Response as result
• Continue Client Side demand on response gathered

• 监听套接字
• 身份验证 -> 请求
• 认证过程 -> 服务器端规则
• 身份验证 -> 结果响应
• 继续客户端对收集的响应的需求

Short answer is: curl + JSON

简短的回答是：curl + JSON

All authentication process requested with curl to my server-side script which takes authentication vars, then process and compare and at the end echo 'JSON Encoded'response contains multiple variables in echo returned to the client.

使用 curl 请求的所有身份验证过程到我的服务器端脚本，该脚本采用身份验证变量，然后进行处理和比较，最后 echo 'JSON Encoded'响应包含返回给客户端的 echo 中的多个变量。

After response gathered 'JSON Decode'variables as independent var and now Client Side script know whatever do for this client.

在响应收集“JSON 解码”变量作为独立变量后，现在客户端脚本知道该客户端做什么。

Then give the currently authenticated user (specified by Sessions) some tools. All work is executed in PHP Desktop, an embed mongoose web server with PHP and curl support. In fact, it's not necessary to use any lib so PHP has own complete library. Use curl, JSON and in server-side PHP, MySQL (conditional check) is enough for authentication purposes.

然后给当前经过身份验证的用户（由 Sessions 指定）一些工具。所有工作都在PHP Desktop 中执行，这是一个具有 PHP 和 curl 支持的嵌入式猫鼬 Web 服务器。事实上，没有必要使用任何库，所以 PHP 有自己的完整库。使用 curl、JSON 和服务器端 PHP、MySQL（条件检查）足以用于身份验证。

There is an error in the code for the pdo_oauth example. The secret key isn't saved to the database, so that may be why you are having an issue.

pdo_oauth 示例的代码中存在错误。密钥不会保存到数据库中，因此这可能是您遇到问题的原因。

Line 45 of pdo_oauth.php needs to be changed from:

pdo_oauth.php 的第 45 行需要改为：

 $stmt->bindParam(":pw", $pw, PDO::PARAM_STR);

to:

到：

 $stmt->bindParam(":pw", $secret, PDO::PARAM_STR);

Adam

亚当

I'm partly confused by your question. You said that "It is configured and currently returns an error JSON indicating it is waiting for a client to pass it the correct arguments", and yet you're wanting an example of something that "connects, authorizes and then redirects to the callback URL"? If you have everything up and running and waiting to accept requests, you should be able to just use a jQuery Ajax request (using the authorization header) to make a request. So long as you have the appropriate client_id and client_secret plugged in it should return whatever you have your web API set up to dump out.

我对你的问题感到部分困惑。您说“它已配置并当前返回一个错误 JSON，表明它正在等待客户端将正确的参数传递给它”，但您想要一个“连接、授权然后重定向到回调 URL 的示例” “？如果一切都已启动并正在运行并等待接受请求，那么您应该能够仅使用 jQuery Ajax 请求（使用授权标头）来发出请求。只要您插入了适当的 client_id 和 client_secret，它就应该返回您设置的 Web API 以转储的任何内容。