2010. 3. 10.

PHP에서 OAuth 사용하기

http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
여기보면 OAuth 사용법이 상세히 나와있고,
내가 자주쓰는 PHP와 요즘 관심이 가는 JAVA 코드를 상세히 봤다.

잠시 PHP 코드를 소개하면 이렇게 되어있다.
--------------------- Source Code ------------------------

<?php

require_once("OAuth.php");
 
class OrkutSignatureMethod extends OAuthSignatureMethod_RSA_SHA1 {
protected function fetch_public_cert(&$request) {
return <<<EOD
-----BEGIN CERTIFICATE-----
MIIDHDCCAoWgAwIBAgIJAMbTCksqLiWeMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIG
A1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlh
bjAeFw0wODAxMDgxOTE1MjdaFw0wOTAxMDcxOTE1MjdaMGgxCzAJBgNVBAYTAlVT
MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML
R29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlhbjCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAseBXZ4NDhm24nX3sJRiZJhvy9eDZX12G
j4HWAMmhAcnm2iBgYpAigwhVHtOs+ZIUIdzQHvHeNd0ydc1Jg8e+C+Mlzo38OvaG
D3qwvzJ0LNn7L80c0XVrvEALdD9zrO+0XSZpTK9PJrl2W59lZlJFUk3pV+jFR8NY
eB/fto7AVtECAwEAAaOBzTCByjAdBgNVHQ4EFgQUv7TZGZaI+FifzjpTVjtPHSvb
XqUwgZoGA1UdIwSBkjCBj4AUv7TZGZaI+FifzjpTVjtPHSvbXqWhbKRqMGgxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
MBIGA1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVs
cnlhboIJAMbTCksqLiWeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
CETnhlEnCJVDXoEtSSwUBLP/147sqiu9a4TNqchTHJObwTwDPUMaU6XIs2OTMmFu
GeIYpkHXzTa9Q6IKlc7Bt2xkSeY3siRWCxvZekMxPvv7YTcnaVlZzHrVfAzqNsTG
P3J//C0j+8JWg6G+zuo5k7pNRKDY76GxxHPYamdLfwk=
-----END CERTIFICATE-----
EOD;
}
}
 
//Build a request object from the current request
$request = OAuthRequest::from_request(null, null, array_merge($_GET, $_POST));
 
//Initialize the new signature method
$signature_method = new OrkutSignatureMethod();
 
//Check the request signature
@$signature_valid = $signature_method->check_signature($request, null, null, $_GET["oauth_signature"]);
 
//Build the output object
$payload = array();
if ($signature_valid == true) {
$payload["validated"] = "Success! The data was validated";
} else {
$payload["validated"] = "This request was spoofed";
}
 
//Add extra parameters to help debugging
$payload["query"] = array_merge($_GET, $_POST);
$payload["rawpost"] = file_get_contents("php://input");
 
//Return the response as JSON
print(json_encode($payload));

--------------------- Source Code ------------------------

너무도 당연한 이야기지만 $signature_vaild == true 인 경우
DB단과 작업을 진행하거나, 서버쪽 작업을 진행하면 된다.

이렇게 대놓고 소스코드에 써있는데 한참을 보고 알아버리다니....
역시 제 프로그래밍 기초에 대한 회의감마저 드네요;;

댓글 없음:

댓글 쓰기