2010. 3. 10.

PHP에서 OAuth 사용하기

http://wiki.opensocial.org/index.php?title=Validating_Signed_Requests
여기보면 OAuth 사용법이 상세히 나와있고,
내가 자주쓰는 PHP와 요즘 관심이 가는 JAVA 코드를 상세히 봤다.

잠시 PHP 코드를 소개하면 이렇게 되어있다.
--------------------- Source Code ------------------------

<?php
   require_once("OAuth.php");
 
   class OrkutSignatureMethod extends OAuthSignatureMethod_RSA_SHA1 {
     protected function fetch_public_cert(&$request) {
       return <<<EOD
 -----BEGIN CERTIFICATE-----
 MIIDHDCCAoWgAwIBAgIJAMbTCksqLiWeMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
 BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIG
 A1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlh
 bjAeFw0wODAxMDgxOTE1MjdaFw0wOTAxMDcxOTE1MjdaMGgxCzAJBgNVBAYTAlVT
 MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML
 R29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlhbjCBnzAN
 BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAseBXZ4NDhm24nX3sJRiZJhvy9eDZX12G
 j4HWAMmhAcnm2iBgYpAigwhVHtOs+ZIUIdzQHvHeNd0ydc1Jg8e+C+Mlzo38OvaG
 D3qwvzJ0LNn7L80c0XVrvEALdD9zrO+0XSZpTK9PJrl2W59lZlJFUk3pV+jFR8NY
 eB/fto7AVtECAwEAAaOBzTCByjAdBgNVHQ4EFgQUv7TZGZaI+FifzjpTVjtPHSvb
 XqUwgZoGA1UdIwSBkjCBj4AUv7TZGZaI+FifzjpTVjtPHSvbXqWhbKRqMGgxCzAJ
 BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
 MBIGA1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVs
 cnlhboIJAMbTCksqLiWeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
 CETnhlEnCJVDXoEtSSwUBLP/147sqiu9a4TNqchTHJObwTwDPUMaU6XIs2OTMmFu
 GeIYpkHXzTa9Q6IKlc7Bt2xkSeY3siRWCxvZekMxPvv7YTcnaVlZzHrVfAzqNsTG
 P3J//C0j+8JWg6G+zuo5k7pNRKDY76GxxHPYamdLfwk=
 -----END CERTIFICATE-----
 EOD;
     }
   }
 
   //Build a request object from the current request
   $request = OAuthRequest::from_request(null, null, array_merge($_GET, $_POST));
 
   //Initialize the new signature method
   $signature_method = new OrkutSignatureMethod();
 
   //Check the request signature
   @$signature_valid = $signature_method->check_signature($request, null, null, $_GET["oauth_signature"]);
 
   //Build the output object
   $payload = array();
   if ($signature_valid == true) {
     $payload["validated"] = "Success! The data was validated";
   } else {
     $payload["validated"] = "This request was spoofed";
   }
 
   //Add extra parameters to help debugging
   $payload["query"] = array_merge($_GET, $_POST);
   $payload["rawpost"] = file_get_contents("php://input");
 
   //Return the response as JSON
   print(json_encode($payload));

--------------------- Source Code ------------------------

너무도 당연한 이야기지만 $signature_vaild == true 인 경우
DB단과 작업을 진행하거나, 서버쪽 작업을 진행하면 된다.

이렇게 대놓고 소스코드에 써있는데 한참을 보고 알아버리다니....
역시 제 프로그래밍 기초에 대한 회의감마저 드네요;;
작성자: 시간:
라벨: , , ,

댓글 없음:

댓글 쓰기

피드 구독하기: 댓글 (Atom)