PHP 的 POST CURL 请求出现错误 'No authorization header passed' - envato api
Getting error 'No authorization header passed' with PHP's POST CURL request - envato api
我开始使用 Enavato API
到目前为止,我已经创建了一个应用程序,获得了 client_id 和 client_secret,然后设法从 https://api.envato.com/authorization 获得了 code access_key我正在使用下面的 php 代码来发出 POST curl 请求
$client_id = '***********';
$client_secret = '***********';
$redirect_uri = urlencode('http://localhost:3000');
if(isset($_GET["code"])) :
$apiUrl = 'https://api.envato.com/token';
$params = array(
'grant_type' => 'authorization_code',
'code' => $_GET["code"],
'redirect_uri' => $redirect_uri,
'client_id' => $client_id,
'client_secret' => $client_secret,
);
$curl = curl_init();
$f = fopen('request.txt', 'w');
curl_setopt($curl, CURLOPT_URL, $apiUrl);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_STDERR, $f);
$result = curl_exec($curl);
fclose($f);
// Check if any error occurred
if(empty($result))
{
// die(curl_errno($curl));
// die(curl_error($curl));
$info = curl_getinfo($curl);
echo '<br><br>';
echo 'Took ' . $info['total_time'] . ' seconds to send a request to ' . $info['url'];
echo '<br><br>';
var_dump($info);
echo '<br><br>';
}
var_dump($result);
// Close handle
curl_close($curl);
endif;
这是 request.txt 转储
* Hostname was found in DNS cache
* Hostname in DNS cache was stale, zapped
* Trying 107.23.230.180...
* Connected to api.envato.com (107.23.230.180) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: *.envato.com
* Server certificate: RapidSSL SHA256 CA - G3
* Server certificate: GeoTrust Global CA
> POST /token HTTP/1.1
Host: api.envato.com
Accept: */*
Content-Length: 699
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------1a95a06d7b815306
< HTTP/1.1 100 Continue
< HTTP/1.1 400 Bad Request
< Access-Control-Allow-Origin: *
< Cache-Control: no-store
< Content-Type: application/json; charset=utf-8
< Date: Sun, 17 May 2015 17:03:41 GMT
< Pragma: no-cache
* Server nginx/1.7.10 is not blacklisted
< Server: nginx/1.7.10
< set-cookie: connect.sid=s%3ARC9gGye-Txp4KLp67M9ESspXijYoUc8i.pT3jYHvu1WyOsSjwsuQzEsy5hLQlc2QpmHkZRm05pXo; Path=/; HttpOnly
< X-Frame-Options: Deny
< X-Powered-By: Express
< Content-Length: 80
< Connection: keep-alive
* HTTP error before end of send, stop sending
<
* Closing connection 0
最后是错误(在 JSON 中得到)
string(80) "{"error":"invalid_request","error_description":"No authorization header passed"}"
令人惊讶的是,每件事都与 Postman 一起工作,我得到 "refresh_token" 和 "access_token" 成功状态代码 200。
我知道我遗漏了一些东西但找不到什么?
您正在使用 curl_setopt($curl, CURLOPT_POSTFIELDS, $params);,其中 $params 是一个数组。这会导致内容类型和格式为 multipart/form-data 的 HTTP POST 消息。但是规范说内容类型应该是application/x-www-form-urlencoded。您可以使用以下方法实现此目的:
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($params));
您也不需要 urlencode redirect_uri 参数,因为 http_build_query 会为您完成。
最后,不要关闭 SSL 验证(CURLOPT_SSL_VERIFYHOST、CURLOPT_SSL_VERIFYPEER),因为它会使您的系统不安全。
我开始使用 Enavato API
到目前为止,我已经创建了一个应用程序,获得了 client_id 和 client_secret,然后设法从 https://api.envato.com/authorization 获得了 code access_key我正在使用下面的 php 代码来发出 POST curl 请求
$client_id = '***********';
$client_secret = '***********';
$redirect_uri = urlencode('http://localhost:3000');
if(isset($_GET["code"])) :
$apiUrl = 'https://api.envato.com/token';
$params = array(
'grant_type' => 'authorization_code',
'code' => $_GET["code"],
'redirect_uri' => $redirect_uri,
'client_id' => $client_id,
'client_secret' => $client_secret,
);
$curl = curl_init();
$f = fopen('request.txt', 'w');
curl_setopt($curl, CURLOPT_URL, $apiUrl);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_STDERR, $f);
$result = curl_exec($curl);
fclose($f);
// Check if any error occurred
if(empty($result))
{
// die(curl_errno($curl));
// die(curl_error($curl));
$info = curl_getinfo($curl);
echo '<br><br>';
echo 'Took ' . $info['total_time'] . ' seconds to send a request to ' . $info['url'];
echo '<br><br>';
var_dump($info);
echo '<br><br>';
}
var_dump($result);
// Close handle
curl_close($curl);
endif;
这是 request.txt 转储
* Hostname was found in DNS cache
* Hostname in DNS cache was stale, zapped
* Trying 107.23.230.180...
* Connected to api.envato.com (107.23.230.180) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: *.envato.com
* Server certificate: RapidSSL SHA256 CA - G3
* Server certificate: GeoTrust Global CA
> POST /token HTTP/1.1
Host: api.envato.com
Accept: */*
Content-Length: 699
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------1a95a06d7b815306
< HTTP/1.1 100 Continue
< HTTP/1.1 400 Bad Request
< Access-Control-Allow-Origin: *
< Cache-Control: no-store
< Content-Type: application/json; charset=utf-8
< Date: Sun, 17 May 2015 17:03:41 GMT
< Pragma: no-cache
* Server nginx/1.7.10 is not blacklisted
< Server: nginx/1.7.10
< set-cookie: connect.sid=s%3ARC9gGye-Txp4KLp67M9ESspXijYoUc8i.pT3jYHvu1WyOsSjwsuQzEsy5hLQlc2QpmHkZRm05pXo; Path=/; HttpOnly
< X-Frame-Options: Deny
< X-Powered-By: Express
< Content-Length: 80
< Connection: keep-alive
* HTTP error before end of send, stop sending
<
* Closing connection 0
最后是错误(在 JSON 中得到)
string(80) "{"error":"invalid_request","error_description":"No authorization header passed"}"
令人惊讶的是,每件事都与 Postman 一起工作,我得到 "refresh_token" 和 "access_token" 成功状态代码 200。
我知道我遗漏了一些东西但找不到什么?
您正在使用 curl_setopt($curl, CURLOPT_POSTFIELDS, $params);,其中 $params 是一个数组。这会导致内容类型和格式为 multipart/form-data 的 HTTP POST 消息。但是规范说内容类型应该是application/x-www-form-urlencoded。您可以使用以下方法实现此目的:
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($params));
您也不需要 urlencode redirect_uri 参数,因为 http_build_query 会为您完成。
最后,不要关闭 SSL 验证(CURLOPT_SSL_VERIFYHOST、CURLOPT_SSL_VERIFYPEER),因为它会使您的系统不安全。