使用 CURL 设置 Bearer 令牌的正确方法
Correct way to set Bearer token with CURL
我从 API 端点获取不记名令牌并设置以下内容:
$authorization = "Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274"
接下来我想使用 CURL 访问安全端点,但是我不确定如何或在何处设置 Bearer 令牌。
我已经试过了,但它不起作用:
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json' , $authorization ));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$result = curl_exec($ch);
curl_close($ch);
return json_decode($result);
编辑:
根据文档,我应该这样使用不记名令牌:https://apigility.org/documentation/auth/authentication-oauth2
GET /oauth/resource HTTP/1.1
Accept: application/json
Authorization: Bearer 907c762e069589c2cd2a229cdae7b8778caa9f07
替换:
$authorization = "Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274"
与:
$authorization = "Authorization: Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274";
使其成为有效且有效的授权 header。
如果您正在使用私有令牌(如 Gitlab API),您应该替换:
$authorization = "Authorization: Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274"
与:
$authorization = "PRIVATE-TOKEN 080042cad6356ad5dc0a720c18b53b8e53d4c274";
这是一个可以发送或检索数据的 cURL 函数。它应该适用于任何支持 OAuth 的 PHP 应用程序:
function jwt_request($token, $post) {
header('Content-Type: application/json'); // Specify the type of data
$ch = curl_init('https://APPURL.com/api/json.php'); // Initialise cURL
$post = json_encode($post); // Encode the data array into a JSON string
$authorization = "Authorization: Bearer ".$token; // Prepare the authorisation token
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json' , $authorization )); // Inject the token into the header
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 1); // Specify the request method as POST
curl_setopt($ch, CURLOPT_POSTFIELDS, $post); // Set the posted fields
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // This will follow any redirects
$result = curl_exec($ch); // Execute the cURL statement
curl_close($ch); // Close the cURL connection
return json_decode($result); // Return the received data
}
在 one-way 或 two-way 请求中使用它:
$token = "080042cad6356ad5dc0a720c18b53b8e53d4c274"; // Get your token from a cookie or database
$post = array('some_trigger'=>'...','some_values'=>'...'); // Array of data with a trigger
$request = jwt_request($token,$post); // Send or retrieve data
这应该有效
$token = "YOUR_BEARER_AUTH_TOKEN";
//setup the request, you can also use CURLOPT_URL
$ch = curl_init('API_URL');
// Returns the data/output as a string instead of raw data
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//Set your auth headers
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Authorization: Bearer ' . $token
));
// get stringified data/output. See CURLOPT_RETURNTRANSFER
$data = curl_exec($ch);
// get info about the request
$info = curl_getinfo($ch);
// close curl resource to free up system resources
curl_close($ch);
Guzzle 示例:
use GuzzleHttp\Client;
use GuzzleHttp\RequestOptions;
$token = 'your_token';
$httpClient = new Client();
$response = $httpClient->get(
'https://httpbin.org/bearer',
[
RequestOptions::HEADERS => [
'Accept' => 'application/json',
'Authorization' => 'Bearer ' . $token,
]
]
);
print_r($response->getBody()->getContents());
见https://github.com/andriichuk/php-curl-cookbook#bearer-auth
截至 PHP 7.3:
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BEARER);
curl_setopt($ch,CURLOPT_XOAUTH2_BEARER,$bearerToken);
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "your api goes here",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer eyJ0eciOiJSUzI1NiJ9.eyJMiIsInNjb3BlcyI6W119.K3lW1STQhMdxfAxn00E4WWFA3uN3iIA"
),
));
$response = curl_exec($curl);
$data = json_decode($response, true);
echo $data;
?>
我从 API 端点获取不记名令牌并设置以下内容:
$authorization = "Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274"
接下来我想使用 CURL 访问安全端点,但是我不确定如何或在何处设置 Bearer 令牌。
我已经试过了,但它不起作用:
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json' , $authorization ));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$result = curl_exec($ch);
curl_close($ch);
return json_decode($result);
编辑:
根据文档,我应该这样使用不记名令牌:https://apigility.org/documentation/auth/authentication-oauth2
GET /oauth/resource HTTP/1.1
Accept: application/json
Authorization: Bearer 907c762e069589c2cd2a229cdae7b8778caa9f07
替换:
$authorization = "Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274"
与:
$authorization = "Authorization: Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274";
使其成为有效且有效的授权 header。
如果您正在使用私有令牌(如 Gitlab API),您应该替换:
$authorization = "Authorization: Bearer 080042cad6356ad5dc0a720c18b53b8e53d4c274"
与:
$authorization = "PRIVATE-TOKEN 080042cad6356ad5dc0a720c18b53b8e53d4c274";
这是一个可以发送或检索数据的 cURL 函数。它应该适用于任何支持 OAuth 的 PHP 应用程序:
function jwt_request($token, $post) {
header('Content-Type: application/json'); // Specify the type of data
$ch = curl_init('https://APPURL.com/api/json.php'); // Initialise cURL
$post = json_encode($post); // Encode the data array into a JSON string
$authorization = "Authorization: Bearer ".$token; // Prepare the authorisation token
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json' , $authorization )); // Inject the token into the header
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 1); // Specify the request method as POST
curl_setopt($ch, CURLOPT_POSTFIELDS, $post); // Set the posted fields
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // This will follow any redirects
$result = curl_exec($ch); // Execute the cURL statement
curl_close($ch); // Close the cURL connection
return json_decode($result); // Return the received data
}
在 one-way 或 two-way 请求中使用它:
$token = "080042cad6356ad5dc0a720c18b53b8e53d4c274"; // Get your token from a cookie or database
$post = array('some_trigger'=>'...','some_values'=>'...'); // Array of data with a trigger
$request = jwt_request($token,$post); // Send or retrieve data
这应该有效
$token = "YOUR_BEARER_AUTH_TOKEN";
//setup the request, you can also use CURLOPT_URL
$ch = curl_init('API_URL');
// Returns the data/output as a string instead of raw data
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//Set your auth headers
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Authorization: Bearer ' . $token
));
// get stringified data/output. See CURLOPT_RETURNTRANSFER
$data = curl_exec($ch);
// get info about the request
$info = curl_getinfo($ch);
// close curl resource to free up system resources
curl_close($ch);
Guzzle 示例:
use GuzzleHttp\Client;
use GuzzleHttp\RequestOptions;
$token = 'your_token';
$httpClient = new Client();
$response = $httpClient->get(
'https://httpbin.org/bearer',
[
RequestOptions::HEADERS => [
'Accept' => 'application/json',
'Authorization' => 'Bearer ' . $token,
]
]
);
print_r($response->getBody()->getContents());
见https://github.com/andriichuk/php-curl-cookbook#bearer-auth
截至 PHP 7.3:
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BEARER);
curl_setopt($ch,CURLOPT_XOAUTH2_BEARER,$bearerToken);
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "your api goes here",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer eyJ0eciOiJSUzI1NiJ9.eyJMiIsInNjb3BlcyI6W119.K3lW1STQhMdxfAxn00E4WWFA3uN3iIA"
),
));
$response = curl_exec($curl);
$data = json_decode($response, true);
echo $data;
?>