OAUTH 2.0 -访问策略-访问被拒绝CodeIgniter API

rbpvctlc  于 2023-03-10  发布在  其他
关注(0)|答案(2)|浏览(168)

我的请求在 Postman 工程完美,如果回调网址是不正确的,我得到一个特定的错误,但在这个原因,只有我得到的是一个挂机
F5网络
无法建立您的会话。
会话参考编号:电子2c 6 b34 d
访问被访问策略拒绝。这可能是由于未能满足访问策略要求。如果您是管理员,请转到“访问策略”〉〉“报告”:All Sessions(所有会话)页面,并查找上面显示的会话参考号。
这是我的控制器:
'〈?php
类Etransport扩展了MY_Controller {

public function __construct() {
    parent::__construct();
    $this->load->library('httpclient');
}

public function index() {
    
    $this->data['page_title'] = $this->lang->line('add_etransport');
        
    $this->page_construct('settings/etransport', $this->data);
    
}

public function getAnafToken() {
    $clientId = 'xxx';
    $clientSecret = 'fxxx';
    
    $oauthUrl = 'https://logincert.anaf.ro/anaf-oauthv2/v1/authorize';
    
    $redirectUrl = base_url('etransport/callback');
    $redirectUrl .= '?clientId=' . urlencode($clientId);
    $redirectUrl .= '&clientSecret=' . urlencode($clientSecret);

    redirect("$oauthUrl?client_id=$clientId&response_type=code&redirect_uri=$redirectUrl");
}

public function callback() {
    $code = $this->input->get('code');
    $clientId = 'xxx';
    $clientSecret = 'xxxx';
    $tokenEndpoint = 'https://logincert.anaf.ro/anaf-oauthv2/v1/token';
    
    $headers = array(
        'Authorization' => 'Basic ' . base64_encode("$clientId:$clientSecret"),
        'Content-type' => 'application/x-www-form-urlencoded'
    );
    
    $body = http_build_query(array(
        'grant_type' => 'authorization_code',
        'code' => $code,
        'redirect_uri' => base_url('etransport/callback')
    ));
    
    $this->load->library('httpclient');
    $response = $this->httpclient->post($tokenEndpoint, $body, $headers);
    $accessToken = json_decode($response)->access_token;
    
    $this->load->model('Settings_model');
    $this->Settings_model->save_access_token($accessToken);

    $data['access_token'] = $accessToken;
    $this->load->view('etransport', $data);
}

}`
要求:

  • 类型:OAuth 2.0 -将授权数据添加到:请求标题-授权类型:授权码-回叫URL -URL-您输入的授权码:https://logincert.anaf.ro/anaf-oauth2/v1/authorize- URL-ul输入撤销标记:https://logincert.anaf.ro/anaf-oauth2/v1/revoke-客户端ID -客户端密码-客户端身份验证:作为基本身份验证标头发送
    我试着使用CURL,但它不能重定向我,也许我用了错误的方法。我试着做一个标题并把它放在redirecturl上,但也许我试错了。
pgky5nke

pgky5nke1#

我试过另一种方法,但没有成功...

<?php

use League\OAuth2\Client\Provider\GenericProvider;

class Etransport extends MY_Controller {

    public function __construct() {
        parent::__construct();
        $this->load->library('httpclient');
    }

    public function index() {
        $this->data['page_title'] = $this->lang->line('add_etransport');
        $this->page_construct('settings/etransport', $this->data);
    }

    public function getAnafToken() {
        $clientId = 'xxxx';
        $clientSecret = 'x';
        $authorizationEndpoint = 'https://logincert.anaf.ro/anaf-oauthv2/v1/authorize';
        $tokenEndpoint = 'https://logincert.anaf.ro/anaf-oauthv2/v1/token';
        $redirectUrl = base_url('etransport/callback');

        $provider = new GenericProvider([
            'clientId'                => $clientId,
            'clientSecret'            => $clientSecret,
            'redirectUri'             => $redirectUrl,
            'urlAuthorize'            => $authorizationEndpoint,
            'urlAccessToken'          => $tokenEndpoint,
            'urlResourceOwnerDetails' => '',
        ]);

        $authorizationUrl = $provider->getAuthorizationUrl();

        redirect($authorizationUrl);
    }

    public function callback() {
        $clientId = 'xxx';
        $clientSecret = 'xxxxx';
        $tokenEndpoint = 'https://logincert.anaf.ro/anaf-oauth2/v1/token';
        $redirectUrl = base_url('etransport/callback');

        $provider = new GenericProvider([
            'clientId'                => $clientId,
            'clientSecret'            => $clientSecret,
            'redirectUri'             => $redirectUrl,
            'urlAuthorize'            => '',
            'urlAccessToken'          => $tokenEndpoint,
            'urlResourceOwnerDetails' => '',
        ]);

        if (!isset($_GET['code'])) {
            // If we don't have an authorization code, redirect the user to the authorization URL
            $authorizationUrl = $provider->getAuthorizationUrl();
            $_SESSION['oauth2state'] = $provider->getState();
            header('Location: ' . $authorizationUrl);
            exit;
        } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
            unset($_SESSION['oauth2state']);
            exit('Invalid state');
        } else {
            // If we have an authorization code, get the access token
            try {
                $accessToken = $provider->getAccessToken('authorization_code', [
                    'code' => $_GET['code']
                ]);

                $this->load->model('Settings_model');
                $this->Settings_model->save_access_token($accessToken->getToken());

                $data['access_token'] = $accessToken->getToken();
                $this->load->view('etransport', $data);
            } catch (\Exception $e) {
                exit('Failed to get access token: ' . $e->getMessage());
            }
        }
    }
}
wfveoks0

wfveoks02#

一切都很好..唯一的问题是,我的链接是:

$authorizationEndpoint = 'https://logincert.anaf.ro/anaf-oauth2/v1/authorize';
    $tokenEndpoint = 'https://logincert.anaf.ro/anaf-oauth2/v1/token';

而不是:

$authorizationEndpoint = 'https://logincert.anaf.ro/anaf-oauthv2/v1/authorize';
    $tokenEndpoint = 'https://logincert.anaf.ro/anaf-oauthv2/v1/token';

这很有趣...

相关问题