下面的php脚本是我们作为管理员检索客户信息的rest api-脚本正在正确地获取管理员登录和授权页面,但在授权后,它会给出错误
OAuthException对象([message:protected]=>无效的身份验证/bad请求(得到403,预期HTTP/1.1 20X或重定向)[string:Exception:private]=>[code:protected]=>403[file:protected]=>/home/xxxx/public_html/oauth_admin.php[line:protected]=>39[trace:Exception:private]=>数组([0]=>数组([file]=>/home/xxxxxx/public_html/oauth_admin.php[line]=>39[函数]=>fetch[class]=>OAuth[type]=>->[args]=>数组([0]=>http://www.xxxxx.com/api/rest/customers[1]=>数组()[2]=>获取[3] =>数组([Content Type]=>application/xml[Accept]=>/))[上一篇:异常:private]=>[lastResponse]=>{"messages":{"error":[{"code":403,"message":"Access denied"}]}}[debugInfo]=>阵列([sb]=>xxxxx[body_recv]=>{"messages":{"error":[{"code":403,"message":"Access denied"}]}})
我试过每一篇博客/帖子来尝试实现这一点,在这个阶段,毫无疑问,这是一件非常明显的事情,但我无法发现……非常感谢!
<?php
$callbackUrl = "http://www.site2.com/oauth_admin.php";
$temporaryCredentialsRequestUrl = "http://www.site1.com/oauth/initiate?oauth_callback=" . urlencode($callbackUrl);
$adminAuthorizationUrl = 'https://www.site1.com/admin/oauth_authorize';
$accessTokenRequestUrl = 'http://www.site1.com/oauth/token';
$apiUrl = 'http://www.site1.com/api/rest';
$consumerKey = 'xxxxx';
$consumerSecret = 'xxxxx';
session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
$_SESSION['state'] = 0;
}
try {
$authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION : OAUTH_AUTH_TYPE_URI;
$oauthClient = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, $authType);
$oauthClient->enableDebug();
if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
$requestToken = $oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
$_SESSION['secret'] = $requestToken['oauth_token_secret'];
$_SESSION['state'] = 1;
header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' . $requestToken['oauth_token']);
exit;
} else if ($_SESSION['state'] == 1) {
$oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
$accessToken = $oauthClient->getAccessToken($accessTokenRequestUrl);
$_SESSION['state'] = 2;
$_SESSION['token'] = $accessToken['oauth_token'];
$_SESSION['secret'] = $accessToken['oauth_token_secret'];
header('Location: ' . $callbackUrl);
exit;
} else {
$oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
$resourceUrl = "$apiUrl/customers";
//$oauthClient->fetch($resourceUrl);
$oauthClient->fetch($resourceUrl, array(), 'GET', array('Content-Type' => 'application/xml', 'Accept' => '*/*'));
$customers = json_decode($oauthClient->getLastResponse());
print_r($customers);
}
} catch (OAuthException $e) {
print_r($e);
}
还不能发表评论,但用户的角色是否正确?有同样的问题,结果是一个用户不允许访问Magento的部分内容。
这里有一个链接到Magento的文档,它解释了这一点:http://devdocs.magento.com/guides/m1x/api/rest/permission_settings/permission_settings.html
另外:转到"系统">"权限",检查用于连接到api的用户是否具有适当的权限。