search

tumblr / tumblr.php

Tumblr API v2 PHP Client
Apache License 2.0
407 stars 115 forks source link

Access Token Persistence #33

Closed intelligence closed 10 years ago

intelligence commented 10 years ago

So I've managed to get things up and running, finally. But now I'm wondering about persistence. What would be the ideal solution of storing the given access token for later use? I don't want the visitors to have to go through the entire flow with authorization upon every interaction.

I thought the idea was that if the user already has authorized and gotten a access token, it would redirect directly through the callback, skipping the tumblr authorization screen.

How is the flow supposed to work? Been googling like crazy.

connect.php

session_start();

require_once('../vendor/autoload.php');

// some variables that will be pretttty useful
$consumerKey = 'xxx';
$consumerSecret = 'xxx';
$client = new Tumblr\API\Client($consumerKey, $consumerSecret);
$requestHandler = $client->getRequestHandler();
$requestHandler->setBaseUrl('https://www.tumblr.com/');

// start the old gal up
$resp = $requestHandler->request('POST', 'oauth/request_token', array());

// get the oauth_token
$out = $result = $resp->body;
$data = array();
parse_str($out, $data);

$_SESSION['request_token'] = $data['oauth_token'];
$_SESSION['request_token_secret'] = $data['oauth_token_secret'];

if($data['oauth_callback_confirmed']) {
    // redirect
    $url = 'https://www.tumblr.com/oauth/authorize?oauth_token=' . $data['oauth_token'];
    header('Location: '.$url);
} else {
    echo 'Could not connect to Tumblr. Refresh the page or try again later.';
}
exit();

callback.php

session_start();

require_once('../vendor/autoload.php');

// some variables that will be pretttty useful
$consumerKey = 'xxx';
$consumerSecret = 'xxx';
$client = new Tumblr\API\Client($consumerKey, $consumerSecret, $_SESSION['request_token'], $_SESSION['request_token_secret']);
$requestHandler = $client->getRequestHandler();
$requestHandler->setBaseUrl('https://www.tumblr.com/');

unset($_SESSION['request_token']);
unset($_SESSION['request_token_secret']);

$link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$verifier = $_GET['oauth_verifier'];

$resp = $requestHandler->request('POST', 'oauth/access_token', array('oauth_verifier' => $verifier));
$out = $result = $resp->body;
$data = array();
parse_str($out, $data);

// and print out our new keys
$token = $data['oauth_token'];
$secret = $data['oauth_token_secret'];
echo "\ntoken: " . $token . "\nsecret: " . $secret;

// and prove we're in the money
$client = new Tumblr\API\Client($consumerKey, $consumerSecret, $token, $secret);
$info = $client->getUserInfo();
seejohnrun commented 10 years ago

I'd have to know a bit more about what you're trying to accomplish, but you should be storing the access token probably on each user record in your database.

codingjester commented 10 years ago

I'm going to close this since this seems to be an issue with the OAuth flow and storing your tokens in a database vs an actual issue with the client. Let's reopen if you still have issues.