认证后从 github 获取用户详细信息

Question

我有一个登录页面，该页面将用户引荐到 GitHub 进行身份验证。 验证 GitHub 成功后，将代码和状态作为 GET 参数返回到我的登录页面。 获取access_token后有没有办法获取GitHub用户邮箱、姓名、句柄？

if(get('action') == 'login') 
    {
        // Generate a random hash and store in the session for security
        $_SESSION['state'] = hash('sha256', microtime(TRUE) . rand() . $_SERVER['REMOTE_ADDR']);
        unset($_SESSION['access_token']);
        $params = array(
            'client_id' => OAUTH2_CLIENT_ID,
            'redirect_uri' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'],
            'scope' => 'user',
            'state' => $_SESSION['state']
        );
        // Redirect the user to Github's authorization page
        header('Location: ' . $authorizeURL . '?' . http_build_query($params));
        die();
    }

    // When Github redirects the user back here, there will be a "code" and "state" parameter in the query string
    if (get('code')) 
    {
        // Verify the state matches our stored state
        if (!get('state') || $_SESSION['state'] != get('state')) {
            header('Location: ' . $_SERVER['PHP_SELF']);
            die();
        }
        // Exchange the auth code for a token
      $token = apiRequest($tokenURL, array(
      'client_id' => OAUTH2_CLIENT_ID,
      'client_secret' => OAUTH2_CLIENT_SECRET,
      'redirect_uri' => 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'],
      'state' => $_SESSION['state'],
      'code' => get('code')
      ));
       echo var_dump($token) ."<br>";
      echo json_encode($token);
      $_SESSION['access_token'] = $token->access_token;
      header('Location: ' . $_SERVER['PHP_SELF']);
    }
  }


  function apiRequest($url, $post = FALSE, $headers = array())
  {
      $ch = curl_init($url);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
      if ($post)
          curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
      $headers[] = 'Accept: application/json';
      if (session('access_token'))
          $headers[] = 'Authorization: Bearer ' . session('access_token');
      curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
      $response = curl_exec($ch);
      return json_decode($response);
  }

  function get($key, $default = NULL)
  {
      return array_key_exists($key, $_GET) ? $_GET[$key] : $default;
  }

  function session($key, $default = NULL)
  {
      return array_key_exists($key, $_SESSION) ? $_SESSION[$key] : $default;
  }

Answer 1

您需要使用访问令牌调用 Github API 才能访问当前用户

因此，如果您已经拥有可用的 access_token 并且它已成功保存在 $_SESSION['access_token'] 中 - 它将自动用于 apiRequest() 方法调用完成的所有进一步请求

$user = apiRequest("https://api.github.com/user');
var_dump($user);
// $user->name  should be available in response

当我测试您的代码时 - apiRequest-Method 返回错误 (var_dump($response))

Request forbidden by administrative rules. Please make sure your request has a User-Agent header (http://developer.github.com/v3/#user-agent-required). Check https://developer.github.com for other possible causes.

只需在方法中的headers[] 数组中添加一个User-Agent（例如，在添加的Accept: Header 正下方）

$headers[] = 'User-Agent: PHP Api Call';

...您的 API-Call 将起作用 ;)

编辑：因为您在初始身份验证请求中设置了 'scope' => 'user', - 您请求访问用户数据 - 但仅此而已（如果您需要其他权限/信息，请参阅 OAuth-App-Scopes）