在潜望镜API Twitter的登录POST请求

本文介绍了在潜望镜API Twitter的登录POST请求的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我想使用潜望镜API（ github/在我的应用gabrielg / periscope_a​​pi / BLOB /主/ API.md ）。正如API链接，我想发送POST请求 https：//开头api.periscope.tv/api/v2/loginTwitter?build=v1.0.2 与请求正文如下

I am trying to use Periscope API (github/gabrielg/periscope_api/blob/master/API.md) in my application. As in the API link I am trying to send POST request to api.periscope.tv/api/v2/loginTwitter?build=v1.0.2 with request body as following

{ "bundle_id": "com.bountylabs.periscope", "phone_number": "", "session_key": "<twitter_user_oauth_key>", "session_secret": "<twitter_user_oauth_secret>", "user_id": "<twitter_user_id>", "user_name": "<twitter_user_name>", "vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4" }

我已经在 apps.twitter/ 但我不知道的twitter_user_oauth_key和twitter_user_oauth_secret使用什么。你能帮忙吗？

I already have an application in apps.twitter/ but I don't know what to use as twitter_user_oauth_key and twitter_user_oauth_secret. Can you help?

推荐答案

我必须说 https：//开头github上。 COM / gabrielg / periscope_a​​pi / 实施是一个有点复杂。作者采用2套钥匙（IOS_ *和* PERISCOPE_）当你真正需要的只有一个访问API。我没试过播出，但在我的PHP库中的所有其他功能，无需麻烦的工作，只有他叫PERISCOPE_ *组键。

I must say github/gabrielg/periscope_api/ implementation is a bit complicated. Author using 2 sets of keys (IOS_* and PERISCOPE_*) when you actually need only one to access API. I didn't tried to broadcast but in my PHP library all other functions works without troubles with only what he call PERISCOPE_* set of keys.

您将获得访问它的潜望镜申请后获得 session_secret 和 session_key可以从Twitter。

You will get session_secret and session_key from Twitter after getting access to it as Periscope application.

所以，通过Twitter的过程潜望镜的登录看起来像

So Periscope's login via Twitter process looks like

api.twitter/oauth/request_token

重定向用户 api.twitter/oauth/authorize ？组oauth_token = [组oauth_token]

等待用户登录并获得组oauth_token 和 oauth_verifier 从重定向URL

获取组oauth_token ， oauth_token_secret ， USER_ID 和 USER_NAME 来的https：/ /api.twitter/oauth/access_token?oauth_verifier=[oauth_verifier]

发送请求 api.periscope.tv/api/v2/ loginTwitter

Request OAuth token via api.twitter/oauth/request_token

Redirect user to api.twitter/oauth/authorize?oauth_token=[oauth_token]

Wait for user login and get oauth_token and oauth_verifier from redirect url

Get oauth_token, oauth_token_secret, user_id and user_name via request to api.twitter/oauth/access_token?oauth_verifier=[oauth_verifier]

Send request to api.periscope.tv/api/v2/loginTwitter { "bundle_id": "com.bountylabs.periscope", "phone_number": "", "session_key": "oauth_token", "session_secret": "oauth_token_secret", "user_id": "user_id", "user_name": "user_name", "vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4" }

保存从去年的响应饼干值，并将其添加到所有JSON API调用为某种身份验证令牌的。

Save cookie value from last response and add it to all JSON API calls as some kind of authentication token.

在1和4的步骤要求应适当授权头签字要求潜望镜应用程序的 CONSUMER_KEY 和 CONSUMER_SECRET 。而 CONSUMER_KEY 可在第一步右嗅（如果你能绕过证书钉扎） CONSUMER_SECRET 永远不会离开你的设备你不能用简单的流量拦截得到它。

Requests in 1 and 4 steps should be signed with proper Authorization header which requires Periscope application's consumer_key and consumer_secret. While consumer_key can be sniffed right in first step (if you are able to bypass certificate pinning) consumer_secret never leaves your device and you can't get it with simple traffic interception.

有是登录过程中的PHP例子 gist.github/bearburger/b4d1a058c4f85b75fa83

There is PHP example of login process gist.github/bearburger/b4d1a058c4f85b75fa83