eBay oauth 令牌和刷新令牌
Posted
技术标签:
【中文标题】eBay oauth 令牌和刷新令牌【英文标题】:eBay oauth token and refresh tokens 【发布时间】:2017-11-20 02:13:02 【问题描述】:几天来一直在努力使用 eBay 令牌身份验证。 我发现很难理解如何获取新令牌,在注册开发人员计划帐户后,我请求了密钥集并获得了它们,之后我授予对 Auth'n'Auth 令牌的访问权限,该令牌承诺持续 18 个月,是的,该代币仅适用于交易、购物和查找 API。
但是当您需要执行 Buy、Sell 和 Commerce api 时,您必须获得 oauth 令牌。您可以使用所谓的“单用户应用”样式并从用户令牌工具登录 oauth,并获得 2 小时到期的 oauth。
稍后令牌过期,您有点失去对上述 api 的访问权限。我尝试从“交易”>“获取会话 ID”、“交易”>“获取令牌”中获取令牌,但在向“获取令牌”提供会话 ID 后,它显示:“最终用户尚未完成身份验证和身份验证登录流程。”虽然有 18 个月的有效令牌,但它一直返回此错误。
有没有任何人可能读过或写过的示例文章?
【问题讨论】:
您可以查看此节点模块,它使用所有 ebay api 的github.com/ajay2507/ebay-node-api 简化了有关生成访问令牌的所有问题 我们正在使用“ebay”标签,这就是我从您的问题中删除标签的原因。您可以回滚您的回滚以做出贡献吗? 【参考方案1】:这详细说明了“New Sell”API 的 OAuth 流程,而不是 auth 'n' auth 或旧版 Trading API。它也适用于沙盒,尽管生产过程是相同的。
您的困惑并非没有根据。我自己对这个 API 流程的体验,以及大部分 official dev forums 的体验,都给我带来了压力。以下详细说明了生成 oauth 的过程无关,无论您是连接到单个、专用、帐户还是多个用户帐户。 p>
有official guide,它确实解释了整个过程,所以我很犹豫在这里重新创建整个指南。不过,我可以提供一个摘要(我建议在尝试通过您的应用程序之前使用 Postman 执行以下操作):
从here 收集您的客户 ID 和客户密码(请勿公开分享这些内容)
通过单击“通过您的应用程序从 eBay 获取令牌” 并填写表格,从 here 生成一个 RuName(重定向 URL 名称)。此表单用于构建登录页面的外观,用户将被重定向以允许您的应用程序访问他们的帐户。然后,RuName 将直接出现在列标题 “RuName(eBay 重定向 URL 名称)”
下方收集您需要的范围列表。每个 API 端点都需要一个具有适当范围权限的 OAuth 令牌。例如,Create or Replace Inventory Item 端点需要https://api.ebay.com/oauth/api_scope/sell.inventory 范围。找出您将需要哪些端点,然后转到每个端点的 API 文档并找到范围部分。
get 请求现在如下所示:
`https://signin.sandbox.ebay.com/authorize?
client_id=<your-client-id-value>&
redirect_uri=<your-RuName-value>&
response_type=code&
scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.account%20
https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.inventory`
还建议您添加一个state 查询字符串,为了便于使用,我省略了它,但您应该研究what they are 以及为什么它们被推荐用于 OAuth。
浏览器中的此 URL 会将您重定向到用户的登录页面,以允许您的应用程序访问他们的帐户,但仅限于 URL 中的范围。从 php curl 请求中转储,您将获得重定向 URL 本身。 重要提示:即使您的应用程序只有一个用户,也需要最终用户的签名。例如,您有一个客户的电子商务网站,并且您想将他们的产品发送到他们的单一 eBay 帐户。您仍需要至少每 18 个月执行一次此过程(尽快找出原因)。
用户登录并确认后,浏览器将显示“您现在可以关闭此窗口”页面。下一步所需的授权代码在此页面的 URL 中,作为 code 查询字符串。如果您正在为多个用户开发应用程序并计划让他们在此页面上实际登录,那么您需要配置您的应用程序以获取确认响应,这将是上述 URL,并从中提取代码。这段代码非常是短暂的。如果您通过浏览器手动检索它,则需要快速完成后续步骤。
您现在需要对https://api.sandbox.ebay.com/identity/v1/oauth2/token 执行 POST 请求。看下面的结构:
HTTP method: POST
URL (Sandbox): https://api.sandbox.ebay.com/identity/v1/oauth2/token
HTTP headers:
Content-Type = application/x-www-form-urlencoded
Authorization = Basic <B64-encoded-oauth-credentials> (A base64-encoded value made from your client ID and client secret, separated by colon. For example, in PHP you could generate it with: `base64_encode ("fakeclientid123:fakeclientsecret123")`)
Request body (wrapped for readability):
grant_type=authorization_code& (literally the string "authorization_code")
code=<authorization-code-value>& (code retreived in previous step)
redirect_uri=<RuName-value> (same RuName as earlier)
如果成功,此请求将返回如下内容:
"access_token": "v^1.1#i^1#p^3#r^1...XzMjRV4xMjg0",
"token_type": "User token",
"expires_in": 7200,
"refresh_token": "v^1.1#i^1#p^3#r^1...zYjRV4xMjg0",
"refresh_token_expires_in": 47304000
这是我们所追求的 oauth 令牌,它将持续 2 小时。第二个令牌是刷新令牌,将持续约 18 个月。保持此令牌安全,不要共享它,也不要在您的应用程序中对其进行硬编码。从此时起,您的应用程序应该使用此令牌执行刷新调用,以便在需要时获取新的 oauth。一旦 18 个月结束,或者如果用户再次通过“允许访问”程序,您将需要执行上述所有操作以生成新的刷新令牌。假设此时 API 尚未更改。
值得注意的是,18 个月的生命周期并不是 OAuth 刷新的正常过程,它通常应该在每次使用旧的刷新令牌时返回一个新的刷新令牌。
刷新 oauth:
HTTP method: POST
URL (Sandbox): https://api.sandbox.ebay.com/identity/v1/oauth2/token
HTTP headers:
Content-Type = application/x-www-form-urlencoded
Authorization = Basic <B64-encoded-oauth-credentials>
Request body (wrapped for readability):
grant_type=refresh_token&
refresh_token=<your-refresh-token-value>&
scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.account%20
https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.inventory
我希望这会有所帮助!
【讨论】:
@tar,在撰写本文时,传递会话 ID 不是检索 oauth 令牌和刷新令牌的过程的一部分。在我自己使用 api 开发的任何时候,我都不需要考虑会话 ID。如果这种情况发生了变化,或者如果我以某种方式成功使用了没有这个关键部分的 api,请指出我的相关文档。 原来 ebay 的 oauth 不像他们的 auth&auth 那样支持会话 ID。这是最愚蠢的事情,因为这意味着它与不能接受 URL 的桌面客户端不兼容。对此感到抱歉。 @Roro 应该这样做,虽然我已经有一段时间没有看过这个了:) 官方指南是死链接 我希望在自己花费 15 个小时之前找到本指南!这也可能是“官方”指南......【参考方案2】:对于那些与之斗争的人 - 确保您使用的是编码/令牌编码。
由于 ebay 返回解码后的刷新令牌,我几乎失去了理智,试图找出问题所在
【讨论】:
【参考方案3】:对于有困难的人,请注意第 4 步中的 URL 与 eBay 上给出的 URL 不同。 eBay上的网址以https://auth.sandbox.ebay.com/oauth2/authorize开头,但第4步中的网址以https://signin.sandbox.ebay.com/authorize开头
【讨论】:
eBay 在 2018 年某处更改了登录 URL,而在文档中它仅在 2019 年出现。请随意提出修改以修复答案的过时信息【参考方案4】:我发现上面@FullStackFool 的帖子很有帮助。基于此,我构建了一个从本地数据库获取当前令牌的类,在需要时刷新令牌,显示获取新刷新令牌的指令,或处理代码以生成新刷新令牌。
类是用 PHP 5.6 编写的(抱歉 - 旧的内部订单管理系统),但可以轻松升级到 PHP 7 / Laravel 等。
构造函数只接受一个可选值 - 这是当您验证/登录以获取新令牌时由 ebay 生成的 URL 字符串。如果你把它输入到构造函数中,它会解析它,获取“代码”部分,然后去获取一个新的令牌并刷新令牌。
希望代码是不言自明的 - 我已经尝试很好地评论它。希望其他人觉得这很有用。
数据库表(EbayTokens):
CREATE TABLE IF NOT EXISTS `EbayTokens` (
`TokenID` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`TokenValue` text,
`TokenCreated` datetime DEFAULT NULL,
`TokenLifetime` int(11) unsigned DEFAULT NULL,
`RefreshTokenValue` text,
`RefreshTokenCreated` datetime DEFAULT NULL,
`RefreshTokenLifetime` int(11) unsigned DEFAULT NULL,
`TokenType` varchar(100) DEFAULT NULL,
PRIMARY KEY (`TokenID`),
UNIQUE KEY `TokenID` (`TokenID`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
PHP 类 (ebaytoken.php):
<?php
class EbayToken
//Set variables.
public $success = false; //Default.
public $messages = []; //All messages.
public $db_token = null; //The actuasl token.
private $string; //String to update the token.
private $access_token_expired = true; //Dfault to expired.
private $refresh_token_expired = true;
private $refresh_token_almost_expired = true; //Flag to display a warning message.
private $client_id = 'your_client_id';
private $secret = 'your_secret'; //API key. https://developer.ebay.com/my/keys
private $ru_name_value = 'your_ru';
private $scope = 'https://api.ebay.com/oauth/api_scope/sell.fulfillment';
private $base64_encoded_credentials = null; //Initialise this in a mo.
function __construct($string = null)
//Save the string.
$this->string = $string;
//Ininitalise the credentials.
$this->base64_encoded_credentials = base64_encode($this->client_id . ':' . $this->secret);
//Get any existing token from db.
$this->get_token_from_db();
//Check if it's expired - or almost expired. If there is no token this will not do anything.
$this->check_db_token();
//Has the current token expired??
if(($this->access_token_expired == true) && ($this->refresh_token_expired == true))
//Uh oh. Gonna have to get a new token - or display instructions on how to. Has the user entered the URL string to parse?
if((isset($this->string)) && ($this->string != ''))
$this->get_new_tokens($this->string);
else
$this->get_new_tokens_instructions();
else if($this->access_token_expired == true)
//Just the access token. Get a fresh one. If the refresh token has almost expired, display the instuctions.
if($this->refresh_token_almost_expired == true)
$this->need_new_tokens_almost_instructions();
$this->refresh_token(); //Just the access token expired - go and refresh it using the refresh token.
else
//All fine. If the refresh token has almost expired, display the instructions.
if($this->refresh_token_almost_expired == true)
$this->need_new_tokens_almost_instructions();
//Get the current token information from the DB. Should only be 1.
private function get_token_from_db()
//Get token(s). Should only be 1. But loop anyhow.
$sql = "SELECT * FROM EbayTokens";
$res = @mysql_query($sql);
$count = 0;
if($res)
$count = mysql_num_rows($res);
while ($rec = mysql_fetch_assoc($res))
$this->db_token = $rec;
$this->messages[] = '<span style="color:limegreen;"><strong>Access token loaded from database...</strong></span>';
else
$this->messages[] = '<span style="color:red;"><strong>No token found in database!</strong></span>';
return null;
//Has the access token expired?
private function check_db_token()
//Do we even have a token from the db?
if($this->db_token != null)
//Access token expired?
$now = new DateTime();
$now_plus_30_days = new DateTime();
$now_plus_30_days->add(DateInterval::createFromDateString('30 days'));
$date_created = DateTime::createFromFormat('Y-m-d H:i:s', $this->db_token['TokenCreated']);
$date_expires = DateTime::createFromFormat('Y-m-d H:i:s', $this->db_token['TokenCreated']); //Make a new object.
$date_expires->add(DateInterval::createFromDateString($this->db_token['TokenLifetime'] . ' seconds'));
//Refresh token expired?
$refresh_date_created = DateTime::createFromFormat('Y-m-d H:i:s', $this->db_token['RefreshTokenCreated']);
$refresh_date_expires = DateTime::createFromFormat('Y-m-d H:i:s', $this->db_token['RefreshTokenCreated']); //Make a new object.
$refresh_date_expires->add(DateInterval::createFromDateString($this->db_token['RefreshTokenLifetime'] . ' seconds'));
//Check access token.
$this->messages[] = 'Access token created on: ' . $date_created->format('d/m/Y H:i:s') . ', expires: ' . $date_expires->format('d/m/Y H:i:s');
if($date_expires < $now)
$this->messages[] = ' <span style="color:red;"><strong>Access token expired!</strong></span>';
else
$this->messages[] = ' <span style="color:limegreen;"><strong>Access token valid!</strong></span>';
$this->access_token_expired = false;
//Check refresh token.
$this->messages[] = 'Refresh token created on: ' . $refresh_date_created->format('d/m/Y H:i:s') . ', expires: ' . $refresh_date_expires->format('d/m/Y H:i:s');
if($refresh_date_expires < $now)
$this->messages[] = '<span style="color:red;"><strong>Refresh token expired!</strong></span>';
else if($refresh_date_expires < $now_plus_30_days)
$this->messages[] = ' <span style="color:darkorange;"><strong>Refresh token valid! But expires within 30 days. INFORM ADMIN TO GENERATE A NEW REFRESH TOKEN.</strong></span>';
$this->refresh_token_expired = false;
else
$this->messages[] = '<span style="color:limegreen;"><strong>Refresh token valid!</strong></span>';
$this->refresh_token_almost_expired = false;
$this->refresh_token_expired = false;
//Was it all ok?
if(($this->refresh_token_expired == false) && ($this->access_token_expired == false))
$this->messages[] = '<span style="color:limegreen;"><strong>All tokens valid!</strong></span>';
$this->success = true;
return null;
//Go and get a new token using the refresh token. Save it to the db.
private function refresh_token()
$this->messages[] = 'OAUTH token expired - refreshing token...';
// $this->messages[] = 'Using refresh token: ' . $this->db_token['RefreshTokenValue'];
//Connect to Ebay API and refresh the existing oauth token.
$url_get_token = 'https://api.ebay.com/identity/v1/oauth2/token';
$port = 443;
$headers = array(
'Content-Type: application/x-www-form-urlencoded',
'Authorization: Basic ' . $this->base64_encoded_credentials
);
$payload = array(
'grant_type' => 'refresh_token',
'refresh_token' => $this->db_token['RefreshTokenValue'],
'scope=' . urlencode($this->scope),
);
$payload_string = http_build_query($payload);
//Setting the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_PORT, $port);
curl_setopt($ch, CURLOPT_URL, $url_get_token);
curl_setopt($ch, CURLOPT_POST, true);
// curl_setopt($ch, CURLOPT_SSLVERSION, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 300);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload_string);
$data = curl_exec($ch);
curl_close($ch);
//Convert the JSON result into array
$array_data = json_decode($data, true);
//Did we get an access token?
$access_token = null;
if((is_array($array_data)) && (isset($array_data['access_token'])))
//Save the tokens to the database. Set variables.
$access_token = mysql_real_escape_string($array_data['access_token']);
$expires_in = mysql_real_escape_string($array_data['expires_in']);
$token_type = mysql_real_escape_string($array_data['token_type']);
//Update. This will only be run if there is already a token in the DB. So no need to truncate.
$now = new DateTime();
$now_mysql = $now->format('Y-m-d H:i:s');
$existing_token_id = $this->db_token['TokenID'];
$sql = sprintf("UPDATE EbayTokens SET TokenValue = '%s', TokenCreated = '%s', TokenLifetime = %s, TokenType = '%s' WHERE TokenID = %d", $access_token, $now_mysql, $expires_in, $token_type, $existing_token_id);
// $this->messages[] = 'SQL: ' . $sql;
if (@executeSQL($sql))
$this->messages[] = '<span style="color:limegreen;"><strong>Success! Token refreshed and saved to database.</strong></span>';
//Update the token in this object from the freshly saved data.
$this->get_token_from_db();
$this->check_db_token(); //Re-check - this will mark the success flag in this object.
else
$this->messages[] = '<span style="color:red;"><strong>Failed to get OAUTH token! Aborting</strong></span>.';
$this->messages[] = 'Reply was:' . '<br><pre>' . print_r($array_data) . '</pre>';
return null;
//Get new tokens using the string supplied.
private function get_new_tokens($string)
//Parse the URL string supplied and get the 'code'.
$auth_code = null;
$parameters = parse_url($string);
$query_array = explode('&', $parameters['query']);
//Loop through and get code. Just in case the 'code' moves to another position.
foreach ($query_array as $parameter)
$parameter_array = explode('=', $parameter);
if($parameter_array[0] == 'code')
$auth_code = $parameter_array[1];
break; //Got what we want.
/***********************************************************************/
$this->messages[] = "Getting eBay Oauth token using URL string...";
$this->messages[] = 'Using auth code: ' . $auth_code;
//Connect to Ebay API and get an oath using authorisation code.
$url_get_token = 'https://api.ebay.com/identity/v1/oauth2/token';
$port = 443;
$headers = array(
'Content-Type: application/x-www-form-urlencoded',
'Authorization: Basic ' . $this->base64_encoded_credentials
);
$payload = array(
'grant_type' => 'authorization_code',
'code' => urldecode($auth_code), //Get from step one.
'redirect_uri' => $this->ru_name_value, //Same as used in part one.
);
$payload_string = http_build_query($payload);
//Setting the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_PORT, $port);
curl_setopt($ch, CURLOPT_URL, $url_get_token);
curl_setopt($ch, CURLOPT_POST, true);
// curl_setopt($ch, CURLOPT_SSLVERSION, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 300);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload_string);
$data = curl_exec($ch);
curl_close($ch);
//Convert the JSON result into array
$array_data = json_decode($data, true);
//Did we get an access token?
$access_token = null;
if((is_array($array_data)) && (isset($array_data['access_token'])))
//Save the tokens to the database. Set variables.
$access_token = mysql_real_escape_string($array_data['access_token']);
$expires_in = mysql_real_escape_string($array_data['expires_in']);
$refresh_token = mysql_real_escape_string($array_data['refresh_token']);
$refresh_token_expires_in = mysql_real_escape_string($array_data['refresh_token_expires_in']);
$token_type = mysql_real_escape_string($array_data['token_type']);
//Truncate and then insert. There may or may not be an existing token in the db.
$this->truncate_db();
$now = new DateTime();
$now_mysql = $now->format('Y-m-d H:i:s');
$sql = sprintf("INSERT INTO EbayTokens SET TokenValue = '%s', TokenCreated = '%s', TokenLifetime = %d, RefreshTokenValue = '%s', RefreshTokenCreated = '%s', RefreshTokenLifetime = %d, TokenType = '%s' ", $access_token, $now_mysql, $expires_in, $refresh_token, $now_mysql, $refresh_token_expires_in, $token_type);
if (@executeSQL($sql))
$this->messages[] = '<span style="color:limegreen;"><strong>Success! New token aquired and saved to database.</strong></span>';
else
$this->messages[] = '<span style="color:red;"><strong>Error saving new token to database!</strong></span>';
//Update the token in the object from the freshly saved data.
$this->get_token_from_db();
$this->check_db_token(); //Re-check - this will mark the success flag.
else
$this->messages[] = '<span style="color:red;"><strong>Failed to get OAUTH token! Aborting</strong></span>.';
$this->messages[] = 'Reply was:' . '<br><pre>' . print_r($array_data) . '</pre>';
return null;
//Instructions to get a new refresh token.
private function get_new_tokens_instructions()
$this->messages[] = '<span style="color:red;">Tokens expired! Admin action required</span>';
$this->messages[] = "In order to get a fresh oauth token (and more importantly a refresh token), click on the URL below (it will open in a new window) and login as.";
//Connect to Ebay API and get consent. The authorization code grant flow. https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html
$url_get_consent = 'https://auth.ebay.com/oauth2/authorize';
$payload = array(
'client_id=' . $this->client_id,
'redirect_uri=' . $this->ru_name_value,
'response_type=code',
'scope=' . urlencode($this->scope),
);
$payload_string = implode('&', $payload);
$url_get_consent_full = $url_get_consent . '?' . $payload_string;
$this->messages[] = 'URL: <a href="' . $url_get_consent_full . '" target="_blank">' . $url_get_consent_full . '</a><br>';
$this->messages[] = "Once you have completed the login and see the window saying you can close the page, <strong>copy the URL</strong>. It will contain a 'code' parameter.";
$this->messages[] = "Insert the coppied URL in the form below and click submit. The new code will be used and a new oauth and refresh token will be obtained and stored in the database.";
$this->messages[] = '
<form>
URL string:
<input type="text" name="string" size="50">
<input type="submit" value="Submit">
</form>
';
return null;
//Instructions to get a new refresh token - refresh token has ALMOST expired.
private function need_new_tokens_almost_instructions()
$this->messages[] = '<span style="color:darkorange;">Tokens ALMOST expired! Admin action required</span>';
$this->messages[] = "In order to get a fresh oauth token (and more importantly a refresh token), click on the URL below (it will open in a new window) and login.";
//Connect to Ebay API and get consent. The authorization code grant flow. https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html
$url_get_consent = 'https://auth.ebay.com/oauth2/authorize';
$payload = array(
'client_id=' . $this->client_id,
'redirect_uri=' . $this->ru_name_value,
'response_type=code',
'scope=' . urlencode($this->scope),
);
$payload_string = implode('&', $payload);
$url_get_consent_full = $url_get_consent . '?' . $payload_string;
$this->messages[] = 'URL: <a href="' . $url_get_consent_full . '" target="_blank">' . $url_get_consent_full . '</a><br>';
$this->messages[] = "Once you have completed the login and see the window saying you can close the page, <strong>copy the URL</strong>. It will contain a 'code' parameter.";
$this->messages[] = "Insert the coppied URL in the form below and click submit. The new code will be used and a new oauth and refresh token will be obtained and stored in the database.";
$this->messages[] = '
<form>
URL string:
<input type="text" name="string" size="50">
<input type="submit" value="Submit">
</form>
';
return null;
//Delete any tokens from the database. Use cautiously.
private function truncate_db()
$sql = "TRUNCATE TABLE EbayTokens";
if (@executeSQL($sql))
$this->messages[] = '<span style="color:limegreen;"><strong>Existing tokens deleted from database.</strong></span>';
return null;
?>
还有一个小脚本来测试/使用:
<?php
require_once("classes/ebaytoken.php");
$thispage = new Page();
//Is there a string in the $_GET array? If so, feed it into the constructor.
$string = null;
if((isset($_GET['string'])) && ($_GET['string'] != ''))
$string = $_GET['string'];
$token = new EbayToken($string);
echo "<h3>Current eBay Tokens</h3>";
$messages = $token->messages;
if(count($messages) > 0)
echo '<ul>';
foreach ($messages as $message)
echo '<ul>' . $message . '</ul>';
echo '</ul>';
//Is the token valid?
if($token->success == true)
get_orders($token->db_token);
//Get ebay orders.
function get_orders($token_data)
echo "<h3>Getting Ebay Orders</h3>";
//Start the main request now we have the token. https://developer.ebay.com/api-docs/sell/static/orders/discovering-unfulfilled-orders.html
$url_get_orders = 'https://api.ebay.com/sell/fulfillment/v1/order';
$port = 443;
$headers = array(
'Authorization: Bearer ' . $token_data['TokenValue'],
'X-EBAY-C-MARKETPLACE-ID: EBAY_GB',
);
$payload = array(
'filter=orderfulfillmentstatus:' . urlencode('NOT_STARTED|IN_PROGRESS'),
'limit=100',
'offset=0',
);
$payload_string = implode('&', $payload);
$url_get_orders_full = $url_get_orders . '?' . $payload_string;
//Setting the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url_get_orders_full); //For 'get', add query string to end of URL.
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 300);
$data = curl_exec($ch);
curl_close($ch);
//Convert the JSON result into array
$array_data = json_decode($data, true);
print_r('<pre>');
print_r($array_data);
print_r('</pre>');
return null;
?>
【讨论】:
谢谢@Dharman - 我知道这一点。这是来自内部应用程序的一些示例代码,我很快就拼凑起来了。另外,没有真正的外部输入——只有 ebay 返回的数据。 Anyhoo...我会更新... 对不起@Dharman - 我只完成了一半的工作。将 mysql_real_escape_string 添加到 ebay 返回的所有参数中。它不是预先准备好的语句 - 但它增加了合理的保护水平。以上是关于eBay oauth 令牌和刷新令牌的主要内容,如果未能解决你的问题,请参考以下文章
Google OAuth - 访问令牌和刷新令牌之间的区别 [重复]
如何基于使用 Oauth2 协议的身份验证改进 JWT 访问令牌和刷新令牌?
使用 React Native 和 Redux 刷新 OAuth 令牌