淘宝开放平台-Oauth认证方式
最近因为工作需要 一直在研究淘宝的api。 之前虽然也做过新浪的开放平台 但是一直只是百度封装好的源码。然后调用 实现 具体原理不甚了解。
(注.本人比较小白。此文只是用来说明授权的流程。所以写的不好、请勿拍砖)
先说下需求吧。 因为是一个web项目 所以应该需要采用的Server-side flow方式。但是在网上搜索好久 大多数的文章要么是top方式 要么就只是写了一个post提交的方法 (HttpWebRequest请求) 返回的是整个页面的html代码。 于是问题就来了。 大家都知道 授权页面时需要展示给用户的。 也就是说得实际从你自己的web项目跳转到授权页面的。
于是就写了下面这个类
{
//TODO: 由于账号是公司的 所以就不提供了。 需要测试的童鞋 请自己注册淘宝app_key 和下面的两项
//
public const string app_secret = "";
// 下面这个回调地址 设置的时候会有些费劲 因为在淘宝注册的时候 该地址必须是www.形式的(没有域名的话 www.形式跳转不到本机) 等会下一篇会教大家在自己机器设置回调地址
public const string authorizeUri = "https://oauth.taobao.com/authorize";
public const string tokenUri = "https://oauth.taobao.com/token";
public const string apiUri = "https://eco.taobao.com/router/rest";
public const string pName_grant_type = "grant_type";
public const string pName_client_secret = "client_secret";
public const string pName_code = "code";
public const string pName_client_id = "client_id";
public const string pName_redirect_uri = "redirect_uri";
public const string pName_response_type = "response_type";
private static TBRequest instance ;
public static TBRequest GetInstance()
{
if (instance != null)
{
return instance;
}
else
{
instance = new TBRequest();
return instance;
}
}
private TBRequest()
{
//
//TODO: 在此处添加构造函数逻辑
//
this.AddParameter(pName_client_id, app_key);
this.AddParameter(pName_client_secret, app_secret);
this.AddParameter(pName_grant_type, "authorization_code");
this.AddParameter(pName_redirect_uri, redirectUri);
this.AddParameter(pName_response_type, pName_code);
}
private IDictionary<string, string> _parameters = new Dictionary<string, string>();
private string[] keys=null;
public string this[string name]
{
get {
string value;
_parameters.TryGetValue(name, out value);
return value;
}
}
public string AppKey
{
get
{
return this[pName_client_id];
}
}
public string AppSecret
{
get
{
return this[pName_client_secret];
}
}
public void AddParameter(string key, string value)
{
if (_parameters.ContainsKey(key))
{
_parameters[key] = value;
}
else
{
_parameters.Add(key, value);
}
}
internal void AddParameters(IDictionary<string, string> parameters)
{
if (parameters != null && parameters.Count > 0)
{
IEnumerator<KeyValuePair<string, string>> paramEnum = parameters.GetEnumerator();
while (paramEnum.MoveNext())
{
AddParameter(paramEnum.Current.Key, paramEnum.Current.Value);
}
}
}
public void AddParatemerKeys(string[] keys)
{
this.keys = keys;
}
public string AuthorizeUri
{
get {
keys = new string[] { pName_client_id, pName_redirect_uri, pName_response_type };
return authorizeUri + QueryString;
}
}
public string TokenUri
{
get
{
keys = new string[] { pName_client_id, pName_client_secret, pName_grant_type, pName_redirect_uri, pName_code };
return tokenUri + QueryString;
}
}
public string QueryString
{
get {
if (keys == null || keys.Length <= 0)
{
return string.Empty;
}
else
{
int i = 0;
StringBuilder buffer = new StringBuilder(string.Empty);
foreach (string key in keys)
{
if (i > 0)
{
buffer.AppendFormat("&{0}={1}", key, _parameters[key]);
}
else
{
buffer.AppendFormat("?{0}={1}", key, _parameters[key]);
}
i++;
}
return buffer.ToString();
}
}
}
public void PostUrl(string uri)
{
HttpContext.Current.Response.Write(@"
<Form id='PostForm' action='" + uri + @"' method='Post' >
<script> document.getElementById('PostForm').submit();</script>
</Form>
");
}
}
这个代码中有部分比较疑惑。 就是这个单利类 该不该使用。如果使用 那字典取值和赋值会不会出异常 这些地方没有搞清楚
使用方法如下:
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
TBRequest r = TBRequest.GetInstance();
r.PostUrl(r.AuthorizeUri);
}
}
}
如果用户授权 会自动跳转到指定的回调页面
在这里我设置的index页面。
string result= TaoBaoHttps.DoPost(TBRequest.GetInstance().TokenUri, null, System.Text.Encoding.UTF8);
TBResponse response = TBResponse.GetInstance();
response.AddJsonData(result);
index页面 获取Code码 并进行Token的请求
返回值添加进Response的字典集合中
TBResponse代码:
View Code
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Script.Serialization;
/// <summary>
///TBResponse 的摘要说明
/// </summary>
public class TBResponse
{
/// <summary>
/// 存储返回的字符串集合
/// </summary>
private IDictionary<string, string> _responseValues = new Dictionary<string, string>();
private JavaScriptSerializer serializer = new JavaScriptSerializer();
private static TBResponse response = new TBResponse();
public static TBResponse GetInstance()
{
if (response != null)
{
return response;
}
else
{
return new TBResponse();
}
}
private TBResponse()
{
//
//TODO: 在此处添加构造函数逻辑
//
}
public string this[string key]
{
get
{
string value = string.Empty;
_responseValues.TryGetValue(key, out value);
return value;
}
set
{
AddParamter(key, value);
}
}
public void AddParamter(string key, string value)
{
if (_responseValues.ContainsKey(key))
{
_responseValues[key] = value;
}
else
{
_responseValues.Add(key, value);
}
}
public void AddParamters(IDictionary<string,string> _parameters)
{
if (_parameters != null && _parameters.Count > 0)
{
IEnumerator<KeyValuePair<string, string>> paramEnum = _parameters.GetEnumerator();
while (paramEnum.MoveNext())
{
AddParamter(paramEnum.Current.Key, paramEnum.Current.Value);
}
}
}
public void AddJsonData(string result)
{
try
{
AddParamters(serializer.Deserialize<Dictionary<string, string>>(result));
}
catch (Exception)
{
throw;
}
}
}
请求用户api的方法
View Code
TBRequest request = TBRequest.GetInstance();
request.AddParameter("method", "taobao.user.get");
request.AddParameter("access_token", response["access_token"]);
request.AddParameter("v", "2.0");
request.AddParameter("format", "json");
request.AddParameter("fields", "user_id,nick,seller_credit");
request.AddParatemerKeys(keys);
View Code Response.Write(userResult);
其中TaoBaoHttps.cs 代码
View Code using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net;
using System.Security;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
using System.IO;
namespace OauthTaoBaoWeb
{
public class TaoBaoHttps
{
private const string DefaultUserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)";
private const string DefaultRedirectUri = "http://www.gengpianyi.com";
public const string app_key = "21038833";
public const string app_secret = "b5e6aefe76e0ef140606f4d4b7e85a03";
public const string baseUri = "https://oauth.taobao.com/authorize";
public const string tokenUri = "https://oauth.taobao.com/authorize";
public const string Client_id = "client_id";
public const string Response_type = "response_type";
public const string Scope = "scope";
public const string Redirect_uri = "redirect_uri";
public const string State = "state";
public const string View = "view";
public static HttpWebResponse CreatePostHttpRequest(string uri, int? timeout, IDictionary<string, string> parameters, string userAgent, Encoding requestEncoding, CookieCollection cookies)
{
if (string.IsNullOrEmpty(uri))
{
throw new ArgumentNullException("url");
}
if (requestEncoding == null)
{
throw new ArgumentNullException("requestEncoding");
}
HttpWebRequest request = null;
//如果是发送HTTPS请求
if (uri.StartsWith("https", StringComparison.OrdinalIgnoreCase))
{
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidationCallback);
request = WebRequest.Create(uri) as HttpWebRequest;
request.ProtocolVersion = HttpVersion.Version10;
}
else
{
request = WebRequest.Create(uri) as HttpWebRequest;
}
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
if (!string.IsNullOrEmpty(userAgent))
{
request.UserAgent = userAgent;
}
else
{
request.UserAgent = DefaultUserAgent;
}
if (timeout.HasValue)
{
request.Timeout = timeout.Value;
}
if (cookies != null)
{
request.CookieContainer = new CookieContainer();
request.CookieContainer.Add(cookies);
}
//如果需要POST数据
if (!(parameters == null || parameters.Count == 0))
{
StringBuilder buffer = new StringBuilder();
int i = 0;
foreach (string key in parameters.Keys)
{
if (i > 0)
{
buffer.AppendFormat("&{0}={1}", key, parameters[key]);
}
else
{
buffer.AppendFormat("{0}={1}", key, parameters[key]);
}
i++;
}
byte[] data = requestEncoding.GetBytes(buffer.ToString());
using (Stream stream = request.GetRequestStream())
{
stream.Write(data, 0, data.Length);
}
}
return request.GetResponse() as HttpWebResponse;
}
public static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
return true;
}
public static HttpWebResponse CreateGetHttpRequest(string uri, int? timeout, string userAgent, CookieCollection cookies)
{
if (string.IsNullOrEmpty(uri))
{
throw new ArgumentNullException("uri");
}
HttpWebRequest request = WebRequest.Create(uri) as HttpWebRequest;
request.Method = "GET";
request.UserAgent = DefaultUserAgent;
if (!string.IsNullOrEmpty(userAgent))
{
request.UserAgent = userAgent;
}
if (timeout.HasValue)
{
request.Timeout = timeout.Value;
}
if (cookies != null && cookies.Count > 0)
{
request.CookieContainer = new CookieContainer();
request.CookieContainer.Add(cookies);
}
return request.GetResponse() as HttpWebResponse;
}
public static string DoPost(string uri, IDictionary<string, string> parameters, Encoding requestEncoding)
{
return GetResponseAsString(CreatePostHttpRequest(uri, null, parameters, null, requestEncoding, null),requestEncoding);
}
public static string GetResponseAsString(HttpWebResponse response, Encoding encoding)
{
StringBuilder result = new StringBuilder(string.Empty);
Stream stream = null;
StreamReader reader = null;
try
{
//以字符流的方式读取HTTP响应
stream = response.GetResponseStream();
reader = new StreamReader(stream, encoding);
char[] buffer = new char[256];
int readBytes = 0;
while ((readBytes = reader.Read(buffer, 0, buffer.Length)) > 0)
{
result.Append(buffer, 0, readBytes);
}
}
finally
{
if (reader != null) reader.Close();
if (stream != null) stream.Close();
if (response != null) response.Close();
}
return result.ToString();
}
}
}
以上就是淘宝开放平台的授权 和一个简单的api的使用 希望能够帮到初学者
