Cannot perform authentication from some servers

[hikashop-jerome]

Hi all !

The support client asked me to create an issue here, sorry for the long post but I really hope that someone will be able to find the nature of that issue.

Several websites (from different customers of yours) are using a payment plugin based on the MangoPay SDK v1.7. I know this is an old version of SDK but, after a very very long development the plugin was finished few weeks before the release of the v2 and the tests we made revealed some issues with the PSR...

So, here the core of the issue.

On several websites, the SDK is not able to perform a oauth authentication. I have two users in production website with the issue ; but I have two of my test websites which do not have the issue. I tried changing the PHP version, I also made manual CURL calls in order to be sure the website was able to reach the API server, and it can.

Here the result of an API call, using the "debugMode" variable from the SDK :

FullUrl: https://api.mangopay.com/v2/ACCOUNT/users/99999999
-------------------------------
RequestType: GET
-------------------------------
FullUrl: https://api.mangopay.com/v2/oauth/token 
-------------------------------
RequestType: POST
-------------------------------
HTTP Headers: Array
(
    [0] => Host: api.mangopay.com
    [1] => Authorization: Basic <credentials encoded in base64>
    [2] => Content-Type: application/x-www-form-urlencoded
)
-------------------------------
RequestData object: Array
(
    [grant_type] => client_credentials
)
-------------------------------
Response JSON: ?

:-(

Oops, that page can not be found.
-------------------------------
Response object: 

Now the funny part. I analysed the response JSON and I was able to see that's an actual error HTML page (so not a JSON) :

    <title>Error Page</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <link rel="stylesheet" type="text/css" href="/Content/themes/barnie/css/bootstrap.min.css">
    <link rel="shortcut icon" href="/Content/themes/barnie/img/custom/favicon.png">
    <style type="text/css">
        body {background: #f7f7f7 url(/Content/themes/barnie/img/main-back.png) repeat;text-align: center;}
        div {margin-top: 50px;}
        div.title {font-size: 5em;font-weight: bold;}
        div.message {font-size: 2em;}
    </style>
    <div class="logo">
        <img src="/Content/themes/barnie/img/custom/logo.png">
    </div>
    <div class="title">:-(</div>
    <div class="message">Oops, that page can not be found.</div>

Strange thing, I saw that someone had the same HTML error page in a issue from the Java SDK CF : https://github.com/Mangopay/mangopay2-java-sdk/issues/120#issuecomment-525256369

More strange, if I use the same credentials on my laptop or one test server, I can perform an oauth authentication and then call the API. But, in two websites, after years without issue, it stopped working some weeks ago (first report February 25th). The SDK is still the same old one and there was no modification which could affect the oauth process.

The web hosting performed various checks and I was able to perform tests using the same PHP version. Since the return of the oauth call seems to be an error page coming from the API server (or a firewall), I'm pretty sure that the SDK is able to perform the call but it's somehow filtered. If I search for "themes/barnie", I just find the issue reported in the java SDK ; which make me think that it's really coming from the MangoPay server.

The MangoPay support was not able to provide answers but confirmed that they have nothing in their API dashboard (since the website got an error page during oauth, the SDK never made the final API call).

I will gladly patch the SDK v1.7 if there is something to add in the cURL parameters to solve the issue. The only different I can see in the code is the addition of the "User-Agent" ; which does not explain why some websites can perform calls and other can't. And if it's some firewall or else issue, I'd love to know how to stop and avoid it ; since it been weeks that two of MangoPay clients can't use the payment platform (and the support is asking me to open that issue here).

[dduwoyemgp]

Hello @hikashop-jerome Thanks for your issue. Just to confirm, you're telling me that this issue occurs with the 1.7 version of the PHP SDK? Thanks for you reply :)

[hikashop-jerome]

I'm really surprise of that question. I wrote two times in my message that it's using the version 1.7 of the SDK :

a payment plugin based on the MangoPay SDK v1.7

I will gladly patch the SDK v1.7 if ...

And since I open the issue in the MangoPay2 PHP SDK, indeed it's the version 1.7 of the PHP SDK. So yes, I confirm.