OAuth callback isn't called

WP-API / OAuth1

OAuth server implementation for WP API

http://oauth1.wp-api.org/

331 stars 109 forks source link

OAuth callback isn't called #59

Open mariorodriguespt opened 9 years ago

mariorodriguespt commented 9 years ago

I tried to setup a callback but it's never called. The oauth documentation says that I must provide oauth_callback parameters but I get an error saying that the callback is missing. It works if I use callback, after the user grants the authorisation I'm shown a page with a verification token. What am I supposed to do with this token? Why the callback isn't called?

romuloctba commented 9 years ago

U shoul use the provided token to make the authenticated requests

mariorodriguespt commented 9 years ago

Isn't this token supposed to be passed to my server via the callback? All I'm getting is page, show to the user, with the token. The callback isn't being called.

romuloctba commented 9 years ago

I bet u r right. This is as far as i got too.

lxcodes commented 9 years ago

@sblaz Do your commits work or just WIP? Would love to see a PR for this. Currently stuck here ourselves.

sblaz commented 9 years ago

I believe so, yes, although I was planning on doing a bit more testing before submitting a pull request. I was able to successfully authenticate with an OAuthSwift client after applying this and a couple of other patches - I'm not sure what happens if you just try to apply this one by itself. It's pretty simple, though, if you look at it, the oauth_callback parameter wasn't getting saved along with the other request token stuff.

lxcodes commented 9 years ago

@sblaz Yup -- does look like that. Currently using your master branch -- removes the restrictive wp_http_validate_url looks like.

sblaz commented 9 years ago

Yes, that's right - I started by applying #33 but then wanted to use a custom url scheme so relaxed the validation further. Also had some issues with double-encoding of the oauth_callback parameter value. Applied #65 and then removed the two rawurlencode() calls in join_with_equals_sign() and it seems to be copacetic.

jeremywho commented 9 years ago

Those changes got it working for me with OAuthSwift.

coderkevin commented 8 years ago

In my case, normalize_parameters() is really messing up my already partially encoded parameters, so by removing normalize_parameters() instead, I was able to keep the rawurldecode() calls.

See: #91

@sblaz , I have created a PR which merges your changes with AlexC's and removes normalize_parameters() in favor of encoding them in the join_with_equals_sign() function: #92 If you're interested, would you mind checking out my approach and let me know if it works for you? I'll leave the callback-fix branch on my fork available for testing.

Thanks!