areoid / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

Parameter in Request Token step #1

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
How can I add additional information to a request token?

The first step of the protocol allows a SP to add additional parameters (I
would like to add required_access=someaccessright) to the request. This
value should be then associated with a request token. 

I see no way how I can get a token before calling $server->requestToken(),
which itself exits before returning. My solution is to overwrite
$server->requestToken() and save the additional data in my own table.

Is there a better way to do this? Any chance something like this will make
it into future releases?

Thanks

Original issue reported on code.google.com by uwe...@gmail.com on 12 Jul 2008 at 4:33

GoogleCodeExporter commented 8 years ago
Hello uweiss,

Is it correct when I understand that you would like your service provider to:
- receive additional parameters when handling the request-token request
- save these received with the request-token.

I assume the $server->authorizeVerify() will then also need to return those 
extra parameters.  As will the 
$store->getConsumerRequestToken(), $store->getConsumerAccessToken().

Maybe we should also let the $consumer->requestRequestToken() add extra 
parameters to the outgoing 
request.

Any extra ideas?

- Marc

Original comment by ma...@pobox.com on 13 Jul 2008 at 6:05

GoogleCodeExporter commented 8 years ago
hi Marc,

Yes and no. Handling and saving extra parameters is certainly an option from 
within
the library, but it is not really necessary. A user of the library can access 
these
parameters pretty well with $server->getParameter('param_name'). The problem I 
had
was actually associating this parameter with a token (or ost_id), which was not
possible when calling $s->requestToken(), because it exits. I rewrote that 
function
and inserted some of my own code for fetching the ost_id and saving the 
parameters in
my own parameter table, where I also save other things like expiration of the 
token
(which will be set by the user on the authorization step). It would be nice if
$s->requestToken() returned the ost_id. 

See http://proofile.org/apidoc/oauth for how I am using these parameters.

yes, $c->requestRequestToken() should be able to have parameters added (6.1.1 of
http://oauth.net/core/). Also, on a side note, a caller should be enabled to 
change
the http request method (GET, or anything else, instead of just POST). 

keep up the good work, I really like the library.
ueli

Original comment by uwe...@gmail.com on 14 Jul 2008 at 10:31

GoogleCodeExporter commented 8 years ago
Hi Ueli,

I propose to change OAuthServer::requestToken() so that it returns the new 
request_token, and does not call exit() anymore.  
OAuthRequester::requestRequestToken() will be changed to accept additional 
parameters and also an optional http request method.

In OAuthServer:

    /**
     * Handle the request_token request.
     * Returns the new request token and request token secret.
     * 
     * TODO: add correct result code to exception
     * 
     * @return string   returned request token, false on an error
     */
    public function requestToken ()

And in OAuthRequester:

    /**
     * Request a request token from the site belonging to consumer_key
     * 
     * @param string consumer_key
     * @param int usr_id
     * @param array params (optional) extra arguments for when requesting the request token
     * @param string method (optional) change the method of the request, defaults to POST (as it should be)
     * @exception OAuthException when no key could be fetched
     * @exception OAuthException when no server with consumer_key registered
     * @return array (authorize_uri, token)
     */
    static function requestRequestToken ( $consumer_key, $usr_id, $params = null, $method = 'POST' )

Would this help you and fix the problems you encountered?

- Marc

Original comment by ma...@pobox.com on 16 Jul 2008 at 3:52

GoogleCodeExporter commented 8 years ago
perfect, thanks marc!

Original comment by uwe...@gmail.com on 16 Jul 2008 at 4:10

GoogleCodeExporter commented 8 years ago
I committed the proposed changes.  
See revision 45.  

Also adapted the documentation for the OAuthServer

Original comment by ma...@pobox.com on 16 Jul 2008 at 4:25

GoogleCodeExporter commented 8 years ago
Will start testing.

Original comment by ma...@pobox.com on 16 Jul 2008 at 4:26