search

dhruvil12 / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

token_secret when using OAuthStore2Leg #89

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi everyone,

I was using your lib to interact with the OAuth twitter API. 
I was successfull to request access token, security token...
But once I had the access token, I was unable to interact with services that 
requires an Authentication: like this one 
http://dev.twitter.com/doc/get/account/verify_credentials
I was always getting a "HTTP 401 Unauthorized - Invalid signature".
I check here and there to find out a solution and I take a look to the 
abraham-twitteroauth lib to check out how he was doing. 
I finally found that his signature for his service call was generated with the 
token_secret (ie for Twitter oauth_token_secret).
Sadly the method OAuthStore2Leg::getSecretsForSignature was never taking care 
of the token_secret parameter even if it is used in OAuthRequestSigner::sign to 
sign the request.

To resolve that, I create a class OAuthStoreMy2Leg with the following code :
<?php
require_once dirname(__FILE__) . '/OAuthStore2Leg.php';

class OAuthStoreMy2Leg extends OAuthStore2Leg {

    protected $token_secret = '';

    public function __construct( $options = array() ) {
        parent::__construct($options);
        if(isset($options['token_secret'])) {
            $this->token_secret = $options['token_secret'];           
        }
    }

    public function getSecretsForSignature ( $uri, $user_id ) {
        $list = parent::getSecretsForSignature( $uri, $user_id );
        if ($this->token_secret != "") {
            $list['token_secret'] = $this->token_secret;
        }
        return $list;
    }
}
?>

And I use it like that :
$opts = array('consumer_key' => 'xxxx', 'consumer_secret' => 'xxxx', 
'token_secret' => 'xxxx');
OAuthStore::instance("My2Leg", $opts);

I would like to have your feedback on that to see if I am totally wrong (I'm 
pretty new with OAuth) or if it is a real feature and/or bug... 
If you need any more info, let me know.

Thanks a lot

Original issue reported on code.google.com by florian....@gmail.com on 9 Jan 2011 at 7:46

GoogleCodeExporter commented 9 years ago 
Sorry, I think I multi-post this entry....

Original comment by florian....@gmail.com on 9 Jan 2011 at 7:47

GoogleCodeExporter commented 9 years ago 
Quick reply: did you check the twitter example that comes with the library? 

I think you may be correct though. I just issued a patch on r181 based on your 
code. Thanks!

Original comment by brunobg%...@gtempaccount.com on 10 Jan 2011 at 7:38

GoogleCodeExporter commented 9 years ago 
Yes, I really check the example that comes with the library... And it works.
The thing is that the example is using public operation that does not require a 
secret_token.

Original comment by florian....@gmail.com on 11 Jan 2011 at 12:18