search

gladiopeace / opensocial-php-client

Automatically exported from code.google.com/p/opensocial-php-client
Apache License 2.0
0 stars 0 forks source link

Google (3 legged) is broken because of Invalid AuthSub signature #55

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Run example script /osapi/examples/listFriends.php?test=google3legged
2. User is been redirected to google universal login:

https://www.google.com/a/UniversalLogin?continue=https%3A%2F%2Fwww.google.com%2F
accounts%2FOAuthAuthorizeToken%3Foauth_token%3D4%2F99nXWnagMtXMFs4YyAbXF_kqYfNn%
26oauth_callback%3Dhttp%253A%252F%252Fdev.dex.co.il%252Fosapi%252Fexamples%252Fl
istFriends.php%253Ftest%253Dgoogle3legged%2526oauth_continue%253D1%2526token%253
D4%252F99nXWnagMtXMFs4YyAbXF_kqYfNn%2526key%253DsM2Yty3eLSxpj%2BGywUL0Qv1P%26hd%
3Ddefault&continue2=https%3A%2F%2Fwww.google.com%2Fa%2F%7B%7Bdomain%7D%7D%2FOAut
hAuthorizeToken%3Foauth_token%3D4%2F99nXWnagMtXMFs4YyAbXF_kqYfNn%26oauth_callbac
k%3Dhttp%253A%252F%252Fdev.dex.co.il%252Fosapi%252Fexamples%252FlistFriends.php%
253Ftest%253Dgoogle3legged%2526oauth_continue%253D1%2526token%253D4%252F99nXWnag
MtXMFs4YyAbXF_kqYfNn%2526key%253DsM2Yty3eLSxpj%2BGywUL0Qv1P&spl=true&btmpl=auths
ub

3. User is redirected back to application:

/osapi/examples/listFriends.php?test=google3legged&oauth_continue=1&token=4%2F99
nXWnagMtXMFs4YyAbXF_kqYfNn&key=sM2Yty3eLSxpj+GywUL0Qv1P&oauth_token=4%2F99nXWnag
MtXMFs4YyAbXF_kqYfNn

4. Php error:

<b>Fatal error</b>:  Uncaught exception 'osapiException' with message
'Error requesting oauth access token, code 400, message: signature_invalid
base_string:GET&amp;https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetAccessToke
n&amp;oauth_consumer_key%3Danonymous%26oauth_nonce%3Dce5d7c877689466772d01e08a3b
b964b%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1252589771%26oaut
h_token%3D4%252F99nXWnagMtXMFs4YyAbXF_kqYfNn%26oauth_version%3D1.0

' in C:\dev\dex_v2\src\osapi\auth\osapiOAuth3Legged.php:115
Stack trace:
#0 C:\dev\dex_v2\src\osapi\auth\osapiOAuth3Legged.php(81):
osapiOAuth3Legged-&gt;upgradeRequestToken('4/99nXWnagMtXMF...',
'sM2Yty3eLSxpj G...')
#1 C:\dev\dex_v2\src\examples\__init__.php(115):
osapiOAuth3Legged::performOAuthLogin('anonymous', 'anonymous',
Object(osapiFileStorage), Object(osapiGoogleProvider), 'kogg6dvrhv2vuuf...')
#2 C:\dev\dex_v2\src\examples\listFriends.php(18):
require_once('C:\dev\dex_v2\s...')
#3 {main}
  thrown in <b>C:\dev\dex_v2\src\osapi\auth\osapiOAuth3Legged.php</b> on
line <b>115</b><br />

All other providers work.
I have tried with also with "OAuth for Web Applications" key and secret and
got the same error.

I'm using revision 192.

I have noticed that in OAuthGetAccessToken request the oauth_verifier
parameter does not exists as suggested by Google's documentation: 
http://code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken

Original issue reported on code.google.com by jonathan...@gtempaccount.com on 10 Sep 2009 at 1:43