intiaz / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

2Legged Server Issue #68

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1.  Setup all the necessary files
2.  In the examples folder, run the twolegged.php file.
      The only change I made to this file is after I get the request token, I try to access hello.php present in the examples/server/ folder.

What is the expected output? What do you see instead?
I should see Hello World, but I got
"ExceptionRequest failed with code 401: OAuth Verification Failed: The 
consumer_key "c76f224ae0ea41eaf76a50e1cdd04caa5ffe" token 
"d67b1448e77f2fbb2f6a0d0d447c04caba0df" combination does not exist or is not 
enabled."

What version of the product are you using? On what operating system?
oauth-php-155

Please provide any additional information below.
As per my understanding of OAuth for two-legged, the workflow is as below..
From the consumer side.
1.  Have the consumer key and secret with you.
2.  Instantiate the 2Legged  OAuthStore (OAuthStore2Leg)
3.  Using the key, request for the resource.  I assume the signing part will be 
taken care of by oauth-php.

When I do this, I get access or request token missing.

In case, this assumption is wrong, and I need to get a request token to access 
the API, 
I got the request token and then requested for the API, It shows the 
combination does not exist error.(as above)

I clearly understand the consumer part of 2Leg store.  It sends only the 
consume key/secret to sign the request.
But, what is changing in the server when a 2Legged request comes?  I did not 
see any special code to handle 2Legged version.
The token_type is actually set to false in the consumer store.  But, the server 
expects it to be 'access'.
Also, my database is fine, I see the combination in the database and I have 
verified it! 

Attached is the source code change I made. url1 points to hello.php in the 
examples/server folder.

Original issue reported on code.google.com by vivekris...@gmail.com on 5 Oct 2010 at 10:26

GoogleCodeExporter commented 8 years ago
As noted in the docs, OAuthStore2Leg does not store data between requests. If 
your user is redirected by the request, then you need another storage system 
that uses a database (for example, OAuthMySQL). I think this might be the cause 
of your problem.

Original comment by brunobg%...@gtempaccount.com on 6 Oct 2010 at 8:27

GoogleCodeExporter commented 8 years ago
I figured out a solution yesterday, I need to set the verifyIfSigned 's 
argument as false in hello.php, in that way, it does not use the token, it just 
signs. (Let me know if I am wrong)
Appreciate your reply!

Original comment by vivekris...@gmail.com on 6 Oct 2010 at 8:44

GoogleCodeExporter commented 8 years ago
Yep, that is a solution!

Original comment by brunobg%...@gtempaccount.com on 6 Oct 2010 at 8:58

GoogleCodeExporter commented 8 years ago
Thanks,Great Solution,Yeah..Its working.

Original comment by php.piyu...@gmail.com on 29 Feb 2012 at 12:35