jbrashear / oauth2-php

Automatically exported from code.google.com/p/oauth2-php
MIT License
0 stars 0 forks source link

Not found "OAuth" and access_token on getAccessTokenParams() #15

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Test with server pdo

http://pastebin.com/SVmJiJ3T

//not found the string "OAuth"
if (strcmp(substr($auth_header, 0, 5), "OAuth ") !== 0)

//patch
if (strcmp(substr($auth_header, 0, 5), "OAuth") !== 0)

//not found access_token value
if (preg_match('/\s*OAuth\s*="(.+)"/', substr($auth_header, 5), $matches) == 0 
|| count($matches) < 2)

//path
if (preg_match('/OAuth\s.*="(.+)"/', $auth_header, $matches) == 0 || 
count($matches) < 2)

Original issue reported on code.google.com by dmousex on 13 Mar 2011 at 9:04

GoogleCodeExporter commented 8 years ago
I can confirm, that this fixes the bug. I invested too many hours on this one…

Original comment by jens.k...@gmail.com on 16 May 2011 at 4:48

GoogleCodeExporter commented 8 years ago
Since I'm implementing a server now, one comment on the 2nd patch:

//path
if (preg_match('/OAuth\s.*="(.+)"/', $auth_header, $matches) == 0 || 
count($matches) < 2)

From what I can see from the specs, that's the format for OAuth 1.0 headers and 
this should actually be (just the regex):

'/\s*OAuth\s*(.+)/'

If we wanted (half-assed) backwards compatibility, then this works:

'/\s*OAuth\s*=?"?(.+)"?/'

Original comment by jess...@gmail.com on 1 Jun 2011 at 7:34

GoogleCodeExporter commented 8 years ago
I also had to make both these changes to get it working.

Original comment by relayers...@gmail.com on 19 Jan 2012 at 5:24