swatantra / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

Impossible to get user id after OAuthServer::verifyIfSigned() #73

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Hi and thanks for this usefull lib.

I'm working on a threelegged server with mobile app consumers.
The server works fine until a try to access protected data.

I have my access token (with a verifier) and I try to access data using the 
same process as in hello.php : 

<CODE>
require_once 'init.php';

$authorized = false;
$server = new OAuthServer();
try
{
        if ($server->verifyIfSigned())
        {
                $authorized = true;
        }
}
catch (OAuthException2 $e)
{
}

if (!$authorized)
{
        header('HTTP/1.1 401 Unauthorized');
        header('Content-Type: text/plain');

        echo "OAuth Verification Failed: " . $e->getMessage();
        die;
}

// From here on we are authenticated with OAuth. 

header('HTTP/1.1 200 OK');
header('Content-type: application/json');

//Do my stuff
</CODE>

Here i need the user_id corresponding to my access token but i can't get it.
If i try to call another OAuthServer function i get a  : 
Fatal error:  Uncaught exception 'OAuthException2' with message 'Duplicate 
timestamp/nonce combination, possible replay attack.  Request rejected.'

It think it's normal and i should not have to ask another verify process 
(OAuthServer::verify()) to the server but i really don't know how to get the 
user id i need to access data.

Maybe i didn't understand how it's works at all ^^.

If someone have an idea...

I don't remember exactly the version i use, probably 142 or 155.
Regards,

Original issue reported on code.google.com by mathieu....@gmail.com on 28 Oct 2010 at 8:57

GoogleCodeExporter commented 8 years ago
This only can happen if you call verify() twice. You really should not do that, 
as you noticed yourself.

You can call verifyExtended() instead. it will return the user_id and the 
consumer_key. Hope that helps :)

Original comment by brunobg%...@gtempaccount.com on 28 Oct 2010 at 4:15