Create generic Server for access to basic signing processes

[stevenmaguire]

I have another project that currently includes the following method:

private function buildSignedUrl($unsigned_url)
{
        $token = $this->buildToken();
        $consumer = $this->buildConsumer();
        $signature_method = $this->getSignature();
        $oauthrequest = OAuthRequest::from_consumer_and_token(
            $consumer,
            $token,
            'GET',
            $unsigned_url
        );
        $oauthrequest->sign_request($signature_method, $consumer, $token);
        return $oauthrequest->to_url();
}

The OAuthRequest class and the implementations within the buildToken & buildConsumer & getSignature methods come from a basic OAuth toolkit.

The toolkit is outdated, poorly designed, and not tested; it is effective. I would prefer to use a modern package like thephpleague/oauth1-client to complete the task described above.

The use case for this implementation is tied to a OAuth service that does not permit an Authentication flow to obtain the TokenCredentials, instead they are issued to you via the account console. So, you need to provide all four pieces of information and sign the request before completing the transaction with the service. Very annoying.

Do you think it is worthwhile to explore a solution in the project? I am happy to put in the effort; I want to gauge the response before beginning.

[bencorlett]

So what you're talking about effectively is a generic way to interact with OAuth 1 providers?

If that's the case, I would strongly recommend using guzzle/guzzle with the guzzle/oauth-subscriber plugin/addon/subscriber. I use this myself in apps for making requests against Twitter, and use the OAuth 1 client for the logic of logging in. We @philsturgeon, @alexbilbie and I, when discussing the OAuth clients, had plans for keeping it lightweight and targeted at OAuth-only. @philsturgeon was actually planning on building a Twitter API client but that was abandoned.

Maybe they can weigh in here. I'm happy to take the package in the direction the community needs as well.

[stevenmaguire]

Yeah. Guzzle is a good idea. I will take a look at that as a course of research into the project inspiring the question.

[shadowhand]

@bencorlett could you provide an example of how this works?

[shadowhand]

I think #18 will go a long way towards resolving this. With that patch applied, I was able to create a trait with these methods:

public function post($url, array $body = [])
{
    $credentials = $this->getCredentials($this->getToken());
    $headers  = $this->client->getHeaders($credentials, 'POST', $url, $body);
    $request  = $this->client->createHttpClient()->post($url, $headers, $body)->send();
    $response = $request->getBody();
    return json_decode($response);
}

protected function getCredentials(array $token)
{
    $credentials = new TokenCredentials;
    $credentials->setIdentifier($token['identifier']);
    $credentials->setSecret($token['secret']);
    return $credentials;
}

I greatly prefer this to having to use the oauth-subscriber plugin, as it duplicates much of what oauth1-client already does.

[stevenmaguire]

The project that inspired the original post is now using Guzzle and the OAuth1 Subscriber plugin.

For the record, I like the PR @shadowhand is proposing. Since there is a request open, I will close this issue.