tofaruk / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

Request failed with code 401: Hello.php (example/server/www) -- test case #119

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hello !

First of all, Thanks for this great lib !
I hope that somebody here could help me.

What steps will reproduce the problem?
1. Downloaded the latest version of oauth-php (175)
2. Installed it with php 5.3/mysql 5.5 on a CENTOS OS
3. Created consumer key and secret with example/server/www/register.php
4. Create a 2-legged script auth :

include_once "../../../library/OAuthStore.php";
include_once "../../../library/OAuthRequester.php";

$key = 'ff8999defd1ed036642e1ce63bb093c704ed54103'; // fill with your public 
key 
$secret = 'a2a8e77174d5795f2d389cf53d37f73d'; // fill with your secret key
$url = "http://localhost/oauth/request_token"; // fill with the url for the 
oauth service

$options = array('consumer_key' => $key, 'consumer_secret' => $secret);
OAuthStore::instance("2Leg", $options);

$method = "GET";
$params = null;

try
{
    $request = new OAuthRequester($url, $method, $params);
    $result = $request->doRequest();
    $response = $result['body'];

var_dump($response);
echo "<br /><br /><br /><br />";
  parse_str($result['body'], $params);

        $r = new OAuthRequester("http://localhost/hello","GET",$params);
        $r2 = $r->doRequest();

}
catch(OAuthException2 $e)
{
    echo "Exception" . $e->getMessage();
}

What is the expected output? What do you see instead?

I expeted to see : 
Hello, world!
but instead :

string(154) 
"oauth_callback_confirmed=1&oauth_token=dc9f5ab00a4396e3f1b3df96a79304cd04ed5432
d&oauth_token_secret=5e0ee53485dd3bb8194d8def53b52e5d&xoauth_token_ttl=3600"

ExceptionRequest failed with code 401: OAuth Verification Failed: exception 
'OAuthException2' with message 'Verification of signature failed (signature 
base string was 
"GET&http%3A%2F%2Flocalhost%2Fhello&oauth_callback_confirmed%3D1%26oauth_consume
r_key%3Dff8999defd1ed036642e1ce63bb093c704ed54103%26oauth_nonce%3D4ed5432dc9323%
26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1322599213%26oauth_toke
n%3Ddc9f5ab00a4396e3f1b3df96a79304cd04ed5432d%26oauth_token_secret%3D5e0ee53485d
d3bb8194d8def53b52e5d%26oauth_version%3D1.0%26xoauth_token_ttl%3D3600"). with 
Array ( [0] => a2a8e77174d5795f2d389cf53d37f73d [1] => 
5e0ee53485dd3bb8194d8def53b52e5d [2] => request ) ' in 
/home/www/lib/oauth-php/library/OAuthRequestVerifier.php:184 Stack trace: #0 
/lib/oauth-php/library/OAuthRequestVerifier.php(135): 
OAuthRequestVerifier->verifyExtended('request') #1 
/lib/oauth-php/library/OAuthRequestVerifier.php(111): 
OAuthRequestVerifier->verify('request') #2 
/lib/oauth-php/example/server/www/hello.php(45): 
OAuthRequestVerifier->verifyIfSigned('request') #3 {main}

Please provide any additional information below.

I'm a noob with Oauth so I AM probably the problem.:) But if somebody have and 
idea about what happening here, it would be really appreciated.

Regards,

Jonathan F.

Original issue reported on code.google.com by jonathan...@gmail.com on 29 Nov 2011 at 8:51

GoogleCodeExporter commented 9 years ago
I figured out a solution yesterday, I need to set the verifyIfSigned 's 
argument as false in hello.php, in that way, it does not use the token, it just 
signs.Its working.
Go to the Library and change token_type='access' to token_type=false in 
function verifyIfSigned (arguments)..
Appreciate your reply!

Original comment by php.piyu...@gmail.com on 29 Feb 2012 at 12:37

GoogleCodeExporter commented 9 years ago
Hi,
I had the same problem. this works pretty well (thanks !). However I just will 
try if it still works with on 3legged mode.

Original comment by remithom...@gmail.com on 17 Apr 2012 at 8:51

GoogleCodeExporter commented 9 years ago
Hi, I am facing the same problem and your solution works pretty well, however I 
was wondering if its the correct way to do it? what is the root cause of this 
error? what does meaning of passing false to the verifyIfSigned() function ?

is it safe or is it bypassing check ?

Appreciate your inputs.

Original comment by sambha...@gmail.com on 27 Dec 2012 at 8:47