Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parameter in Request Token step #1

Closed
GoogleCodeExporter opened this issue Mar 21, 2015 · 6 comments
Closed

Parameter in Request Token step #1

GoogleCodeExporter opened this issue Mar 21, 2015 · 6 comments
Labels
auto-migrated Priority-Medium Type-Enhancement

Comments

@GoogleCodeExporter
Copy link 

How can I add additional information to a request token?

The first step of the protocol allows a SP to add additional parameters (I
would like to add required_access=someaccessright) to the request. This
value should be then associated with a request token. 

I see no way how I can get a token before calling $server->requestToken(),
which itself exits before returning. My solution is to overwrite
$server->requestToken() and save the additional data in my own table.

Is there a better way to do this? Any chance something like this will make
it into future releases?

Thanks

Original issue reported on code.google.com by uwe...@gmail.com on 12 Jul 2008 at 4:33
@GoogleCodeExporter
Copy link
Author 

Hello uweiss,

Is it correct when I understand that you would like your service provider to:
- receive additional parameters when handling the request-token request
- save these received with the request-token.

I assume the $server->authorizeVerify() will then also need to return those 
extra parameters.  As will the 
$store->getConsumerRequestToken(), $store->getConsumerAccessToken().

Maybe we should also let the $consumer->requestRequestToken() add extra 
parameters to the outgoing 
request.

Any extra ideas?

- Marc

Original comment by ma...@pobox.com on 13 Jul 2008 at 6:05

  • Changed state: Accepted
  • Added labels: Type-Enhancement
  • Removed labels: Type-Defect

@GoogleCodeExporter
Copy link
Author 

hi Marc,

Yes and no. Handling and saving extra parameters is certainly an option from 
within
the library, but it is not really necessary. A user of the library can access 
these
parameters pretty well with $server->getParameter('param_name'). The problem I 
had
was actually associating this parameter with a token (or ost_id), which was not
possible when calling $s->requestToken(), because it exits. I rewrote that 
function
and inserted some of my own code for fetching the ost_id and saving the 
parameters in
my own parameter table, where I also save other things like expiration of the 
token
(which will be set by the user on the authorization step). It would be nice if
$s->requestToken() returned the ost_id. 

See http://proofile.org/apidoc/oauth for how I am using these parameters.

yes, $c->requestRequestToken() should be able to have parameters added (6.1.1 of
http://oauth.net/core/). Also, on a side note, a caller should be enabled to 
change
the http request method (GET, or anything else, instead of just POST). 

keep up the good work, I really like the library.
ueli

Original comment by uwe...@gmail.com on 14 Jul 2008 at 10:31

@GoogleCodeExporter
Copy link
Author 

Hi Ueli,

I propose to change OAuthServer::requestToken() so that it returns the new 
request_token, and does not call exit() anymore.  
OAuthRequester::requestRequestToken() will be changed to accept additional 
parameters and also an optional http request method.

In OAuthServer:

    /**
     * Handle the request_token request.
     * Returns the new request token and request token secret.
     * 
     * TODO: add correct result code to exception
     * 
     * @return string   returned request token, false on an error
     */
    public function requestToken ()


And in OAuthRequester:

    /**
     * Request a request token from the site belonging to consumer_key
     * 
     * @param string consumer_key
     * @param int usr_id
     * @param array params (optional) extra arguments for when requesting the request token
     * @param string method (optional) change the method of the request, defaults to POST (as it should be)
     * @exception OAuthException when no key could be fetched
     * @exception OAuthException when no server with consumer_key registered
     * @return array (authorize_uri, token)
     */
    static function requestRequestToken ( $consumer_key, $usr_id, $params = null, $method = 'POST' )


Would this help you and fix the problems you encountered?

- Marc

Original comment by ma...@pobox.com on 16 Jul 2008 at 3:52

@GoogleCodeExporter
Copy link
Author 

perfect, thanks marc!

Original comment by uwe...@gmail.com on 16 Jul 2008 at 4:10

@GoogleCodeExporter
Copy link
Author 

I committed the proposed changes.  
See revision 45.  

Also adapted the documentation for the OAuthServer

Original comment by ma...@pobox.com on 16 Jul 2008 at 4:25

@GoogleCodeExporter
Copy link
Author 

Will start testing.

Original comment by ma...@pobox.com on 16 Jul 2008 at 4:26

  • Changed state: Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter