Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean way for forcing oauth_verifier to be in Auth header #58

Closed
isleshocky77 opened this issue Jan 20, 2016 · 3 comments
Closed

Clean way for forcing oauth_verifier to be in Auth header #58

isleshocky77 opened this issue Jan 20, 2016 · 3 comments

Comments

@isleshocky77
Copy link

I'm using thephpleague/oauth1-client with an OAuth1 server which will only work if the oauth_verifier is present in the header instead of as a body parameter which is how it currently is implemented.

In order to get around this limitation and have this client work I implemented the following method in my Server file.

    /**
     * {@inheritDoc}
     */
    protected function protocolHeader($method, $uri, CredentialsInterface $credentials, array $bodyParameters = array())
    {
        $parameters = array_merge(
            $this->baseProtocolParameters(),
            $this->additionalProtocolParameters(),
            array(
                'oauth_token' => $credentials->getIdentifier(),
            )
        );

        /**
         * BEGIN: Modification to parent::protocolHeader()
         * Note: THE API will not accept oauth_verifier as a body parameter. It must be in the OAuth Authorization
         * header
         */
        if (isset($bodyParameters['oauth_verifier'])) {
            $parameters['oauth_verifier'] = $bodyParameters['oauth_verifier'];
            unset($bodyParameters['oauth_verifier']);
        }
        /**
         * END: Modification to parent::protocolHeader()
         */

        $this->signature->setCredentials($credentials);

        $parameters['oauth_signature'] = $this->signature->sign(
            $uri,
            array_merge($parameters, $bodyParameters),
            $method
        );

        return $this->normalizeProtocolParameters($parameters);
    }

I'm not enthused about this solution and was looking to see if there was a more elegant solution.

Note: With a little bit of a research I don't believe the spec states that it should or shouldn't be in the header or the body; however, some have stated that it makes more sense to have it in the header with the rest of the oauth_parameters.
@stevenmaguire
Copy link
Member

I ran into this issue as well and I've submitted a PR that addresses, but it is not "clean" and I am on the fence about the actual solution.

#50

@isleshocky77
Copy link
Author

@stevenmaguire I'm glad I'm not crazy and that other people have run into this issue. We can close this issue if that PR solves the problem. I can take a look at a later time.

@shoutershub
Copy link

I'm using thephpleague/oauth1-client with an OAuth1 server which will only work if the oauth_verifier is present in the header instead of as a body parameter which is how it currently is implemented.

In order to get around this limitation and have this client work I implemented the following method in my Server file.

    /**
     * {@inheritDoc}
     */
    protected function protocolHeader($method, $uri, CredentialsInterface $credentials, array $bodyParameters = array())
    {
        $parameters = array_merge(
            $this->baseProtocolParameters(),
            $this->additionalProtocolParameters(),
            array(
                'oauth_token' => $credentials->getIdentifier(),
            )
        );

        /**
         * BEGIN: Modification to parent::protocolHeader()
         * Note: THE API will not accept oauth_verifier as a body parameter. It must be in the OAuth Authorization
         * header
         */
        if (isset($bodyParameters['oauth_verifier'])) {
            $parameters['oauth_verifier'] = $bodyParameters['oauth_verifier'];
            unset($bodyParameters['oauth_verifier']);
        }
        /**
         * END: Modification to parent::protocolHeader()
         */

        $this->signature->setCredentials($credentials);

        $parameters['oauth_signature'] = $this->signature->sign(
            $uri,
            array_merge($parameters, $bodyParameters),
            $method
        );

        return $this->normalizeProtocolParameters($parameters);
    }

I'm not enthused about this solution and was looking to see if there was a more elegant solution.

Note: With a little bit of a research I don't believe the spec states that it should or shouldn't be in the header or the body; however, some have stated that it makes more sense to have it in the header with the rest of the oauth_parameters.

Holy molly, u just saved me 2days of research, i almost lost it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bencorlett @isleshocky77 @stevenmaguire @shoutershub