[oauth-php-discuss] Re: Comment on ServerHowTo in oauth-php
oaut...@googlecode.com
I am attempting to authorise a client using code based on the code above.
I am using the MySQL store, but due to reasons I won't go into I need to
use a prior initialised store.
The server and request verifier however will always create and initialise a
standard mysql datastore as part of their constructors. This prevents you
using a pre-initialised mysql datastore (or for that matter, any other
datastore) unless I modify the library code to allow this (can do, would
prefer not to).
Before I did this I'd like to check whether I was missing something...?
For more information:
http://code.google.com/p/oauth-php/wiki/ServerHowTo
oaut...@googlecode.com
no, you can pass the connection:
OAuthStore::instance('MySQL', array(
'conn' => $yourDBConnection
));
oaut...@googlecode.com
> Thx, but lets say i´ve set the "osr_application_type" to eighter "mobile
> application" or "browser", how can i tell the OAuthServer not to redirect
> if
> the osr_application_type is "mobile apllication"?
I know this is almost two-month old, the answer, it's an application issue
- its responsibility, to provide certain level of filtering for such
restriction.
oaut...@googlecode.com
oaut...@googlecode.com
Hi, I'm trying to get twolegged OAuth to work against my OAuth server. My
first confusion is that in twoleggedtest.php, the url being accessed is
the 'request_token' endpoint:
$key = 'key'; // fill with your public key
$secret = 'secret'; // fill with your secret key
$url = "http://term.ie/oauth/example/request_token.php"; // fill with the
url for the oauth service
Is that correct? Can it not be set directly to
a '$server->verifyIfSigned()' wrapped page on my server?
So when I do change the url in the example to go directly to my page I can
only get that page to work if I call '$server->verifyIfSigned(false)', ie.
a token_type of false.
In this way i'm not able to call the same page in both normal three legged
and two legged!?
Has anyone got this to work? I am quite certain I might be just not
understanding the twolegged use correctly of course :-)
Thanks.
oaut...@googlecode.com
Hello All,
I have made some changes in this great library and added Oracle store.
There is ready Oracle SPs and db schema based on this MySQL store.
I would like to share that with you for more Improvement, so please let me
know how can I contribute with all of you?
Regards
Vinaykant
oaut...@googlecode.com
In OAuthServer.php I found some errors typo.
line 209
{{{
$verififer = null;
}}}
should be
{{{
$verifier = null;
}}}
Great lib. Good work.
oaut...@googlecode.com
@vinaykant.sahu Yes, please send us! Open a new issue and post your patch
there. I can grant you write access to the SVN if necessary.
@vlada.petrovic: Thanks a lot for the notice, already fixed! But please
prefer to open an issue to report bugs next time.
oaut...@googlecode.com
Hello All,
When I try to get an request token, I always get an error like this:
OAuth Verification Failed: Timestamp is out of sequence. Request rejected.
Got 1282506942 last max is 2147483647 allowed skew is 600
with date() I get the correct time and date. So it seems like and integer
overflow.
I would be very happy if you could help me.
Paul Trippett
What code are you using to make the request?
oaut...@googlecode.com
hey i have use the library from here and developed an OAuth service
provider with a simple client on kohanaPHP framework, i wish to share with
you guys but i got no svn to comit, since i am using windows and i am not
use to using SVN. but i will fine a way to host it for others to. i did
some modification but you will. any suggestions on how to add an api on the
oauth service now will be help to me since i am just learning and wish to
share with others
oaut...@googlecode.com
@ebot.tabi: please create a new issue and post your code there. I'll add it
to the SVN.
oaut...@googlecode.com
@brun ok thanks i will create a new issue and post my codes then
oaut...@googlecode.com
I really like this library vs. other ones I have found since it has a great
mechanism for storing OAuth credentials. Has anyone out there made a patch
to bring support up to OAuth 1.0a or does anyone know what the status of
this planned support is? Good job on the library in any case.
oaut...@googlecode.com
Great Library! Things work out of the box. I wanted to sign the request
for a twolegged one. Anyone tried this? If so, how?
oaut...@googlecode.com
A very useful library!! I am facing a small hiccup! When I run the
twolegged.php and try to access hello.php in server, I get this error!
ExceptionRequest failed with code 401: OAuth Verification Failed: The
consumer_key "c76f224ae0ea41eaf76a6d26350e1cdd04caa5ffe"
token "0952088aa9b54cae5646dc142ade86a704cab4d96" combination does not
exist or is not enabled
What should I be checking to make it work fine?
oaut...@googlecode.com
Hi, any new informations about xauth?
Enno
oaut...@googlecode.com
Hi Guys, thank you for your great work!
I am using your library, I updated your code in order to use the callback
stored into the oauth_server_registry table;
In particular I have:
1) modified OAuthStoreSQL.php at getConsumerRequestToken function; my code:
{{{
public function getConsumerRequestToken ( $token )
{
$rs = $this->query_row_assoc('
SELECT ost_token as token,
ost_token_secret as token_secret,
osr_consumer_key as consumer_key,
osr_consumer_secret as consumer_secret,
ost_token_type as token_type,
ost_callback_url as callback_url,
osr_application_title as application_title,
osr_application_descr as application_descr,
osr_application_uri as application_uri,
osr_callback_uri as default_callback_uri
FROM oauth_server_token
JOIN oauth_server_registry
ON ost_osr_id_ref = osr_id
WHERE ost_token_type = \'request\'
AND ost_token = \'%s\'
AND ost_token_ttl >= NOW()
', $token);
return $rs;
}
}}}
The modify must be done in your store if you want use my approach
2) I modified the authorizeVerify function in OAuthServer.php in order to
check the default callback uri:
{{{
$cb = $this->getParam('oauth_callback', true);
if ($cb){
$this->session->set('verify_oauth_callback', $cb);
}else if ($rs['default_callback_uri'] != null &&
$rs['default_callback_uri'] != ''){
$this->session->set('verify_oauth_callback',
$rs['default_callback_uri']);
} else {
$this->session->set('verify_oauth_callback', $rs['callback_url']);
}
}}}
In this way people can store a default callback uri and use that.
What do you think about?
Maurizio
http://www.maurizioconventi.com
oaut...@googlecode.com
Hi, im new using this library. Really great work!
im having problems accessing to protected resources in a 3legged
consumer-server app (I have Access tokens) ¿Is there a example or a How to?
I suposed that doRequest() is the way to do this but cant understand how to
use it. Thanks.
oaut...@googlecode.com
oaut...@googlecode.com
I am very new to OAuth. I shall describe the use case I want to try, and
somebody kindly tell if that is possible, and if so, point to some
reference for implementation.
I have a php server side site, running Apache2, which uses the httpasswd
for access. Currently every user has an email id and a password (from
us). Is it possible, if these users have a gmail id, they can be
authenticated using their gmail id instead of using the current site
specific password. Of course since everybody may not even eventually have
a gmail id, this need to coexist with the current htpassword
authentication. That is if a user can be authenticated by either method,
access will be granted. It is not a store, there is really no transaction,
other than just login for access to members.
Thank you for your help!
oaut...@googlecode.com
oaut...@googlecode.com
I am using the Most recent release available for download for Server and
have implemented it.
But as Here mentioned in "OOB" section that you will be redirected to
http://oob/?oauth_token=xxxxxxxxxxxxxxx&oauth_verifier=xxxxxxxxxxxx but its
not like that
You will not be redirected as per the implementation from recent build.
So i have made changes to my OAuthServer.php to print the
"verifier" in response to OOB calls like PIN: xxxxxx, so that it can be
entered to client app/mobile app not supporting browser and still will be
able to get access_tokens based on that PIN.
I guesss Twitter and Yahoo may have implemented in that way.
So i did it!
cheers,
nEosAg
oaut...@googlecode.com
@ChackoNeroth
Please read this:
http://code.google.com/googleapps/domain/sso/openid_reference_implementation.html
for using Google Single Sign On OpenID API...
oaut...@googlecode.com
Here's a quick method to have your server try both 2-legged and 3-legged
authentication:
{{{
function _valid_request() {
// At the start of every request handled by your application you can
check if the request contains OAuth authorization information.
if (OAuthRequestVerifier::requestIsSigned())
{
try
{
$req = new OAuthRequestVerifier();
$user_id = $req->verify();
}
catch (OAuthException2 $e)
{
// The request was signed, but failed 3-legged verification, try
2-legged
try
{
$req = new OAuthRequestVerifier();
$extended_info = $req->verifyExtended(false);
$user_id = $extended_info['osr_id']);
}
catch (OAuthException2 $e)
{
// The request was signed, but failed both 2-legged and 3-legged
verification
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: OAuth realm=""');
header('Content-Type: text/plain; charset=utf8');
echo $e->getMessage();
exit();
}
}
// If we have an user_id, then login as that user (for this request)
if ($user_id)
{
// **** Add your own code here ****
return $user_id;
}
}
return FALSE;
oaut...@googlecode.com
Any way to turn off the AuthStore? I'd like to handle this on my own.
Awesome library, but I'm running into a roadblock with sql errors and I'd
like to store the data in my own table (users).
oaut...@googlecode.com
please change code in example :
catch (OAuthException $e)
to
catch (OAuthException2 $e)
oaut...@googlecode.com
Okay, as I understand this, whenever a client/consumer sends a user to my
API to register, it creates a unique entry that holds both client and user.
But I want to set up my API the way Twitter does: namely, a dev has to
register their client/consumer first, are given an API key, and then a
unique token is generated for each user who uses their client.
Is there an easy way to do this, or am I going to have to rewrite a bunch
of SQL code here to make this work?
oaut...@googlecode.com
Hi
I m using this library for a REST based API authentication. I have a
problem about hello.php.
It initializes OAuthServer without any parameters. But with "$params" array
it reads oauth parameters.
So dont we need to pass request header parameters to OAuthserver? Am I
wrong?
Thanks
kasun
oaut...@googlecode.com
Hi all,
I have problems to validate the signature.
The script pass the request_token and authorize step, but fail on
access_token.
I put here the result when I call: $request = new
OAuthRequester($access_url, "GET", $param);
OAuthRequester Object
(
[files:protected] =>
[request:protected] =>
[store:protected] => OAuthStore2Leg Object
(
[consumer_key:protected] =>
6d6f2ef888d18e54048abd01f06568d204e3fce3d
[consumer_secret:protected] => 1b113c90815192e504ceef86aefc9394
[signature_method:protected] => Array
(
[0] => HMAC-SHA1
)
[token_type:protected] =>
)
[usr_id:protected] => 0
[signed:OAuthRequestSigner:private] =>
[realm:protected] =>
[param:protected] => Array
(
[a] => access_token
[oauth_token] => 4cf297bb223e8b951541550f8876496d04e40f64e
[oauth_verifier] => d1ee59e20a
)
[uri_parts:protected] => Array
(
[scheme] => http
[host] => localhost
[path] => /oauthtest/oauth.php
[query] => a=access_token
[port] => 80
[user] =>
[pass] =>
[fragment] =>
)
[uri:protected] => http://localhost/oauthtest/oauth.php?a=access_token
[headers:protected] => Array
(
[Accept] =>
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Accept-Charset] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
[Accept-Encoding] => gzip, deflate
[Accept-Language] => pt-pt,pt;q=0.8,en;q=0.5,en-us;q=0.3
[Connection] => keep-alive
[Cookie] => PHPSESSID=k4p2902tv0ksatltkrtbb98tf0
[Host] => localhost
[User-Agent] => Mozilla/5.0 (Windows NT 6.1; rv:5.0)
Gecko/20100101 Firefox/5.0
)
[method:protected] => GET
[body:protected] =>
)
AND the error I get:
Error : Request failed with code 401: OAuth Verification Failed:
Verification of signature failed (signature base string
was "GET&http%3A%2F%2Flocalhost%2Foauthtest%2Foauth.php&a%3Daccess_token%26oauth_consumer_key%3D6d6f2ef888d18e54048abd01f06568d204e3fce3d%26oauth_nonce%3D4e40f64eef9c8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1312880206%26oauth_token%3D4cf297bb223e8b951541550f8876496d04e40f64e%26oauth_verifier%3Dd1ee59e20a%26oauth_version%3D1.0").
with Array (
[0] => 1b113c90815192e504ceef86aefc9394
[1] => 7c9e7b65f1f344c001f7063afc487a18
[2] => request
)
Can anyone help me resolve this issue?
Other situation, I test the script on my computer, a
Windows+Apache+MySQL+PHP enviroment, but I will put the script on a Windows
Server+IIS7+MySQL+PHP, this script run on this configuration?
Best Regards,
LB
oaut...@googlecode.com
oaut...@googlecode.com
*Including user_id on the access_token response*
We've be playing with this great code but one thing we wanted to add was
the user_id to the access_token response ( like twitter does for example )
because you need to know against which user account to store the
credentials. Unless the API you're dealing with provides a simple url that
allows you to fetch the 'authenticated users' credentials you're a bit
stuck - either way that's possibly a superflous request.
Our solution is as follows and posted here for anyone else having the same
problem.
In the *OAuthServer.php* class; the *accessToken()* function calls the
*verifer();*. The response to that call is the user_id... but it's
discarded. Therefore edit the first line of code to read:
{{{
$user_id = $this->verify('request');
}}}
Then further down in the method, after we've compiled all the other bits of
the return string, simply add the following:
{{{
if (!empty($user_id)){
$result .= '&user_id='.$this->urlencode($user_id);
}
}}}
Job done.
Very interested to know if anyone says it's bad behaviour to provide this
information at this juncture. As I say twitter does it so that would make
it pretty common behaviour.
Hope this helps someone.
Jimbo
oaut...@googlecode.com
Thats weird, I've had/got the same error message as
luisbati...@domdigital.com from above.
What "solved" the issue for me was to give the arguments to the arguments
to the url in the same order as reported by the "signature base string" in
the error message. That error message had the first two arguments (my
custom arguments) in the url swapped.
I did the same in the actual request and the signature error was gone.
Is there anything ordered in the list of arguments? Any way to avoid that?
Thanks,
Thomas
oaut...@googlecode.com
Ok, maybe I found it.
getNormalizedParams has a line:
ksort($params);
which, well, sorts the params by key.
So the signature for checking is generated on ordered params in the url
while the signature delivered from the app is generated on the order the
params are given in => mismatch.
Therefore the question is:
Is that ksort in any way needed or required?
oaut...@googlecode.com
Please help.
I got a message from login screen
"You must install php5-oauth to use this class"???
though I am using PHP 5.2 (goDaddy host).
What am I missing and how to fix this,
Appreciate your help.
Thanks
Jason.
oaut...@googlecode.com
How can i install this on my server.I dont know how to set env variable
there.
oaut...@googlecode.com
$user_id = 3;
// Request parameters are oauth_token, consumer_key and usr_id.
$consumer_key = "45fd7a0c11640a04859ccc3d5ec0ae2004efd7c78";
$oauth_token = $_GET['oauth_token'];
try {
OAuthRequester::requestAccessToken($consumer_key, $oauth_token,$user_id);
//'POST', $_GET
} catch (OAuthException $e) {
// Something wrong with the oauth_token.
// Could be:
// 1. Was already ok
// 2. We were not authorized
}
Fatal error: Uncaught exception 'OAuthException2' with message 'The
server "http://auth.service.com/access_token.php" did not return the
oauth_token or the oauth_token_secret' in
D:\AppServ\www\demo\oauth-php\library\OAuthRequester.php:281 Stack trace:
#0 D:\AppServ\www\demo\test.php(14):
OAuthRequester::requestAccessToken('45fd7a0c11640a0...', '595e0ee21c8aa09...',
3, 'POST', Array) #1 {main} thrown in
D:\AppServ\www\demo\oauth-php\library\OAuthRequester.php on line 281
access_token.php
<?php
include_once 'oauth-php/library/OAuthServer.php';
$server = new OAuthServer();
$rs = $server->accessToken();
?>
server access_token.php error why?
oaut...@googlecode.com
Hi guys,
I don't quite get the concept of the user_id (partly due to confusing
comments in the example code).
So I understand the fact that a user gives permission to consumers to
access something. As I understand the user_id has to be passed to register
a consumer ( so a user has to be logged in, in order to allow a consumer to
register with the OAuth server?? ) Then when u authorize an unauth. request
token again u have to pass along the user_id... So is this something you
store per user in your server ( i.e. John Doe = user_id 6; Jane Doe =
user_id 88 ) I read somewhere this should be stored in session so I think
that's just to remember that john doe has logged in and you store his
user_id in the session....?
A little explanation or confirmation would help me sooo much !!!
Thx in advance, and nice framework !!
Jan
oaut...@googlecode.com
Hey guys,
is there any sample code on how to get this server to work with the
2-legged version of the Oauth Store?
The one that's included with the library just stores the consumer token and
secret.
How does one use this?
Thanks!
oaut...@googlecode.com
Hello,
i am confused with it. will anyone tell me from where i start? i need to
implement the three legged for Single Sign On.
please help,
Thanks
oaut...@googlecode.com
How do you set up all the files on a web page?
For more information:
https://code.google.com/p/oauth-php/wiki/ServerHowTo
oaut...@googlecode.com
How to revoke an access token?
I try to set the "ost_authorized" in the database from 1 to 0, but that
doesn't work...
Should I just delete the token entry from the database?
oaut...@googlecode.com
I am not able to understand why there 2 different modules like server and
consumer..
There are 2 tables in server and in consumer name as ***_token and
***_registry.
What is the need of nounce table.
I try to solve by both the example: Its more or less same Can somebody tell
me what is the significance of server and consumer. Can somebody give me
the application because If I want to use OAuth for my APIs access then,
there is no example how user will get blocked/access via access token?
I hope you understand the problem here.
Thank you :)
oaut...@googlecode.com
Hi guys, I've recently had a request to make OAuth Dance for Single Sign
On, so i was in a search for php libraries, and stumbled upon this one for
a service provider. I have to say I am very pleased with it, i've made some
minor changes in code (like providing my database credentials to OAuthStore
class as $options parameter , and some minor tweaks to my needs), and got a
better understanding of how the protocol works.
@aa...@cogilent.com - Since I am a newbie as well, to grasp better the
concept of an OAuth Dance, I used this library as the Server, and
jrconlin's as the Consumer: https://github.com/jrconlin/oauthsimple.
I don't know why i haven't used this project's Consumer library, i guess i
would blame it on the extensive consumption of beer. :-D
Anyway it is a great library, did the job for me, i will try to change the
consumer part to this project's consumer library.
I hope this bit of information helps someone in a need to create an oauth
service provider in a correlation to oauth consumer.
Cheers xD
oaut...@googlecode.com
I am new to this Oauth and i need assistance with it. After writing all
this pages above and i want to link up to another site for instance
facebook, when users enter their credentials to their facebook account how
can i draw up their friends list from that account
.
oaut...@googlecode.com
Hello, can anyone please tell me the demo for this project. i have set code
on local, now there is no error. but i dont know how can i check it ?
also tell me what is this ? if (empty($_SESSION['authorized']))
{}
oaut...@googlecode.com
The script what? Please explain to me, because I want in depth
http://wdfshare.blogspot.com