php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77296 411 Content Length Required on OAuth calls
Submitted: 2018-12-13 22:08 UTC Modified: 2018-12-13 22:09 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: jakechapa at gmail dot com Assigned:
Status: Open Package: oauth (PECL)
PHP Version: 7.0.33 OS: Ubuntu 16.04 LTS
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jakechapa at gmail dot com
New email:
PHP Version: OS:

 

 [2018-12-13 22:08 UTC] jakechapa at gmail dot com 
Description:
------------
It looks like some Oauth libraries (Etsy, Twitter, etc) are now requiring a "Content-Length" header for OAUTH requests. See here for the same bug on Twitter:
https://twittercommunity.com/t/411-length-required-for-https-api-twitter-com-oauth-request-token/1270

Here's my result on Etsy's API:

["headers_sent"]=>
  string(506) "POST /v2/oauth/request_token?scope=email_r+transactions_r+shops_rw HTTP/1.1
Host: openapi.etsy.com
User-Agent: PECL-OAuth/2.0.3-dev
Accept: */*
Authorization: OAuth oauth_callback="https%3A%2F%2F107736632647174.etsythemeshop.com%2Fcontroller%2Fadmin%2FWPSetup%2FonOAuthDone",oauth_consumer_key="emt8n1w5dda7qdq7vwypzlqe",oauth_signature_method="HMAC-SHA1",oauth_nonce="2867605115c12d6b5655634.83358354",oauth_timestamp="1544738485",oauth_version="1.0",oauth_signature="AS2eKK%2BE5bGGVIz7mf4dTUcdFFE%3D""
  
["headers_recv"]=>
  string(323) "HTTP/1.1 411 Length Required
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1564
Accept-Ranges: bytes
Date: Thu, 13 Dec 2018 22:01:25 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-dfw18623-DFW
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1544738485.449382,VS0,VE1"

Test script:
---------------
$this->oauth = $oauth = new OAuth($your['key'], $your['secret']);
$oauth->enableDebug();

// 411 error
$req_token = $oauth->getRequestToken($this->sy->base_url . "oauth/request_token?scope=" . urlencode($perms), $callback);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-13 22:09 UTC] jakechapa at gmail dot com 
Description:
------------
It looks like some Oauth libraries (Etsy, Twitter, etc) are now requiring a "Content-Length" header for OAUTH requests. See here for the same bug on Twitter:
https://twittercommunity.com/t/411-length-required-for-https-api-twitter-com-oauth-request-token/1270

Here's my result on Etsy's API:

["headers_sent"]=>
  string(506) "POST /v2/oauth/request_token?scope=email_r+transactions_r+shops_rw HTTP/1.1
Host: openapi.etsy.com
User-Agent: PECL-OAuth/2.0.3-dev
Accept: */*
Authorization: OAuth oauth_callback="https%3A%2F%2F107736632647174.etsythemeshop.com%2Fcontroller%2Fadmin%2FWPSetup%2FonOAuthDone",oauth_consumer_key="MY_KEY",oauth_signature_method="HMAC-SHA1",oauth_nonce="2867605115c12d6b5655634.83358354",oauth_timestamp="1544738485",oauth_version="1.0",oauth_signature="AS2eKK%2BE5bGGVIz7mf4dTUcdFFE%3D""
  
["headers_recv"]=>
  string(323) "HTTP/1.1 411 Length Required
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1564
Accept-Ranges: bytes
Date: Thu, 13 Dec 2018 22:01:25 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-dfw18623-DFW
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1544738485.449382,VS0,VE1"

Test script:
---------------
$this->oauth = $oauth = new OAuth($your['key'], $your['secret']);
$oauth->enableDebug();

// 411 error
$req_token = $oauth->getRequestToken($this->sy->base_url . "oauth/request_token?scope=" . urlencode($perms), $callback);
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 22 04:01:28 2024 UTC