php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59228 no HTTP POST for getRequestToken
Submitted: 2010-05-24 09:49 UTC Modified: 2010-05-25 03:00 UTC
From: scottsweep at yahoo dot com Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5.3.0 OS: Linux
Private report: No CVE-ID: None
 [2010-05-24 09:49 UTC] scottsweep at yahoo dot com
Description:
------------
Line 1950 in oauth.c looks like the code for calling getRequestToken(). Unfortunately it only allows for HTTP GET. The OAuth spec recommends a using an HTTP POST  http://oauth.net/core/1.0/#auth_step1  section 6.1. I ran into this issue trying to get a token on Digg where they require it to be an HTTP POST (http://services.digg.com/1.0/endpoint?method=oauth.getRequestToken), other clients, such as Twitter and LinkedIn are perfectly okay using the HTTP GET. Would it be possible to give the method another optional parameter that allows the caller to specify the HTTP method?

Reproduce code:
---------------
$oauthc = new OAuth('[digg_consumer_key]', '[digg_consumer_secret]', OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_FORM); //using OAUTH_AUTH_TYPE_AUTHORIZATION also fails
        $oauthc->setNonce(rand());
        // this eventually times out with 'making the request failed (server returned nothing (no headers, no data))'
        $request_token = $oauthc->getRequestToken('http://services.digg.com/1.0/endpoint?method=oauth.getRequestToken','[your callback url]');                     

Expected result:
----------------
expected a request_token to be returned

Actual result:
--------------
making the request failed (server returned nothing (no headers, no data))

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-05-24 10:25 UTC] datibbaw@php.net
Please enable debug before the request:

$oauthc->enableDebug(true);

and print it after your request:

print_r($oauthc->debugInfo);

Btw, it doesn't just allow for HTTP GET .. if you look closer, the constant is wrapped inside another call ;-)

Since Authorization also doesn't seem to work, my guess is that somehow the request parameters are not in order.
 [2010-05-24 11:52 UTC] rasmus@php.net
I tested the Digg API.  Here is the debug:


    [sbs] => 
POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint&method%3Doauth.getRequestToken%26oauth_consumer_key%3Dadead53a463a5eb7f4f19e18dcd3078b%26oauth_nonc
e%3D10600479654bfa9ded9153d8.47650596%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274715629%26oauth_version%3D1.0
    [headers_sent] => POST /1.0/endpoint?method=oauth.getRequestToken HTTP/1.1
Host: services.digg.com
Accept: */*
Content-Length: 222
Content-Type: application/x-www-form-urlencoded
    [body_sent] => oauth_consumer_key=adead53a463a5eb7f4f19e18dcd3078b&oauth_signature_method=HMAC-
SHA1&oauth_nonce=10600479654bfa9ded9153d8.47650596&oauth_timestamp=1274715629&oauth_version=1.0&oauth_signature=AHTGoVVVS5OxeybLibBPKdKfCx4%3D
    [info] => About to connect() to services.digg.com port 80 (#0)
  Trying 64.191.203.26... connected
Connected to services.digg.com (64.191.203.26) port 80 (#0)
Closing connection #0
Failure when receiving data from the peer

Not quite sure why it isn't working.  We are sending a proper POST request.  The Content-Length is correct.  The body data is correctly signed, but 
nothing comes back.  No debug or anything.  Looks like a Digg problem from here.
 [2010-05-25 03:00 UTC] jawed@php.net
Please refer to bug 17534.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 16 23:03:39 2021 UTC