|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59228 no HTTP POST for getRequestToken
Submitted: 2010-05-24 09:49 UTC Modified: 2010-05-25 03:00 UTC
From: scottsweep at yahoo dot com Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5.3.0 OS: Linux
Private report: No CVE-ID: None
 [2010-05-24 09:49 UTC] scottsweep at yahoo dot com
Line 1950 in oauth.c looks like the code for calling getRequestToken(). Unfortunately it only allows for HTTP GET. The OAuth spec recommends a using an HTTP POST  section 6.1. I ran into this issue trying to get a token on Digg where they require it to be an HTTP POST (, other clients, such as Twitter and LinkedIn are perfectly okay using the HTTP GET. Would it be possible to give the method another optional parameter that allows the caller to specify the HTTP method?

Reproduce code:
$oauthc = new OAuth('[digg_consumer_key]', '[digg_consumer_secret]', OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_FORM); //using OAUTH_AUTH_TYPE_AUTHORIZATION also fails
        // this eventually times out with 'making the request failed (server returned nothing (no headers, no data))'
        $request_token = $oauthc->getRequestToken('','[your callback url]');                     

Expected result:
expected a request_token to be returned

Actual result:
making the request failed (server returned nothing (no headers, no data))


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-05-24 10:25 UTC]
Please enable debug before the request:


and print it after your request:


Btw, it doesn't just allow for HTTP GET .. if you look closer, the constant is wrapped inside another call ;-)

Since Authorization also doesn't seem to work, my guess is that somehow the request parameters are not in order.
 [2010-05-24 11:52 UTC]
I tested the Digg API.  Here is the debug:

    [sbs] => 
    [headers_sent] => POST /1.0/endpoint?method=oauth.getRequestToken HTTP/1.1
Accept: */*
Content-Length: 222
Content-Type: application/x-www-form-urlencoded
    [body_sent] => oauth_consumer_key=adead53a463a5eb7f4f19e18dcd3078b&oauth_signature_method=HMAC-
    [info] => About to connect() to port 80 (#0)
  Trying connected
Connected to ( port 80 (#0)
Closing connection #0
Failure when receiving data from the peer

Not quite sure why it isn't working.  We are sending a proper POST request.  The Content-Length is correct.  The body data is correctly signed, but 
nothing comes back.  No debug or anything.  Looks like a Digg problem from here.
 [2010-05-25 03:00 UTC]
Please refer to bug 17534.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Jun 03 22:03:41 2023 UTC