php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #59229 Add User-Agent header to requests
Submitted: 2010-05-25 01:55 UTC Modified: 2010-05-27 20:22 UTC
From: jeff at digg dot com Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5.2.4 OS:
Private report: No CVE-ID: None
 [2010-05-25 01:55 UTC] jeff at digg dot com
Description:
------------
Hellos, I have a simple feature request.  I'd like to be able 
to have a User-Agent header set on getRequestToken() and 
getAccessToken() calls.  I know you could do it manually via 
fetch(), but I think one set by default would be nice.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-05-25 01:57 UTC] rasmus@php.net
Is the lack of a UserAgent header what is causing the Digg API 
to just sit there and do nothing?
 [2010-05-25 02:06 UTC] jeff at digg dot com
It seems so. I am looking into it now.  I know we require it 
for all API requests.  (others give the proper error message 
when a User-Agent isn't supplied, but there seems to be a bug 
with this one)

Regarding the other issue. I am making the change to allow GET 
for request/access token requests.
 [2010-05-25 02:16 UTC] rasmus@php.net
pecl/oauth can send request_token requests with a POST quite 
nicely.  I don't see anything wrong with requiring a POST 
there, but yes, some decent error messages would be preferable 
to just hanging indefinitely when things go wrong.
 [2010-05-25 02:44 UTC] jawed@php.net
Tied to bug 17533.
 [2010-05-25 03:34 UTC] rasmus@php.net
I have added a user-agent now.  The Digg end-point no longer 
hangs, but I get an invalid signature now.  Would be cool if 
you guys would support the OAuth ProblemReporting extension 
and spew out what you are signing.
 [2010-05-25 09:04 UTC] datibbaw@php.net
I have an idea why this happens. It seems that the provider of Digg expects the full request token uri to be part of the SBS; this is wrong according to the specs:

9.1.2.  Construct Request URL
"The URL used in the Signature Base String MUST include the scheme, authority, and path, and MUST exclude the query and fragment"
 [2010-05-25 09:30 UTC] datibbaw@php.net
It's confirmed:

With an SBS like this, it works:
"POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint%3Fmethod%3Doauth.getRequestToken&oauth_consumer_key%3De2bf8b91c0439e0da94208d665e9791e%26oauth_nonce%3D950316369%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274794087%26oauth_version%3D1.0"

However, this is not according to the OAuth specs, and it should be fixed on Digg's side.
 [2010-05-27 20:07 UTC] datibbaw@php.net
Checked this morning and it seems to work okay now, without any changes to the code.

Seems that Digg made the fix? ;-)
 [2010-05-27 20:21 UTC] jeff at digg dot com
Correct, this is fixed on Digg's side now.  May I note that it 
would be nice to see a user-agent header added! :D
 [2010-05-27 20:22 UTC] rasmus@php.net
It was added a couple of days ago.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Sep 25 14:03:37 2021 UTC