The correct OAuth Authorization header is determined from the request params
and then set in the $request['header']['Authorization'] param of the request
array before passing it back to HttpSocket::request() to send the request and
parse the response.
So to trigger OAuth, add $request['auth']['method'] = 'OAuth' to your
request. In addition, you'll need to add your consumer key in the
$request['auth']['oauth_consumer_key'] and your consumer secret in the
$request['auth']['oauth_consumer_secret'] param. These are given to you by
the OAuth provider. And once you have them, $request['auth']['oauth_token']
and $request['auth']['oauth_token_secret'] params. Your OAuth provider may
require you to send additional params too. Include them in the
$request['auth'] array and they'll be passed on in the Authorization header
and considered when signing the request.
/**
* Request API and process responce
*
* @param array $params
* @param bool $is_process
* @return mixed
*/
protected function _request($params, $is_process = true)
{
$this->_setupCache();
if ($this->_cacheable($params) && !$this->config['refresh_cache']) {
// get Cache, only GET method
$response = Cache::read($this->_getCacheKey($params), $this->configKeyName);
}
if (empty($response)) {
$response = $this->Http->request($params)->body;
if ($this->_cacheable($params)) {
// save Cache, only GET method
$cache = Cache::write($this->_getCacheKey($params), $response, $this->configKeyName);
$this->config['refresh_cache'] = false;
}
}
if ($is_process) {
$response = json_decode($response, true);
}
// -- error logging
if ($is_process && !empty($response['error'])) {
$this->log($response['error'] . "\n" . print_r($params, true), LOG_DEBUG);
}
return $response;
}
/**
* The third stage of the OAuth Dance. Gets OAuth Access Token
* and OAuth Access Token Secret.
*
* @param string $oAuthConsumerKey
* @param string $oAuthConsumerSecret
* @param string $oAuthRequestToken
* @param string $oAuthRequestTokenSecret
* @param string $oAuthVerifier
* @return array Array containing keys token and token_secret
*/
public function getOAuthAccessToken($oAuthConsumerKey, $oAuthConsumerSecret, $oAuthRequestToken, $oAuthRequestTokenSecret, $oAuthVerifier)
{
$this->_getMap();
$request = Set::merge($this->_oAuthRequestDefaults, array('uri' => array('host' => $this->_map['hosts']['oauth'], 'path' => $this->_map['oauth']['access']), 'auth' => array('oauth_consumer_key' => $oAuthConsumerKey, 'oauth_consumer_secret' => $oAuthConsumerSecret, 'oauth_token' => $oAuthRequestToken, 'oauth_token_secret' => $oAuthRequestTokenSecret, 'oauth_verifier' => $oAuthVerifier)));
App::uses('HttpSocketOauth', 'HttpSocketOauth.Lib');
$Http = new HttpSocketOauth();
$response = $Http->request($request);
if ($Http->response['status']['code'] != 200) {
return false;
}
parse_str($response, $accessToken);
return $accessToken;
}
/**
* Same as above for OAuth v2.0
*
* @param string $oAuthConsumerKey
* @param string $oAuthConsumerSecret
* @param string $oAuthCode
* @return array Array containing keys token and token_secret
* @author Dean Sofer
*/
public function getOAuthAccessTokenV2($oAuthConsumerKey, $oAuthConsumerSecret, $oAuthCode)
{
$this->_getMap();
$request = Set::merge($this->_oAuthRequestDefaults, array('uri' => array('host' => $this->_map['hosts']['oauth'], 'path' => $this->_map['oauth']['access']), 'method' => 'POST', 'body' => array('client_id' => $oAuthConsumerKey, 'client_secret' => $oAuthConsumerSecret, 'code' => $oAuthCode)));
App::uses('HttpSocketOauth', 'HttpSocketOauth.Lib');
$Http = new HttpSocketOauth();
$response = $Http->request($request);
if ($Http->response['status']['code'] != 200) {
return false;
}
parse_str($response, $accessToken);
return $accessToken;
}
/**
* The third stage of the OAuth Dance with Twitter. Gets OAuth Access Token
* and OAuth Access Token Secret from Twitter.
*
* @param string $oAuthConsumerKey
* @param string $oAuthConsumerSecret
* @param string $oAuthRequestToken
* @param string $oAuthRequestTokenSecret
* @param string $oAuthVerifier
* @return array Array containing keys oauth_token and oauth__token_secret
*/
public function getOAuthAccessToken($oAuthConsumerKey, $oAuthConsumerSecret, $oAuthRequestToken, $oAuthRequestTokenSecret, $oAuthVerifier)
{
$request = Set::merge($this->_oAuthRequestDefaults, array('uri' => array('path' => 'oauth/access_token'), 'auth' => array('oauth_consumer_key' => $oAuthConsumerKey, 'oauth_consumer_secret' => $oAuthConsumerSecret, 'oauth_token' => $oAuthRequestToken, 'oauth_token_secret' => $oAuthRequestTokenSecret, 'oauth_verifier' => $oAuthVerifier)));
App::import('Vendor', 'HttpSocketOauth');
$Http = new HttpSocketOauth();
$response = $Http->request($request);
if ($Http->response['status']['code'] != 200) {
return false;
}
parse_str($response, $accessToken);
return $accessToken;
}
/**
* Gets OAuth access token and secret from Google and then redirects user to
* the URL in returnTo sent to getOAuthRequestToken().
*
* @param string $dataSourceName The name of the datasource for which you want
* to get an OAuth token.
* @param boolean $autoRedirect Whether to redirect back automatically. Set
* to false if you want to handle the redirect manually after some more post-
* processing (e.g. saving the token and secret in the database permanently).
* @return array containing 'redirect', 'oauth_token'& 'oauth_token_secret' in
* case you want to store the token and secret in the database and hande the
* redirect separately.
*/
public function getOAuthAccessToken($dataSourceName, $autoRedirect = true)
{
$this->_dataSourceName = $dataSourceName;
$dataSource = $this->_getDataSource();
// Construct the request
$request = Set::merge($this->_oAuthRequestDefaults, array('uri' => array('path' => '/accounts/OAuthGetAccessToken'), 'auth' => array('method' => 'OAuth', 'oauth_consumer_key' => $dataSource->config['oauth_consumer_key'], 'oauth_consumer_secret' => $dataSource->config['oauth_consumer_secret'], 'oauth_token' => $this->Session->read('Gdata.Auth.' . $this->_dataSourceName . '.oauth_request_token'), 'oauth_token_secret' => $this->Session->read('Gdata.Auth.' . $this->_dataSourceName . '.oauth_request_token_secret'), 'oauth_verifier' => $this->controller->params['url']['oauth_verifier'])));
App::import('Vendor', 'HttpSocketOauth');
$HttpSocketOauth = new HttpSocketOauth();
$response = $HttpSocketOauth->request($request);
if ($HttpSocketOauth->response['status']['code'] != 200) {
$this->Session->write('Gdata.Auth.' . $this->_dataSourceName . '.error', __('Could not get access token. Response for get access token was not OK.', true));
$this->controller->redirect($this->Session->read('Gdata.Auth.' . $this->_dataSourceName . '.return_to'));
}
parse_str($response, $response);
// Add the access token and secret to the session
$this->Session->write('Gdata.Auth.' . $this->_dataSourceName . '.oauth_token', $response['oauth_token']);
$this->Session->write('Gdata.Auth.' . $this->_dataSourceName . '.oauth_token_secret', $response['oauth_token_secret']);
// The user is now logged in so next time we check isAuthorized we'll return
// true and just before that, copy the oauth access token and secret to the
// datasource config.
$this->_setLoggedIn();
if ($autoRedirect) {
$this->controller->redirect($this->Session->read('Gdata.Auth.' . $this->_dataSourceName . '.return_to'));
}
return array('redirect' => $this->Session->read('Gdata.Auth.' . $this->_dataSourceName . '.return_to'), 'oauth_token' => $response['oauth_token'], 'oauth_token_secret' => $response['oauth_token_secret']);
}