/** * oauth_signature is set to the concatenated encoded values of the Consumer Secret and * Token Secret, separated by a '&' character (ASCII code 38), even if either secret is * empty. The result MUST be encoded again. * * Please note that the second encoding MUST NOT happen in the SignatureMethod, as * OAuthRequest handles this! * * {@inheritdoc} */ public function buildSignature($baseString, OAuth\Consumer $consumer, OAuth\Token $token = NULL) { $keyParts = [$consumer->getSecret(), $token ? $token->getSecret() : ""]; $keyParts = Utils\Url::urlEncodeRFC3986($keyParts); $key = implode('&', $keyParts); return $key; }
/** * {@inheritdoc} */ public function getSignableParameters() { // Grab all parameters $params = $this->getParameters(); // Remove oauth_signature if present // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.") if (isset($params['oauth_signature'])) { unset($params['oauth_signature']); } return OAuth\Utils\Url::buildHttpQuery($params); }
/** * Sign current request * * @param Signature\SignatureMethod $method * * @return $this */ public function signRequest(Signature\SignatureMethod $method) { $this->url->setQueryParameter('oauth_signature_method', $method->getName()); $signature = $method->buildSignature($this->getSignatureBaseString(), $this->consumer, $this->token); $this->url->setQueryParameter('oauth_signature', $signature); $parameters = $this->getParameters(); ksort($parameters, SORT_STRING); $authHeader = NULL; foreach ($parameters as $key => $value) { if (in_array($key, $this->oauthHeader)) { $authHeader .= ' ' . $key . '="' . OAuth\Utils\Url::urlEncodeRFC3986($value) . '",'; // Remove oauth from query parameter $this->url->setQueryParameter($key, NULL); } } if ($authHeader !== NULL) { $this->headers['Authorization'] = 'OAuth ' . trim(rtrim($authHeader, ',')); } return $this; }
/** * {@inheritdoc} */ public function buildSignature($baseString, OAuth\Consumer $consumer, OAuth\Token $token = NULL) { $keyParts = [Utils\Url::urlEncodeRFC3986($consumer->getSecret()), Utils\Url::urlEncodeRFC3986($token ? $token->getSecret() : '')]; $key = implode('&', Utils\Url::urlEncodeRFC3986($keyParts)); return base64_encode(hash_hmac('sha1', $baseString, $key, TRUE)); }