note: all arguments are optional, provided you've set them using the
other helper functions.
public function post($endpoint, $params = null)
{
$client = new OAuthSimple($this->consumerKey, $this->consumerSecret);
$request = $client->sign(array('action' => 'POST', 'path' => $this->constructEndpoint($endpoint), 'parameters' => $params, 'signatures' => array('consumer_key' => $this->consumerKey, 'consumer_secret' => $this->consumerSecret, 'access_token' => $this->token, 'access_secret' => $this->tokenSecret)));
$ch = curl_init($request['signed_url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
$resp = curl_exec($ch);
curl_close($ch);
return $resp;
}
protected function oauth_signed_url($url)
{
$signed_url = null;
try {
$oauthObject = new OAuthSimple($this->shared_oauth_token, $this->shared_oauth_secret);
$res = $oauthObject->sign(array('path' => $url, 'signatures' => array('access_token' => $this->user_oauth_token, 'access_secret' => $this->user_oauth_secret)));
$signed_url = $res['signed_url'];
} catch (Exception $e) {
$signed_url = null;
}
return $signed_url;
}
public function post($endpoint, $params = null)
{
$ch = curl_init($this->constructEndpoint($endpoint, true));
if (!empty($this->consumerKey)) {
$client = new OAuthSimple($this->consumerKey, $this->consumerSecret);
$request = $client->sign(array('action' => 'POST', 'path' => $this->constructEndpoint($endpoint), 'version' => '1.0a', 'parameters' => $params, 'signatures' => array('consumer_key' => $this->consumerKey, 'consumer_secret' => $this->consumerSecret, 'access_token' => $this->token, 'access_secret' => $this->tokenSecret)));
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: {$request['header']}"));
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
if (!empty($params)) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
}
$resp = curl_exec($ch);
curl_close($ch);
return $resp;
}
public function processData($data)
{
$data = array("data" => $data);
$app_key = $this->app_key;
$app_secret = $this->app_secret;
$oauth = new OAuthSimple();
$result = $oauth->sign(array("path" => "http://beta.snowshoestamp.com/api/v2/stamp", "parameters" => $data, "action" => "POST", "signatures" => array("consumer_key" => $app_key, "shared_secret" => $app_secret)));
$header = $oauth->getHeaderString();
$ch = curl_init($result['signed_url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: " . $header));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
$return = curl_exec($ch);
$curlError = curl_error($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
return $return;
}
private function createRequestContext($url, $method, &$content = null, $oauth_token = -1)
{
if ($oauth_token === -1) {
$oauth_token = $this->accessToken;
}
$method = strtoupper($method);
$http_context = array('method' => $method, 'header' => '');
$oauth = new OAuthSimple($this->consumerToken['t'], $this->consumerToken['s']);
if (empty($oauth_token) && !empty($this->accessToken)) {
$oauth_token = $this->accessToken;
}
if (!empty($oauth_token)) {
$oauth->setParameters(array('oauth_token' => $oauth_token['t']));
$oauth->signatures(array('oauth_secret' => $oauth_token['s']));
}
if (!empty($content)) {
$post_vars = $method != "PUT" && preg_match("/^[a-z][a-z0-9_]*=/i", substr($content, 0, 32));
$http_context['header'] .= "Content-Length: " . strlen($content) . "\r\n";
$http_context['header'] .= "Content-Type: application/" . ($post_vars ? "x-www-form-urlencoded" : "octet-stream") . "\r\n";
$http_context['content'] =& $content;
if ($method == "POST" && $post_vars) {
$oauth->setParameters($content);
}
} elseif ($method == "POST") {
// make sure that content-length is always set when post request (otherwise some wrappers fail!)
$http_context['content'] = "";
$http_context['header'] .= "Content-Length: 0\r\n";
}
// check for query vars in url and add them to oauth parameters (and remove from path)
$path = $url;
$query = strrchr($url, '?');
if (!empty($query)) {
$oauth->setParameters(substr($query, 1));
$path = substr($url, 0, -strlen($query));
}
$signed = $oauth->sign(array('action' => $method, 'path' => $path));
//print_r($signed);
$http_context['header'] .= "Authorization: " . $signed['header'] . "\r\n";
return $this->useCurl ? $this->createCurl($url, $http_context) : stream_context_create(array('http' => $http_context));
}
$options[CURLOPT_SSLKEY] = BASE_PATH . '/certs/entrust-private.pem';
$signatures = array('consumer_key' => 'MWSAN8S5AAFPMMNBV3DQIEWH4TM9FE', 'shared_secret' => 's', 'rsa_private_key' => BASE_PATH . '/certs/rq-partner-app-2-privatekey.pem', 'rsa_public_key' => BASE_PATH . '/certs/rq-partner-app-2-publickey.cer');
$xro_settings = $xro_partner_mac_defaults;
break;
}
// bypass if we have an active session
session_start();
if ($_SESSION && $_REQUEST['start'] == 1) {
$signatures['oauth_token'] = $_SESSION['access_token'];
$signatures['oauth_secret'] = $_SESSION['access_token_secret'];
$signatures['oauth_session_handle'] = $_SESSION['oauth_session_handle'];
//////////////////////////////////////////////////////////////////////
if (!empty($_REQUEST['endpoint'])) {
// Example Xero API Access:
$oauthObject->reset();
$result = $oauthObject->sign(array('path' => $xro_settings['xero_url'] . '/' . $_REQUEST['endpoint'] . '/', 'parameters' => array('oauth_signature_method' => $xro_settings['signature_method']), 'signatures' => $signatures));
$ch = curl_init();
curl_setopt_array($ch, $options);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
curl_close($ch);
parse_str($r, $returned_items);
$oauth_problem = $returned_items['oauth_problem'];
if ($oauth_problem) {
session_destroy();
}
echo 'CURL RESULT: <textarea cols="160" rows="40">' . $r . '</textarea><br/>';
}
// Example Xero API AccessToken swap:
if (!empty($_REQUEST['action'])) {
$oauthObject->reset();
var_dump($auth0->getIdToken());
?>
<br/>
<?php
require_once 'OAuthSimple.php';
$oauthObject = new OAuthSimple();
// The oauth credentials takes information from the configured application and information of the user, that
// we get from auth0
$signatures = array('consumer_key' => $fitbit_cfg['consumer_key'], 'shared_secret' => $fitbit_cfg['consumer_secret'], 'oauth_secret' => $fitbitIdentity['access_token_secret'], 'oauth_token' => $fitbitIdentity['access_token']);
// Url to the fitbit API to get the logged in user activities for the 26 of march of 2014
$url = 'https://api.fitbit.com/1/user/' . $fitbitIdentity['user_id'] . '/activities/date/2014-03-26.json';
// Sign the url with the oauth credentials
$result = $oauthObject->sign(array('path' => $url, 'signatures' => $signatures));
// We create the HTTP call with the Authorization header
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: ' . $result['header']));
//TODO: don't use this option in production. (see: http://stackoverflow.com/questions/6400300/php-curl-https-causing-exception-ssl-certificate-problem-verify-that-the-ca-cer)
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
// Make the call and interpret the result (we are not checking for errors here)
$response = curl_exec($ch);
if ($response === FALSE) {
die(curl_error($ch));
}
$r = json_decode($response);
?>
<h1>Fitbit result</h1>
private function composeVariables($api_url, $request_vars)
{
$auth_object = new OAuthSimple($this->configs->consumer_key, $this->configs->shared_key);
$request = $auth_object->sign(array('path' => $api_url, 'parameters' => $request_vars, 'signatures' => array('consumer_key' => $this->configs->consumer_key, 'shared_secret' => $this->configs->shared_key)));
return $request['signed_url'];
}
<?php
// Craptastic UNIT test for PHP OAuthSimple
require 'OAuthSimple.php';
$path = 'http://example.com/test';
$static_nonce = 'abcd123';
$static_time = 1234567890;
$signatures = array('consumer_key' => 'test_key', 'shared_secret' => 'test_secret', 'oauth_token' => 'access_key', 'oauth_secret' => 'access_secret');
$parameters = array('fruit' => 'bananas are <Awe+some!>', 'number' => 42, 'oauth_nonce' => $static_nonce, 'oauth_timestamp' => $static_time);
$oauth = new OAuthSimple();
$results = $oauth->sign(array('path' => $path, 'parameters' => $parameters, 'signatures' => $signatures));
// ====
$expected = array('fruit' => 'bananas are <Awe+some!>', 'number' => 42, 'oauth_nonce' => $static_nonce, 'oauth_timestamp' => $static_time, 'oauth_consumer_key' => $signatures['consumer_key'], 'oauth_token' => $signatures['oauth_token'], 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_version' => 1.0, 'oauth_signature' => 'IkTXsl3d/FV7uOY0p9CFFCxpdyQ=');
if ($results['parameters'] != $expected) {
print_r($results['parameters']);
throw new OAuthSimpleException("Failure: incorrect parameters returned");
}
// ====
$expected = "IkTXsl3d%2FFV7uOY0p9CFFCxpdyQ%3D";
if ($results['signature'] != $expected) {
print $results['signature'] . "\n{$expected}\n";
throw new OAuthSimpleException("Failure: incorrect signature returned");
}
// ====
$expected = "http://example.com/test?fruit=bananas%20are%20%3CAwe%2Bsome%21%3E&number=42&oauth_consumer_key=test_key&oauth_nonce=abcd123&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1234567890&oauth_token=access_key&oauth_version=1.0&oauth_signature=IkTXsl3d/FV7uOY0p9CFFCxpdyQ=";
if ($results['signed_url'] != $expected) {
print $results['signed_url'] . "\n{$expected}\n";
throw new OAuthSimpleException("Failure: Invalid signed URL returned");
}
// ====
$expected = 'OAuth oauth_nonce="abcd123", oauth_timestamp="1234567890", oauth_consumer_key="test_key", oauth_token="access_key", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="IkTXsl3d%2FFV7uOY0p9CFFCxpdyQ%3D"';
/**
* Обертка для отправки подписанного запроса через curl
*
* @param $url
* @param string $method
* @param array $data - POST данные
* @param $opts - доп. параметры для curl
* @return mixed
*/
public function doCurl($url, $method = "POST", $data = array(), $opts = array())
{
$ch = curl_init($url);
$opts += array(CURLOPT_RETURNTRANSFER => 1, CURLOPT_HEADER => 0, CURLOPT_SSL_VERIFYPEER => 0, CURLOPT_SSL_VERIFYHOST => 0);
if ($method == "POST") {
$opts[CURLOPT_POST] = TRUE;
$opts[CURLOPT_POSTFIELDS] = http_build_query($data);
}
$oauth = new OAuthSimple($this->app_key, $this->app_secret);
if (!$this->request_token && $this->token) {
$this->request_token = $this->token;
}
if ($this->request_token) {
$oauth->setParameters(array('oauth_token' => $this->request_token['oauth_token']));
$oauth->signatures(array('oauth_secret' => $this->request_token['oauth_token_secret']));
}
if ($method == "POST" && count($data)) {
$oauth->setParameters(http_build_query($data));
}
$path = $url;
$query = strrchr($url, '?');
if (!empty($query)) {
$oauth->setParameters(substr($query, 1));
$path = substr($url, 0, -strlen($query));
}
$signed = $oauth->sign(array('action' => $method, 'path' => $path));
$opts[CURLOPT_HTTPHEADER][] = "Authorization: " . $signed['header'];
if ($method == "PUT") {
$opts[CURLOPT_CUSTOMREQUEST] = "PUT";
}
curl_setopt_array($ch, $opts);
$result = curl_exec($ch);
return $result;
}
$argumentsAsString = "term=mac%20and+me&expand=formats,synopsis&max_results=1";
// or a hash:
$argumentsAsObject = array('term' => 'the prisoner', 'expand' => 'formats,synopsis', 'max_results' => '1', 'v' => '2.0', 'output' => 'json');
$path = "http://api.netflix.com/catalog/titles";
# Test 1 ====
$oauth = new OAuthSimple($apiKey, $sharedSecret);
$oauth->setParameters($argumentsAsString);
$oauth->setPath($path);
$sample1Results = $oauth->sign();
# Test 2 =====
$oauth = null;
$oauth = new OAuthSimple($apiKey, $sharedSecret);
$sample2Results = $oauth->sign(array('action' => 'GET', 'path' => $path, 'parameters' => $argumentsAsObject));
# Test 3 ======
$oauth = new OAuthSimple();
$sample3Results = $oauth->sign(array('path' => 'http://api.netflix.com/catalog/people', 'parameters' => array('term' => 'Harrison Ford', 'max_results' => '5'), 'signatures' => array('consumer_key' => $apiKey, 'shared_secret' => $sharedSecret, 'access_token' => $accessToken, 'access_secret' => $tokenSecret)));
?>
<html>
<head>
<title>Test Document</title>
</head>
<body>
<h1>Test Document</h1>
<ol>
<li><a href="<?php
print $sample1Results['signed_url'];
?>
">First Link</a><br />
</li>
<li><a href="<?php
print $sample2Results['signed_url'];
function createRequestContext($url, $method, &$content, $oauth_token = -1)
{
if ($oauth_token === -1) {
$oauth_token = $this->accessToken;
}
$http_context = array('method' => $method, 'header' => '');
$oauth = new OAuthSimple($this->consumerToken['t'], $this->consumerToken['s']);
if (empty($oauth_token) && !empty($this->accessToken)) {
$oauth_token = $this->accessToken;
}
if (!empty($oauth_token)) {
$oauth->setParameters(array('oauth_token' => $oauth_token['t']));
$oauth->signatures(array('oauth_secret' => $oauth_token['s']));
}
if (!empty($content)) {
$post_vars = $method == "POST" && preg_match("/^[a-z][a-z0-9_]*=/i", substr($content, 0, 32));
$http_context['header'] .= "Content-Length: " . strlen($content) . "\r\n";
$http_context['header'] .= "Content-Type: application/" . ($post_vars ? "x-www-form-urlencoded" : "octet-stream") . "\r\n";
$http_context['content'] =& $content;
if ($post_vars) {
$oauth->setParameters($content);
}
}
// check for query vars in url and add them to oauth parameters
$query = strrchr($url, '?');
if (!empty($query)) {
$oauth->setParameters(substr($query, 1));
}
$signed = $oauth->sign(array('action' => $method, 'path' => $url));
$http_context['header'] .= "Authorization: " . $signed['header'] . "\r\n";
//echo "<br><br>SBS: $signed[sbs]<br><br>";
//print_r($http_context);
return stream_context_create(array('http' => $http_context));
}
//$scope = 'http://www.discogs.com/oauth/authorize';
require 'oauth.php';
$oauthObject = new OAuthSimple();
$scope = 'http://api.discogs.com';
if (isset($_GET['clean'])) {
$_SESSION['state'] = 0;
}
$signatures = array('consumer_key' => $consumer_key, 'shared_secret' => $consumer_secret);
if (!isset($_SESSION['state'])) {
$_SESSION['state'] = 1;
}
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) && $_SESSION['state'] == 1) {
$_SESSION['state'] = 0;
}
if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
$result = $oauthObject->sign(array('path' => 'http://api.discogs.com/oauth/request_token', 'parameters' => array('scope' => $scope, 'oauth_callback' => 'http://lollookup.com'), 'signatures' => $signatures));
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, 'discogs_api_example/1.1 +http://lollookup.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
curl_close($ch);
// Then we parse the string for the request token and the matching token secret.
parse_str($r, $returned_items);
$request_token = $returned_items['oauth_token'];
$_SESSION['secret'] = $request_token_secret = $returned_items['oauth_token_secret'];
$_SESSION['state'] = 1;
$result = $oauthObject->sign(array('path' => 'http://www.discogs.com/oauth/authorize', 'parameters' => array('oauth_token' => $request_token), 'signatures' => $signatures));
header("Location:{$result['signed_url']}");
//header('Location: '.$authurl.'?oauth_token='.$request_token_info['oauth_token']);
exit;
/**
* Test Signature
*
* @return boolean - if signature matches
*/
protected function _testSignature()
{
//Prep parameters
$params = $this->parameters;
unset($params["oauth_signature"]);
$oauth = new \OAuthSimple($this->key, $this->secret);
$results = $oauth->sign(array('action' => $this->action, 'path' => $this->path, 'parameters' => $params));
//Test signature
return $this->parameters["oauth_signature"] === urldecode($results["signature"]);
}
/**
NICK woz ere...
*/
$uid = $db->get_row("SELECT id,tw_at FROM user WHERE tw_at = \"{$access_token}\" ");
if (!$uid) {
// new user
// Hook up with twitter....
define("TWITTER_OAUTH_HOST", "https://api.twitter.com");
define("TWITTER_ACCOUNT_API", TWITTER_OAUTH_HOST . "/account/verify_credentials.json");
$signatures = array('consumer_key' => TWITTER_CONSUMER_KEY, 'shared_secret' => TWITTER_CONSUMER_SECRET);
// Get rocking with oAuth.
$oauthObject = new OAuthSimple();
$signatures['oauth_token'] = $access_token;
$signatures['oauth_secret'] = $access_token_secret;
$oauthObject->reset();
$result = $oauthObject->sign(array('path' => TWITTER_ACCOUNT_API, 'signatures' => $signatures));
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
curl_close($ch);
$twdata = file_get_contents($result[signed_url]);
// fetch data
$twdata = json_decode($twdata);
// decode_data.
$twdata = serialize($twdata);
// serialise for mysql
$twdata = $db->escape($twdata);
$db->query("INSERT INTO user (id, tw_at, tw_sec, tw_account) VALUES (NULL,\"{$access_token}\",\"{$access_token_secret}\", \"{$twdata}\")");
$uid = $db->insert_id;
} else {
$uid = $uid->id;
}
// Set Cookies to identify user
<?php
include 'OAuthSimple.php';
$oauthObject = new OAuthSimple();
global $signatures, $gsis_parameters;
if (isset($_COOKIE['access_token'])) {
// We have done it before
header("Location:" . URL);
} else {
// In step 3, a verifier will be submitted. If it's not there, we must be
// just starting out. Let's do step 1 then.
if (!isset($_GET['oauth_verifier'])) {
///////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
// Step 1: Get a Request Token
//
$result = $oauthObject->sign(array('path' => $gsis_parameters['request-token-url'], 'parameters' => array('oauth_callback' => $gsis_parameters['app-path'], 'oauth_signature_method' => $gsis_parameters['signature-method']), 'signatures' => $signatures));
// The above object generates a simple URL that includes a signature, the
// needed parameters, and the web page that will handle our request. I now
// "load" that web page into a string variable.
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
curl_close($ch);
// We parse the string for the request token and the matching token
// secret. Again, I'm not handling any errors and just plough ahead
// assuming everything is hunky dory.
parse_str($r, $returned_items);
$request_token = $returned_items['oauth_token'];
$request_token_secret = $returned_items['oauth_token_secret'];
// We will need the request token and secret after the authorization.
private function composeVariables($api_url, $request_vars = array())
{
$signatures = array('consumer_key' => $this->configs->consumer_key, 'shared_secret' => $this->configs->shared_key);
// Add secret codes for user
if (isset($this->configs->oauth_token) && isset($this->configs->oauth_token_secret)) {
$signatures['access_token'] = $this->configs->oauth_token;
$signatures['access_secret'] = $this->configs->oauth_token_secret;
}
$auth_object = new OAuthSimple($this->configs->consumer_key, $this->configs->shared_key);
$request = $auth_object->sign(array('path' => $api_url, 'parameters' => $request_vars, 'signatures' => $signatures));
return $request['signed_url'];
}
<?php
require_once 'config.php';
require_once "class.aggcatauth.php";
IntuitAggCatHelpers::GetOAuthTokens(&$oauth_token, &$oauth_token_secret);
$signatures = array('consumer_key' => OAUTH_CONSUMER_KEY, 'shared_secret' => OAUTH_SHARED_SECRET, 'oauth_token' => $oauth_token, 'oauth_secret' => $oauth_token_secret);
//
// This HTTP GET to Intuit Agg & Cat RESTful APIs is based on the "institutions" endpoint
// described here:
//
// https://ipp.developer.intuit.com/index.php?title=0010_Intuit_Partner_Platform/0020_Aggregation_%26_Categorization_Apps/AggCat_API/0020_API_Documentation/0010Institutions
//
$oauthObject = new OAuthSimple();
$oauthObject->reset();
$result = $oauthObject->sign(array('path' => FINANCIAL_FEED_URL . 'v1/institutions', 'parameters' => array('oauth_signature_method' => 'HMAC-SHA1', 'Host' => FINANCIAL_FEED_HOST), 'signatures' => $signatures));
$options = array();
$options[CURLOPT_VERBOSE] = 1;
$options[CURLOPT_RETURNTRANSFER] = 1;
$ch = curl_init();
curl_setopt_array($ch, $options);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
curl_close($ch);
parse_str($r, $returned_items);
//
// Load Response Body into a SimpleXML object
//
$ResponseXML = substr($r, strpos($r, "<" . "?xml"));
$xmlObj = simplexml_load_string($ResponseXML);
//
// Simple output to visually confirm that everything went well...
/**
* buildRequestUrl
* Parse arguments sent to the rest function. Might be extended in future for callbacks.
*
* @param string $method
* @param string $path
* @param array $data
* @return string
*/
public function buildRequestUrl($method, $path, $data)
{
$url = "{$this->baseUrl}{$path}";
// If we're using oauth, account for it
if ($this->canOauth()) {
$oauth = new OAuthSimple($this->consumer_key, $this->shared_secret);
$oauth->setTokensAndSecrets(array('access_token' => $this->token, 'access_secret' => $this->oauth_secret))->setParameters($data);
$request = $oauth->sign(array('path' => $url));
return $request['signed_url'];
} else {
// These methods require the data appended to the URL
if (in_array($method, array('GET', 'DELETE', 'DEL')) && !empty($data)) {
$url .= '?' . http_build_query($data, '', '&');
}
return $url;
}
}
// Fill in your API key/consumer key you received when you registered your
// application with Google.
$signatures = array('consumer_key' => 'example.com', 'shared_secret' => 'example_secret');
// In step 3, a verifier will be submitted. If it's not there, we must be
// just starting out. Let's do step 1 then.
if (!isset($_GET['oauth_verifier'])) {
///////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
// Step 1: Get a Request Token
//
// Get a temporary request token to facilitate the user authorization
// in step 2. We make a request to the OAuthGetRequestToken endpoint,
// submitting the scope of the access we need (in this case, all the
// user's calendars) and also tell Google where to go once the token
// authorization on their side is finished.
//
$result = $oauthObject->sign(array('path' => 'https://www.google.com/accounts/OAuthGetRequestToken', 'parameters' => array('scope' => 'http://www.google.com/calendar/feeds/', 'oauth_callback' => 'http://bitbutton.com/oauthsimple/example.php'), 'signatures' => $signatures));
// The above object generates a simple URL that includes a signature, the
// needed parameters, and the web page that will handle our request. I now
// "load" that web page into a string variable.
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
curl_close($ch);
// We parse the string for the request token and the matching token
// secret. Again, I'm not handling any errors and just plough ahead
// assuming everything is hunky dory.
parse_str($r, $returned_items);
$request_token = $returned_items['oauth_token'];
$request_token_secret = $returned_items['oauth_token_secret'];
// We will need the request token and secret after the authorization.
/**
* Make an HTTP request using this library.
* This method doesn't return anything.
* Instead the response should be inspected directly.
*
* @param string $method
* the HTTP method being used. e.g. POST, GET, HEAD etc
* @param string $url
* the request URL without query string parameters
* @param array $params
* the request parameters as an array of key=value pairs
* @param string $format
* the format of the response. Default json. Set to an empty string to exclude the format
*
*/
function request($method, $url, $params = array(), $xml = "", $format = 'xml')
{
// removed these as function parameters for now
$useauth = true;
$multipart = false;
$this->headers = array();
if (isset($format)) {
switch ($format) {
case "pdf":
$this->headers['Accept'] = 'application/pdf';
break;
case "json":
$this->headers['Accept'] = 'application/json';
break;
case "xml":
default:
$this->headers['Accept'] = 'application/xml';
break;
}
}
if (isset($params['If-Modified-Since'])) {
$modDate = "If-Modified-Since: " . $params['If-Modified-Since'];
$this->headers['If-Modified-Since'] = $params['If-Modified-Since'];
}
if ($xml !== "") {
$xml = trim($xml);
$this->xml = $xml;
}
if ($method == "POST") {
$params['xml'] = $xml;
}
$this->prepare_method($method);
$this->config['multipart'] = $multipart;
$this->url = $url;
$oauthObject = new OAuthSimple();
try {
$this->sign = $oauthObject->sign(array('path' => $url, 'action' => $method, 'parameters' => array_merge($params, array('oauth_signature_method' => $this->config['signature_method'])), 'signatures' => $this->config));
} catch (Exception $e) {
$errorMessage = 'XeroOAuth::request() ' . $e->getMessage();
$this->response['response'] = $errorMessage;
$this->response['helper'] = $url;
return $this->response;
}
$this->format = $format;
$curlRequest = $this->curlit();
if ($this->response['code'] == 401 && isset($this->config['session_handle'])) {
if (strpos($this->response['response'], "oauth_problem=token_expired") !== false) {
$this->response['helper'] = "TokenExpired";
} else {
$this->response['helper'] = "TokenFatal";
}
}
if ($this->response['code'] == 403) {
$errorMessage = "It looks like your Xero Entrust cert issued by Xero is either invalid or has expired. See http://developer.xero.com/api-overview/http-response-codes/#403 for more";
// default IIS page isn't informative, a little swap
$this->response['response'] = $errorMessage;
$this->response['helper'] = "SetupIssue";
}
if ($this->response['code'] == 0) {
$errorMessage = "It looks like your Xero Entrust cert issued by Xero is either invalid or has expired. See http://developer.xero.com/api-overview/http-response-codes/#403 for more";
$this->response['response'] = $errorMessage;
$this->response['helper'] = "SetupIssue";
}
return $this->response;
}
public function validate_openid_credentials()
{
$openid = new \LightOpenID();
// Make sure we have something going on
if (!$openid->mode) {
return null;
}
if (!$openid->validate()) {
return false;
}
// Find the oauth namespace
$prefix = 'openid_' . substr(array_search('http://specs.openid.net/extensions/oauth/1.0', $openid->data), strlen('openid_ns_')) . '_';
// Check for oauth request token
if (isset($openid->data[$prefix . 'request_token'])) {
$oauth = new \OAuthSimple(\Config::get('gascap.oauth_consumer_key'), \Config::get('gascap.oauth_consumer_secret'));
$result = $oauth->sign(array('path' => \Config::get('gascap.oauth_url_get_access_token'), 'parameters' => array('oauth_token' => $openid->data[$prefix . 'request_token'], 'signatures' => array('consumer_key' => \Config::get('gascap.oauth_consumer_key'), 'shared_secret' => \Config::get('gascap.oauth_consumer_secrety'), 'access_token' => $openid->data[$prefix . 'request_token']))));
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
// Check for success
if (curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200) {
die('Request for access token wasn\'t successful. (' . $r . ')');
}
// Grab the access token and secret
preg_match('/oauth_token=(.*)&oauth_token_secret=(.*)/', $r, $matches);
if (count($matches) != 3) {
die('Invalid response for access token and secret');
}
list(, $oauth_token, $oauth_token_secret) = $matches;
$oauth_data = array('oauth_token' => $access_token, 'oauth_token_secret' => $token_secret);
}
return array_merge(isset($oauth_data) ? $oauth_data : array(), array('email' => $openid->data['openid_ext1_value_contact_email'], 'identity' => $openid->data['openid_identity']));
}