function get_oauth_access_token($consumer_data, $request_token, $request_token_secret) { global $sfn_root; $oauth_req = new HTTP_Request_OAuth($sfn_root . 'api/access_token', array('consumer_key' => $consumer_data['key'], 'consumer_secret' => $consumer_data['secret'], 'token' => $request_token, 'token_secret' => $request_token_secret, 'signature_method' => 'HMAC-SHA1', 'method' => 'GET')); $resp = $oauth_req->sendRequest(true, true); list($token, $secret) = $oauth_req->getResponseTokenSecret(); return array($token, $secret); }
/** * Sign this here request. * * @param boolean $authHeader Where to put the signature: * true means Authorization HTTP header, * false means CGI query params. */ function sign($authHeader = false) { $oauth_parameters = $this->oauth_parameters(); // get any and all existing oauth_* params out of POST, GET foreach ($oauth_parameters as $key => $value) { $this->_url->removeQueryString($key); unset($this->_postData[$key]); } // get a callback reference to the proper function for adding new oauth_* params // function should accept two arguments: key, value $parameter_adder = in_array($this->_requestHeaders['content-type'], array('application/x-www-form-urlencoded', 'multipart/form-data')) ? array(&$this, 'addPostData') : array(&$this->_url, 'addQueryString'); // for later normalizing $parameters_to_normalize = array(); // add new oauth_* parameters if they're not supposed to be in a header foreach ($oauth_parameters as $key => $value) { if ($key != 'oauth_signature') { if ($key != 'oauth_token' || $value) { if (!$authHeader) { call_user_func($parameter_adder, $key, $value); } // these will later need to be normalized, and are expected to be urlencoded $parameters_to_normalize[$key] = urlencode($value); } } } // the master list of parameters to normalize, order matters $parameters_to_normalize = array_merge($this->_url->querystring, $this->_postData, $parameters_to_normalize); $normalized_params_string = $this->oauth_parametersToString($parameters_to_normalize); $signature_parts = array($this->_method, $this->oauth_requestURL(), $normalized_params_string); $signed_string = join('&', array_map('urlencode', $signature_parts)); $oauth_parameters['oauth_signature'] = $this->signature_method == 'md5' ? HTTP_Request_OAuth::_md5($signed_string, $this->_consumer_secret, $this->_token_secret) : $this->signature_method == 'HMAC-SHA1' ? HTTP_Request_OAuth::_sha1($signed_string, $this->_consumer_secret, $this->_token_secret) : die('unknown signature method'); if ($authHeader) { // oauth_* params go into the Authorization request header $authorization_header = "OAuth "; $i = 0; if ($this->_realm) { $authorization_header .= "realm=\"{$this->_realm}\""; $i++; } foreach ($oauth_parameters as $key => $value) { # BLAH just want to join a list with ", " if ($key != 'oauth_token' || $value) { if ($i++ > 0) { $authorization_header .= ", "; } $value = urlencode($value); $authorization_header .= "{$key}=\"{$value}\""; } } $this->addHeader('Authorization', $authorization_header); } else { // oauth_* params go into the request body or URL, see above call_user_func($parameter_adder, 'oauth_signature', $oauth_parameters['oauth_signature']); } // for testing, or whatever - wildly insecure: /* $this->addHeader('X-Oauth-Params', $normalized_params_string); $this->addHeader('X-Oauth-String', $signed_string); $this->addHeader('X-Oauth-URL', $this->_url->getURL()); */ }