function get_oauth_access_token($consumer_data, $request_token, $request_token_secret)
{
global $sfn_root;
$oauth_req = new HTTP_Request_OAuth($sfn_root . 'api/access_token', array('consumer_key' => $consumer_data['key'], 'consumer_secret' => $consumer_data['secret'], 'token' => $request_token, 'token_secret' => $request_token_secret, 'signature_method' => 'HMAC-SHA1', 'method' => 'GET'));
$resp = $oauth_req->sendRequest(true, true);
list($token, $secret) = $oauth_req->getResponseTokenSecret();
return array($token, $secret);
}
/**
* Sign this here request.
*
* @param boolean $authHeader Where to put the signature:
* true means Authorization HTTP header,
* false means CGI query params.
*/
function sign($authHeader = false)
{
$oauth_parameters = $this->oauth_parameters();
// get any and all existing oauth_* params out of POST, GET
foreach ($oauth_parameters as $key => $value) {
$this->_url->removeQueryString($key);
unset($this->_postData[$key]);
}
// get a callback reference to the proper function for adding new oauth_* params
// function should accept two arguments: key, value
$parameter_adder = in_array($this->_requestHeaders['content-type'], array('application/x-www-form-urlencoded', 'multipart/form-data')) ? array(&$this, 'addPostData') : array(&$this->_url, 'addQueryString');
// for later normalizing
$parameters_to_normalize = array();
// add new oauth_* parameters if they're not supposed to be in a header
foreach ($oauth_parameters as $key => $value) {
if ($key != 'oauth_signature') {
if ($key != 'oauth_token' || $value) {
if (!$authHeader) {
call_user_func($parameter_adder, $key, $value);
}
// these will later need to be normalized, and are expected to be urlencoded
$parameters_to_normalize[$key] = urlencode($value);
}
}
}
// the master list of parameters to normalize, order matters
$parameters_to_normalize = array_merge($this->_url->querystring, $this->_postData, $parameters_to_normalize);
$normalized_params_string = $this->oauth_parametersToString($parameters_to_normalize);
$signature_parts = array($this->_method, $this->oauth_requestURL(), $normalized_params_string);
$signed_string = join('&', array_map('urlencode', $signature_parts));
$oauth_parameters['oauth_signature'] = $this->signature_method == 'md5' ? HTTP_Request_OAuth::_md5($signed_string, $this->_consumer_secret, $this->_token_secret) : $this->signature_method == 'HMAC-SHA1' ? HTTP_Request_OAuth::_sha1($signed_string, $this->_consumer_secret, $this->_token_secret) : die('unknown signature method');
if ($authHeader) {
// oauth_* params go into the Authorization request header
$authorization_header = "OAuth ";
$i = 0;
if ($this->_realm) {
$authorization_header .= "realm=\"{$this->_realm}\"";
$i++;
}
foreach ($oauth_parameters as $key => $value) {
# BLAH just want to join a list with ", "
if ($key != 'oauth_token' || $value) {
if ($i++ > 0) {
$authorization_header .= ", ";
}
$value = urlencode($value);
$authorization_header .= "{$key}=\"{$value}\"";
}
}
$this->addHeader('Authorization', $authorization_header);
} else {
// oauth_* params go into the request body or URL, see above
call_user_func($parameter_adder, 'oauth_signature', $oauth_parameters['oauth_signature']);
}
// for testing, or whatever - wildly insecure:
/*
$this->addHeader('X-Oauth-Params', $normalized_params_string);
$this->addHeader('X-Oauth-String', $signed_string);
$this->addHeader('X-Oauth-URL', $this->_url->getURL());
*/
}
