function authenticate() { $db = $this->db; $provider = new OAuthProvider(); $provider->is2LeggedEndpoint(TRUE); $provider->consumerHandler(function ($provider) use($db) { $stmt = $db->prepare('SELECT consumerSecret FROM storageConsumers WHERE consumerKey = :key'); $stmt->bindParam(':key', $provider->consumer_key); $stmt->execute(); $row = $stmt->fetch(); if ($row === FALSE || empty($row)) { return OAUTH_CONSUMER_KEY_UNKNOWN; } $provider->consumer_secret = $row['consumerSecret']; return OAUTH_OK; }); $provider->timestampNonceHandler(function ($provider) { if ($provider->nonce == "bad") { return OAUTH_BAD_NONCE; } else { if ($provider->timestamp == "0") { return OAUTH_BAD_TIMESTAMP; } } return OAUTH_OK; }); $provider->checkOAuthRequest(); $this->consumerKey = $provider->consumer_key; }
<?php include 'common.inc.php'; try { $provider = new OAuthProvider($params); /* the endpoint which issues a request token is special, it doesn't take an oauth_token and hence there's no call to the tokenHandler() */ $provider->isRequestTokenEndpoint(true); /* OAuthProvider will call this callback with the $provider object as an argument, you can throw errors from that handler and set the $provider->consumer_key if all is good */ $provider->consumerHandler('lookupConsumer'); /* similar to consumerHandler, throw errors related to the timestamp/nonce in this callback */ $provider->timestampNonceHandler('timestampNonceChecker'); /* this is the meat of request authorization, the first argument is the URL of this endpoint as the outside world sees it * the optional second argument is the HTTP method, GET, POST, etc ... the provider will try to detect this via $_SERVER["REQUEST_METHOD"] (usually reliable) when it's not set */ $provider->checkOAuthRequest("http://localhost/request_token.php", PHP_SAPI == "cli" ? OAUTH_HTTP_METHOD_GET : NULL); } catch (OAuthException $E) { /* when you catch OAuthException and echo OAuthProvider::reportProblem with it, you'll get the problem reporting extension described here: * http://wiki.oauth.net/ProblemReporting for free, it also sets the most appropriate HTTP response code */ echo OAuthProvider::reportProblem($E); }
<?php include 'common.inc.php'; try { $provider = new OAuthProvider($params); $provider->your_own_member = "this is passed to every callback"; $provider->consumerHandler('lookupConsumer'); $provider->timestampNonceHandler('timestampNonceChecker'); $provider->tokenHandler('tokenHandler'); $provider->checkOAuthRequest("http://localhost/a_private_api.php", PHP_SAPI == "cli" ? OAUTH_HTTP_METHOD_GET : NULL); } catch (OAuthException $E) { echo OAuthProvider::reportProblem($E); }