OAuth::fetch
(PECL OAuth >= 0.99.1)
OAuth::fetch — Fetch an OAuth protected resource
Description
$protected_resource_url
[, array $extra_parameters
[, string $http_method
[, array $http_headers
]]] )Fetch a resource.
Parameters
-
protected_resource_url
-
URL to the OAuth protected resource.
-
extra_parameters
-
Extra parameters to send with the request for the resource.
-
http_method
-
One of the
OAUTH_HTTP_METHOD_*
OAUTH constants, which includes GET, POST, PUT, HEAD, or DELETE.HEAD (
OAUTH_HTTP_METHOD_HEAD
) can be useful for discovering information prior to the request (if OAuth credentials are in the Authorization header). -
http_headers
-
HTTP client headers (such as User-Agent, Accept, etc.)
Return Values
Returns TRUE
on success or FALSE
on failure.
Changelog
Version | Description |
---|---|
1.0.0 |
Previously returned NULL on failure, instead of FALSE .
|
0.99.5 |
The http_method parameter was added
|
0.99.8 |
The http_headers parameter was added
|
Examples
Example #1 OAuth::fetch() example
<?php
try {
$oauth = new OAuth("consumer_key","consumer_secret",OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION);
$oauth->setToken("access_token","access_token_secret");
$oauth->fetch("http://photos.example.net/photo?file=vacation.jpg");
$response_info = $oauth->getLastResponseInfo();
header("Content-Type: {$response_info["content_type"]}");
echo $oauth->getLastResponse();
} catch(OAuthException $E) {
echo "Exception caught!\n";
echo "Response: ". $E->lastResponse . "\n";
}
?>
See Also
- OAuth::getLastResponse() - Get the last response
- OAuth::getLastResponseInfo() - Get HTTP information about the last response
- OAuth::setToken() - Sets the token and secret
- Функция OAuth::__construct() - Create a new OAuth object
- Функция OAuth::__destruct() - The destructor
- Функция OAuth::disableDebug() - Turn off verbose debugging
- Функция OAuth::disableRedirects() - Turn off redirects
- Функция OAuth::disableSSLChecks() - Turn off SSL checks
- Функция OAuth::enableDebug() - Turn on verbose debugging
- Функция OAuth::enableRedirects() - Turn on redirects
- Функция OAuth::enableSSLChecks() - Turn on SSL checks
- Функция OAuth::fetch() - Fetch an OAuth protected resource
- Функция OAuth::generateSignature() - Generate a signature
- Функция OAuth::getAccessToken() - Fetch an access token
- Функция OAuth::getCAPath() - Gets CA information
- Функция OAuth::getLastResponse() - Get the last response
- Функция OAuth::getLastResponseHeaders() - Get headers for last response
- Функция OAuth::getLastResponseInfo() - Get HTTP information about the last response
- Функция OAuth::getRequestHeader() - Generate OAuth header string signature
- Функция OAuth::getRequestToken() - Fetch a request token
- Функция OAuth::setAuthType() - Set authorization type
- Функция OAuth::setCAPath() - Set CA path and info
- Функция OAuth::setNonce() - Set the nonce for subsequent requests
- Функция OAuth::setRequestEngine() - The setRequestEngine purpose
- Функция OAuth::setRSACertificate() - Set the RSA certificate
- Функция OAuth::setSSLChecks() - Tweak specific SSL checks for requests.
- Функция OAuth::setTimestamp() - Set the timestamp
- Функция OAuth::setToken() - Sets the token and secret
- Функция OAuth::setVersion() - Set the OAuth version
Коментарии
If the provider's web server is configured to use Keep-Alive extension to HTTP protocol (HTTP 1.1), there can be a big delay in the response time from the provider. By default Apache is configured to use Keep-Alive for 5 seconds. This is the delay after which the response will come back to the consumer. If you have this issue of delayed result, you can pass in HTTP headers when calling $consumer->fetch():
<?php
$consumer = new OAuth("consumer_key", "consumer_secret", OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_FORM);
$consumer->fetch('http://example.com/api/', null, OAUTH_HTTP_METHOD_POST, array('Connection'=>'close'));
?>
Then the provider will send the result immediately after it's ready with the processing and the connection will be closed. Unfortunately, when calling $consumer->getRequestToken() and $consumer->getAccessToken() there's no way provided to pass in HTTP headers and this delay (if present) cannot be avoided, or at least we could not find a way to avoid it.
The solution that worked for us is to send this header from the provider when returning result to the consumer:
<?php
$result = 'oauth_callback_accepted=true&oauth_token=' . $this->urlencode($token->oauth_token) .
'&oauth_token_secret='.$this->urlencode($token->oauth_token_secret);
header('HTTP/1.1 200 OK');
header('Content-Length: '.strlen($result));
header('Content-Type: application/x-www-form-urlencoded');
header('Connection:close');
echo $result;
?>
This can work if you have the possibility to modify the code of the provider, e.g. if you are the provider yourself or if you can talk with the people that develop it and ask them to send this header for your request.
I was having troubles getting fetch() to post, the remote server (Twitter, in this case) complained at me that their "resource only supports POST". Turned out to be a known bug in OAuth 1.1, downgrading to 1.0 fixed it.
Don't lose as much time over this as I did :-)
Make sure that your $extra_parameters is an array.
If it's not, then OAuth will silently skip the malformed data type and produce a signature base string that is invalid (doesn't contain POST parameters, as defined in the RFC).
You should file a critical bug report against any REST API you find in the wild that accepts such a bogus signature to pass authentication.
The fetch() method will throw an OAuthException if the returned http status code is in the 4xx or 5xx range:
<?php
// Querying Twitter with bad login details
try {
$oauth->fetch('https://api.twitter.com/1.1/favorites/list.json');
}
catch(Exception $e) {
echo $e->getCode(); // 401
// Message generated by OAuth class
echo $e->getMessage(); // Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)
// Message returned from Twitter
echo $e->lastResponse; // {"errors":[{"message":"Could not authenticate you","code":32}]}
}
If $extra_parameters is not an array, you have to specify Content-Type header, or else you'll get HTTP 401 error. Example:
<?php
$oauth->fetch(ENDPOINT, '{"action": "get_user_info"}', OAUTH_HTTP_METHOD_PUT, array('Content-Type' => 'application/json'));
?>
So I'm using this to talk to the Woocommerce REST API, and was having a lot of trouble figuring out what exactly $extra_parameters was supposed to look like (which WC REST API expects, besides being of the type OAUTH_AUTH_TYPE_URI).
The multidimensional array I fed it crashed PHP, so don't do that if you're in my shoes.
What ended up solving it was me looking through the OAuth source and noticing that $extra_parameters can also be a string, which, encoded as json (json_encode), solved all my troubles as WC accepted it.