OAuthProvider::checkOAuthRequest
(PECL OAuth >= 1.0.0)
OAuthProvider::checkOAuthRequest — Check an oauth request
Description
public void OAuthProvider::checkOAuthRequest
([ string
$uri
[, string $method
]] )Checks an OAuth request.
Warning
This function is currently not documented; only its argument list is available.
Parameters
-
uri
-
The optional URI, or endpoint.
-
method
-
The HTTP method. Optionally pass in one of the
OAUTH_HTTP_METHOD_*
OAuth constants.
Return Values
No value is returned.
Errors/Exceptions
Emits an E_ERROR
level error if
the HTTP method cannot be detected.
See Also
- OAuthProvider::reportProblem() - Report a problem
- Функция OAuthProvider::addRequiredParameter() - Add required parameters
- Функция OAuthProvider::callconsumerHandler() - Calls the consumerNonceHandler callback
- Функция OAuthProvider::callTimestampNonceHandler() - Calls the timestampNonceHandler callback
- Функция OAuthProvider::calltokenHandler() - Calls the tokenNonceHandler callback
- Функция OAuthProvider::checkOAuthRequest() - Check an oauth request
- Функция OAuthProvider::__construct() - Constructs a new OAuthProvider object
- Функция OAuthProvider::consumerHandler() - Set the consumerHandler handler callback
- Функция OAuthProvider::generateToken() - Generate a random token
- Функция OAuthProvider::is2LeggedEndpoint() - is2LeggedEndpoint
- Функция OAuthProvider::isRequestTokenEndpoint() - Sets isRequestTokenEndpoint
- Функция OAuthProvider::removeRequiredParameter() - Remove a required parameter
- Функция OAuthProvider::reportProblem() - Report a problem
- Функция OAuthProvider::setParam() - Set a parameter
- Функция OAuthProvider::setRequestTokenPath() - Set request token path
- Функция OAuthProvider::timestampNonceHandler() - Set the timestampNonceHandler handler callback
- Функция OAuthProvider::tokenHandler() - Set the tokenHandler handler callback
Коментарии
This function checks if OAuth request is valid and signed correctly.
$provider->checkOAuthRequest();
It does this by first calling timestampNonceHandler and expects result OAUHT_OK from it. If the result is different, an exception is thrown. It's up to you to write the code that checks timestamp/nonce combinations.
Secondly, it calls consumerHandler and expects your code in the consumerHandler function to set $provider->consumer_secret to the correct value (you should take it from your consumer storage location where it's saved with consumer key). If $provider->consumer_secret is not set, or is not set with the proper value an exception is thrown. Proper value means that it should be the same consumer key that was used to sign the request by the consumer before sending it to here (the provider). Again expected result from this function is OAUTH_OK or some OAUTH error code if you want to throw exception.
Third, it calls tokenHandler, but only WHEN you are requesting ACCESS token or requesting protected data with authorized ACCESS TOKEN. In order for the provider to call tokenHandler, before a call to the checkOAuthRequest function is made, the provider should call the method that says that this is not a request token endpoint (this is access token endpoint):
$provider->isRequestTokenEndpoint (false);
$provider->checkOAuthRequest();
Again here OAuthProvider is expecting your code in the tokenHandler to set $provider->token_secret to the correct value (you should take it from your token storage place) because during the signing process it uses CONSUMER SECRET (for request token) and CONSUMER SECRET AND TOKEN SECRET (for access token and fetch of protected data) to sign the request.
After these 3 handler functions are called and return good results (OAUTH_OK) and set the values of the required fields $provider->consumer_secret and $provider->token_secret, then the checkOAuthRequest function signs the request. If something goes wrong, it throws exception, otherwise there comes the place for your code to proceed and handle the request:
- you can create request token (if it's a first request for request token)
- you can create access token (if it's a request for access token)
- you can return protected data to the consumer (if it's a request to fetch protected data)
This is how the functions in my code look like, however please have in mind that I've just implemented it and it's possible that I have something missed or forgotten, but generally I think the idea should be clear:
$this->dbModel is the object for working with database and save/retrieve token and consumer data
<?php
public function timestampNonceHandler ( $provider )
{
return $this->dbModel->checkTimestampNonce ( $provider->consumer_key,
$provider->token,
$provider->timestamp,
$provider->nonce );
}
public function consumerHandler ( $provider )
{
$consumer = $this->dbModel->getConsumerSecrets ($provider->consumer_key);
if($consumer['consumer_key'] != $provider->consumer_key)
{
return OAUTH_CONSUMER_KEY_UNKNOWN;
}
if( (int)$consumer['disabled'] != 0 )
{
return OAUTH_CONSUMER_KEY_REFUSED;
}
$provider->consumer_id = $consumer['consumer_id']; # this is not required by OAuthProvider but I use it later in tokenHandler
$provider->consumer_secret = $consumer['consumer_secret']; # this is REQUIRED
return OAUTH_OK;
}
public function tokenHandler ( $provider )
{
$token = $this->dbModel->getToken( $provider->token );
if( time() > $token['expire'] )
{
return OAUTH_TOKEN_EXPIRED;
}
if($token['consumer_id'] != $provider->consumer_id)
{
return OAUTH_TOKEN_REJECTED;
}
if( (int)$token['authorized'] == 0 )
{
return OAUTH_TOKEN_REJECTED;
}
if($token['token_type'] != 'access')
{
if($token['verifier'] != $provider->verifier)
return OAUTH_VERIFIER_INVALID;
}
$provider->token_id = $token['token_id']; # not required to be set by OAuthProvider
$provider->token_secret = $token['token_secret']; # this is REQUIRED
return OAUTH_OK;
}
?>
Seems this method can only be called once per instance (or gives the same result as the first call on repeat calls).
My use case is API endpoints that can be accessed by a user or with 2 legged auth. If normal oAuth failed, I was calling is2LeggedEndpoint(true) and running again.
For that to work the OAuth Provider needs to be created again, simply changing one of the flags seems to have no effect on the next call.