OAuth::enableSSLChecks
Make sure that your $extra_parameters is an array.
If it's not, then OAuth will silently skip the malformed data type and produce a signature base string that is invalid (doesn't contain POST parameters, as defined in the RFC).
You should file a critical bug report against any REST API you find in the wild that accepts such a bogus signature to pass authentication.
OAuth::fetch
(PECL OAuth >= 0.99.1)
OAuth::fetch — OAuth で保護されたリソースを取得する
説明
public mixed OAuth::fetch
( string
$protected_resource_url
[, array $extra_parameters
[, string $http_method
[, array $http_headers
]]] )リソースを取得します。
パラメータ
-
protected_resource_url -
OAuth で保護されたリソースへの URL。
-
extra_parameters -
リソースへのリクエストとともに送信する追加パラメータ。
-
http_method -
OAUTH_HTTP_METHOD_*OAUTH 定数 のいずれか。 GET、POST、PUT、HEAD そして DELETE があります。HEAD (
OAUTH_HTTP_METHOD_HEAD) は、 実際のリクエストの前に (OAuth 認証情報が Authorization ヘッダにあるかどうかなどの) 情報を取得するときに有用です。 -
http_headers -
HTTP クライアントヘッダ (User-Agent や Accept など)。
返り値
成功した場合に TRUE を、失敗した場合に FALSE を返します。
変更履歴
| バージョン | 説明 |
|---|---|
| 1.0.0 |
以前は、失敗したときに FALSE ではなく NULL を返していました。
|
| 0.99.5 |
http_method パラメータが追加されました。
|
| 0.99.8 |
http_headers パラメータが追加されました。
|
例
例1 OAuth::fetch() の例
<?php
try {
$oauth = new OAuth("consumer_key","consumer_secret",OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION);
$oauth->setToken("access_token","access_token_secret");
$oauth->fetch("http://photos.example.net/photo?file=vacation.jpg");
$response_info = $oauth->getLastResponseInfo();
header("Content-Type: {$response_info["content_type"]}");
echo $oauth->getLastResponse();
} catch(OAuthException $E) {
echo "Exception caught!\n";
echo "Response: ". $E->lastResponse . "\n";
}
?>
参考
- OAuth::getLastResponse() - 直近のレスポンスを取得する
- OAuth::getLastResponseInfo() - 直近のレスポンスの HTTP 情報を取得する
- OAuth::setToken() - トークンと secret を設定する
add a note
User Contributed Notes
OAuth::fetch
sun at drupal dot org
09-Aug-2011 06:40
contact info at mech dot cx
23-Mar-2011 04:00
I was having troubles getting fetch() to post, the remote server (Twitter, in this case) complained at me that their "resource only supports POST". Turned out to be a known bug in OAuth 1.1, downgrading to 1.0 fixed it.
Don't lose as much time over this as I did :-)
Lyuben Penkovski (l_penkovski at yahoo dot com)
26-Aug-2010 11:51
If the provider's web server is configured to use Keep-Alive extension to HTTP protocol (HTTP 1.1), there can be a big delay in the response time from the provider. By default Apache is configured to use Keep-Alive for 5 seconds. This is the delay after which the response will come back to the consumer. If you have this issue of delayed result, you can pass in HTTP headers when calling $consumer->fetch():
<?php
$consumer = new OAuth("consumer_key", "consumer_secret", OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_FORM);
$consumer->fetch('http://example.com/api/', null, OAUTH_HTTP_METHOD_POST, array('Connection'=>'close'));
?>
Then the provider will send the result immediately after it's ready with the processing and the connection will be closed. Unfortunately, when calling $consumer->getRequestToken() and $consumer->getAccessToken() there's no way provided to pass in HTTP headers and this delay (if present) cannot be avoided, or at least we could not find a way to avoid it.
The solution that worked for us is to send this header from the provider when returning result to the consumer:
<?php
$result = 'oauth_callback_accepted=true&oauth_token=' . $this->urlencode($token->oauth_token) .
'&oauth_token_secret='.$this->urlencode($token->oauth_token_secret);
header('HTTP/1.1 200 OK');
header('Content-Length: '.strlen($result));
header('Content-Type: application/x-www-form-urlencoded');
header('Connection:close');
echo $result;
?>
This can work if you have the possibility to modify the code of the provider, e.g. if you are the provider yourself or if you can talk with the people that develop it and ask them to send this header for your request.