|2012-11-07 02:07:57 - In reply to message 1 from Shane Whittaker|
|Since there is no built-in support for this OAuth server, you need to configure some variables manually.|
In this picture you have some example values of an application.
You need to create yours and assign the class variables this way:
client_id <- Consumer key
client_secret <- Consumer secret
oauth_version = '2.0'
dialog_url = 'http://staging.buzzdata.com/oauth2/token'
access_token_url = 'http://staging.buzzdata.com/oauth2/token'
|2012-11-07 18:39:53 - In reply to message 2 from Manuel Lemos|
|Thanks Manuel! |
Although I had already made the configuration and had some success.
I am wondering how I can configure this library so that it stops to ask the user for access.
Currently this just gives me the token without authorizing it.
|2012-11-07 21:46:30 - In reply to message 3 from Shane Whittaker|
|By default the class uses session variables to store previously retrieved tokens. This can be changed by overriding a couple of functions in a sub-class if you need it.|
So, as long as the user session is valid and the token did not expire, the class will no longer redirect the user to make him authorize again.
Also, some sites like for instance Facebook and others, do not show the dialog asking the user for authorization again if he previously authorized your application. So if the class redirects the user to the authorization page, the OAuth server will redirect the user back to you with a token with the granted authorization.
|2012-11-11 18:46:45 - In reply to message 4 from Manuel Lemos|
|In this case the user can revoke access from the source site.|
This only occurs the first time the user accepts, but if they revoke access, they can still go to the application without being asked to allow access again.
I would like for the users to be prompted if they revoke access, but this doesn't happen.
Any help would be appreciated.
|2012-11-12 01:52:28 - In reply to message 5 from Shane Whittaker|
|In that case you need to notify the user to provide permission by coming to the page where you make him go through the OAuth authorization process again. |
This is what happens in the PHPClasses site when an user that authorizes the site application revokes the authorization later on the OAuth server site.
In any case, I can add a function to invalidate access tokens just in case the user has not exited the browser after he revoked the authorization.
|2012-11-12 02:02:04 - In reply to message 6 from Manuel Lemos|
|That would be awesome! And exactly the type of behaviour I'm looking for.|
I understand that it stores the cookie, but the user can revoke access from the site at any time, and not just when closing the browser.
Could you let me know if/when you have implemented the function?
This API has made oAuth so much easier!
|2012-11-13 10:18:51 - In reply to message 7 from Shane Whittaker|
|I have just added the function ResetAccessToken for that purpose. Just let me know if it solves the problem.|
|2012-11-13 13:44:39 - In reply to message 8 from Manuel Lemos|
It no longer has the token, but does not try to re-authorize the token.
It just returns the error Invalid 'OAuth Request', and since I enabled debug the php.log looks like :
[13-Nov-2012 12:43:48 UTC] OAuth client: The OAuth access token '<TOKEN>' is valid
[13-Nov-2012 12:43:48 UTC] OAuth client: The OAuth access token is of type bearer
|2012-11-13 14:47:29 - In reply to message 9 from Shane Whittaker|
|After you call the ResetAccessToken the user needs to go through the authorization page again.|