Authorisation header

Recommend this page to a friend!

      PHP OAuth Library  >  All threads  >  Authorisation header  >  (Un) Subscribe thread alerts  
Subject:Authorisation header
Summary:How do you pass things like oauth_signature to the endpoint
Messages:15
Author:Mike Buckley
Date:2019-11-04 15:50:13
 
  1 - 10   11 - 15  

  1. Authorisation header   Reply   Report abuse  
Mike Buckley - 2019-11-04 15:50:13
Hi, I'm very new to the OAuth process and I'm probably in way over my head, but I can't understand, or see how/where you pass things like this to the webservice? I'll need to pass mutliple things such as oauth_nonce, oauth_timestamp.

Many thanks

  2. Re: Authorisation header   Reply   Report abuse  
Manuel Lemos - 2019-11-05 01:58:43 - In reply to message 1 from Mike Buckley
Hello Mike,

You do not need to be concerned with passing those parameters to OAuth server. This OAuth class takes care of that for you.

What you need to be concerned is the what OAuth server do you need to access to make the API calls you need to do in your PHP applications.

This package comes with built-in support to many OAuth servers that you may be using. For those with built-in support there are examples scripts in this package named test_some_API_login.php .

Do you see an example script in this package for the API you want to access?

  3. Re: Authorisation header   Reply   Report abuse  
Mike Buckley - 2019-11-06 11:25:37 - In reply to message 2 from Manuel Lemos
Hi Manuel,

First of all, thank you for taking the time to reply. The API I'm trying to get the key from isn't listed but I didn't expect it would be - it's an API for an online survey site. Forgive me for my many questions but as I said, this is a new area for me and I'm struggling to follow.

The API I'm trying to access receives POST request and is OAuth version1.0 so I've set these values in the json configuration:

"oauth_version": "1.0",
"token_request_method":"POST",
"dialog_url":" https://XXXXXXXXXX ",
"request_token_url": "https://XXXXXXXXXX”

Incidentally, I don’t have different urls for “dialog_url” or “request_token_url” so I have used the same for both. I’m also confused about the scope, I’ve left this blank at the moment, will this need a value?

I’ve had a bit of success and can see in the php error log that the oauth class connects and passes a correctly formed authorisation header to the endpoint. I think it’s now failing on the CallAPI function, the API requires xml in the body request – it currently returns:

<ErrorMessage>Root element is missing.</ErrorMessage>

Is there a way to format the body request/parameters as xml?

Thanks again for your time

  4. Re: Authorisation header   Reply   Report abuse  
Manuel Lemos - 2019-11-06 18:27:40 - In reply to message 3 from Mike Buckley
You need to seek for the documentation of that API to find out what are the correct URLs for the dialog_url and request_token_url.

The scope may not be necessary. That is usually for complex APIs that support different products, like for instance Google APIs that support Google Calendar, Google Drive, etc..

Anyway, it seems that you succeed getting a token to make authorized API calls.

To send API call requests that require data in XML format use the RequestBody parameter and set RequestContentType parameter maybe to 'text/xml' or 'application/xml'.

  5. Re: Authorisation header   Reply   Report abuse  
Mike Buckley - 2019-11-07 12:56:42 - In reply to message 4 from Manuel Lemos
Hi Manuel, thanks again for your time – I think this is still failing before CallAPI


I was given this by the API author as a structure for the oauth request and login xml, I appreciate it’s a lot to look through but I’m really failing at every turn.

/////////////////////////////////////

POST https://XXXX.com HTTP/1.1
Authorization: OAuth oauth_consumer_key="123456XXXXXX", oauth_token="", oauth_signature_method="HMAC-SHA1", oauth_signature="123456RCXXXXXX", oauth_timestamp="1572443565", oauth_nonce="8071245", oauth_version="1.0"
Content-Type: application/xml; charset=utf-16
Host: xxxx.com
Content-Length: 612
Expect: 100-continue
Connection: Keep-Alive

<?xml version="1.0" encoding="utf-16"?>
<LogonParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<UserName>SomeUser</UserName>
<Password>SomePassword</Password>
<PanelId>pXXXXXXXX</PanelId>
<Language>9</Language>
</LogonParameters>


/////////////////////////////////////

This was the error in the php log:
[07-Nov-2019 12:32:08 Europe/Dublin] OAuth client: Checking the OAuth token authorization state
[07-Nov-2019 12:32:08 Europe/Dublin] OAuth client: The OAuth access token is not set
[07-Nov-2019 12:32:08 Europe/Dublin] OAuth client: Requesting the unauthorized OAuth token
[07-Nov-2019 12:32:08 Europe/Dublin] OAuth client: Accessing the OAuth request token at https://XXX.com/Logon/
[07-Nov-2019 12:32:08 Europe/Dublin] Connecting to XXXX.com
[07-Nov-2019 12:32:08 Europe/Dublin] Resolving HTTP server domain "XXX.com"...
[07-Nov-2019 12:32:08 Europe/Dublin] Connecting to HTTP server IP SomeIP port 443...
[07-Nov-2019 12:32:09 Europe/Dublin] Connected to XXX.com
[07-Nov-2019 12:32:09 Europe/Dublin] C POST XXX/Logon/ HTTP/1.1
[07-Nov-2019 12:32:09 Europe/Dublin] C Host: XXX.com
[07-Nov-2019 12:32:09 Europe/Dublin] C User-Agent: PHP-OAuth-API (http://www.phpclasses.org/oauth-api $Revision: 1.166 $)
[07-Nov-2019 12:32:09 Europe/Dublin] C Accept: */*
[07-Nov-2019 12:32:09 Europe/Dublin] C Authorization: OAuth oauth_consumer_key="XXXXXX",oauth_nonce="XXXXX",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1573129928",oauth_version="1.0",oauth_token="",oauth_callback="http%3A%2F%2Fredirectpage",oauth_signature="XXXXX"
[07-Nov-2019 12:32:09 Europe/Dublin] C Connection: Keep-Alive
[07-Nov-2019 12:32:09 Europe/Dublin] C Content-Type: application/x-www-form-urlencoded
[07-Nov-2019 12:32:09 Europe/Dublin] C Content-Length: 0
[07-Nov-2019 12:32:09 Europe/Dublin] C
[07-Nov-2019 12:32:09 Europe/Dublin] S HTTP/1.1 500 Root element is missing.
[07-Nov-2019 12:32:09 Europe/Dublin] S Cache-Control: private
[07-Nov-2019 12:32:09 Europe/Dublin] S Content-Type: application/xml; charset=utf-8
[07-Nov-2019 12:32:09 Europe/Dublin] S Server:
[07-Nov-2019 12:32:09 Europe/Dublin] S Set-Cookie: ASP.NET_SessionId=XXXXXXXXXX; path=/; HttpOnly
[07-Nov-2019 12:32:09 Europe/Dublin] S X-Confirmit-ID: FE01
[07-Nov-2019 12:32:09 Europe/Dublin] S Strict-Transport-Security: max-age=15768000
[07-Nov-2019 12:32:09 Europe/Dublin] S Date: Thu, 07 Nov 2019 12:32:08 GMT
[07-Nov-2019 12:32:09 Europe/Dublin] S Content-Length: 225
[07-Nov-2019 12:32:09 Europe/Dublin] S
[07-Nov-2019 12:32:09 Europe/Dublin] S <ResponseError xmlns="http://schemas.datacontract.orgXXXX" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><ErrorMessage>Root element is missing.</ErrorMessage></ResponseError>
[07-Nov-2019 12:32:09 Europe/Dublin] Keeping the connection alive to XXXX.com
[07-Nov-2019 12:32:09 Europe/Dublin] OAuth client: Could not retrieve the OAuth access token. Error: it was not possible to access the OAuth request token: it was returned an unexpected response status 500 Response: <ResponseError xmlns="http://schemas.datacontract.org/XXXX " xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><ErrorMessage>Root element is missing.</ErrorMessage></ResponseError>


I notice that in their authorisation header the Content-type is ‘application/xml’ whereas in the errorlog the Content-type is ‘application/x-www-form-urlencoded‘ I’ve tried to change this in the json configuration/and manually in the Sign function but it doesn’t change – it stays as ‘application/x-www-form-urlencoded’.

If I can get past the oath request would set the RequestBody like this?

$xmlstring = '<?xml version="1.0" encoding="utf-16"?><LogonParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><UserName>SomeUser</UserName><Password>SomePassword</Password><PanelId>pXXXXXX</PanelId><Language>9</Language></LogonParameters>';



$success = $client->CallAPI(
'https://XXX.com/Logon/',
'POST', array(), array('FailOnAccessError'=>true, 'RequestBody'=>$xmlstring, 'RequestContentType'=>'application/xml'), $user);
}


Many thanks
Mike

  6. Re: Authorisation header   Reply   Report abuse  
Manuel Lemos - 2019-11-07 20:02:36 - In reply to message 5 from Mike Buckley
It should work. Would it be possible for you to create private repository in GitHub with the your example script and the version of the class that you use so I can try to reproduce the problem?

If so, please share that repository with GitHub account manuellemos and let me know here so I can check what is the problem.

  7. Re: Authorisation header   Reply   Report abuse  
Mike Buckley - 2019-11-08 12:13:56 - In reply to message 6 from Manuel Lemos
Hi Manuel, I expect you've been notified by gitHub but just to be sure I've added you to the repo, there's a few notes in the first commit.
Once again thank you so much for your time.
Mike

  8. Re: Authorisation header   Reply   Report abuse  
Manuel Lemos - 2019-11-08 20:55:45 - In reply to message 7 from Mike Buckley
It seems no invitation came to access that repository yet. Can you please check if you really submitted the invitation?

  9. Re: Authorisation header   Reply   Report abuse  
Mike Buckley - 2019-11-09 09:09:36 - In reply to message 8 from Manuel Lemos
It seems nothing wants to work for me :( here's the invite link https://github.com/WalnutUnlimited-MM/newvistapanel/invitations

  10. Re: Authorisation header   Reply   Report abuse  
Mike Buckley - 2019-11-14 15:21:11 - In reply to message 9 from Mike Buckley
Hi Manuel, sorry to bump this - did you manage to look at the git repo? It says you're listed as a collaborator. I've loaded Fiddler on the machine hosting the relevant pages, when I run this page I see no requests or headers to the endpoint. But I still get errors in the php log. The authorisation header looks like this - (I was shown a log from a Fiddler session their end).

Authorization Header is present: OAuth oauth_consumer_key="xxxxxxxxxxx", oauth_token="", oauth_signature_method="HMAC-SHA1", oauth_signature="Kvy5KC4nvtDUxxxxxxD", oauth_timestamp="1573725767", oauth_nonce="8487330", oauth_version="1.0"

I believe the request authorisation header and body are set and sent at the same time - so the body is like this:

<?xml version="1.0" encoding="utf-16"?>
<LogonParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<UserName>nn1@nn.nn</UserName>
<Password>xxxxxx</Password>
<PanelId>pxxxxx</PanelId>
<Language>9</Language>
</LogonParameters>


My php errors currently look like this:

OAuth client: Could not retrieve the OAuth access token. Error: it was not possible to access the OAuth request token: it was returned an unexpected response status 500 Response: <ResponseError xmlns="http://schemas.datacontract.org/2004/07/Confirmit.Extensibility.Sdk.ServiceModel" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><ErrorMessage>Object reference not set to an instance of an object.</ErrorMessage></ResponseError>
[14-Nov-2019 16:08:38 Europe/Minsk] OAuth client: Checking the OAuth token authorization state
[14-Nov-2019 16:08:38 Europe/Minsk] OAuth client: The OAuth access token is not set
[14-Nov-2019 16:08:38 Europe/Minsk] OAuth client: Requesting the unauthorized OAuth token
[14-Nov-2019 16:08:38 Europe/Minsk] OAuth client: Accessing the OAuth request token at https://ws.nordic.confirmit.com/Confirmit/FlexServices/PanelPortalService.svc/Logon/
[14-Nov-2019 16:08:38 Europe/Minsk] Connecting to ws.nordic.confirmit.com
[14-Nov-2019 16:08:38 Europe/Minsk] Resolving HTTP server domain "ws.nordic.confirmit.com"...
[14-Nov-2019 16:08:38 Europe/Minsk] Connecting to HTTP server IP 77.88.98.21 port 443...
[14-Nov-2019 16:08:38 Europe/Minsk] Connected to ws.nordic.confirmit.com
[14-Nov-2019 16:08:38 Europe/Minsk] C POST /Confirmit/FlexServices/PanelPortalService.svc/Logon/ HTTP/1.1
[14-Nov-2019 16:08:38 Europe/Minsk] C Host: ws.nordic.confirmit.com
[14-Nov-2019 16:08:38 Europe/Minsk] C User-Agent: PHP-OAuth-API (http://www.phpclasses.org/oauth-api $Revision: 1.166 $)
[14-Nov-2019 16:08:38 Europe/Minsk] C Accept: */*
[14-Nov-2019 16:08:38 Europe/Minsk] C Authorization: OAuth oauth_consumer_key="a1afd97680384961",oauth_nonce="9b875c6275f17ba8f1971d43a5319126",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1573736918",oauth_version="1.0",oauth_token="",oauth_callback="https%3A%2F%2Fgeneralnuts.walnutunlimited.com%2Fcookie-policy%2F",oauth_signature="RjXqtyl3rBqrOD5xJsje%2BUC1jCo%3D"
[14-Nov-2019 16:08:38 Europe/Minsk] C Connection: Keep-Alive
[14-Nov-2019 16:08:38 Europe/Minsk] C Content-Type: application/x-www-form-urlencoded
[14-Nov-2019 16:08:38 Europe/Minsk] C Content-Length: 0
[14-Nov-2019 16:08:38 Europe/Minsk] C
[14-Nov-2019 16:08:38 Europe/Minsk] S HTTP/1.1 500 Root element is missing.

///////////////////////END

So could the "Root element is missing" be the start of the xml in the body?

I have used your google class to connect to a test api on google. The urls where a bit different but it worked, but fiddler didn't reccord an authorisation header in any requests.

I think I need to combine the token and body requests in one go?

I’ve put their Fiddler log/output in the repo if it helps illustrate what their login requires.

Many thanks

 
  1 - 10   11 - 15  

For more information send a message to info at phpclasses dot org.