Is it possible to use it in a 2-legged scenario:
- Client has got credentials client-id and client_secret
- Client uses his client credentials (and empty token credentials)
to access the protected resources on the server
So token should be left empty to signal this is a 2-legged authentication.
Could you briefly summarize variable setup and sequence of methods to call?
The server I need to access uses this OAuth protocl
Manuel Lemos - 2013-04-05 07:48:59 - In reply to message 1 from Francesco Ajmone Marsan
I am not sure what you are asking.
If you look at the existing login example scripts, they seem to do what you want because that is the way the OAuth protocol works.
The class redirects the user to the server site to get permissions.
The user is redirected back to the script with some information to get the access token.
The class stores the token so it can be used to make API calls.
If you run the script next time, the class fetches the token from your server storage. So it does not go through the process of obtaining the authorization again until the token expires.
In the case the class uses sessions to store tokens. Real applications should override the class GetAccessToken and StoreAccessToken functions to use different kind of store, say a database table instead of sessions.
From then on, you can make API calls using the CallAPI function instead of going through the Process function again.
Francesco Ajmone Marsan - 2013-04-08 17:10:49 - In reply to message 4 from Manuel Lemos
There are a few minor changes required to have the CallAPI function work in my scenario:
- it should accept an empty token
- a response of content type text/plain should not be sent through parse_str() but the response data passed through "as is"
- as a response I get a resource uri, together with a 303 status, what I should do then is redirect to the uri to get the content. To do this I had to accept 303 as a valid status instead of error
Once implemented these changes, the class works perfectly!!
Don't know if you would like to incorporate them as optional