Comments (6)
I think not. If you are using 2-legged oauth you may not be associating your
user
with a local user. You may do that, but it's not what the protocol suggests --
since
you'll have to store the remote user and password. If you are using the local
user
and password, I think you already have the identification, right?
If I misunderstood your question, please let me know. I'll leave this open
until we
find out if we are speaking about the same thing.
Original comment by brunobg%[email protected]
on 26 May 2010 at 7:27
from oauth-php.
Original comment by brunobg%[email protected]
on 26 May 2010 at 7:45
- Changed state: Discussion
from oauth-php.
I'm not sure - here's what I am trying to do:
Each user is given a consumer_key and consumer_secret. When they access the site
using the appropriate OAuth header, I need to be able to identify the user by
consumer key. In essence, each consumer is tied to a site user. There is no
remote
username or password since the only system is ours. Requests without the OAuth
header will be treated as anonymous requests.
Eventually, we are also going to support three-legged oauth for third party apps
acting on behalf of users, but it's unnecessary for now.
Original comment by [email protected]
on 26 May 2010 at 7:55
from oauth-php.
Ok, I think I get what you mean. First of all, I'm not sure why there is a
token type
FALSE. I didn't write that code and the oauth spec mentions only "access" and
"request", so it seems just a hack to override it in and generate the headers,
as you
say, if you don't have 'oauth_token'. I'm not sure why you need to do that, to
be
frank...
Given that, the oauth_server_token table is not accessed when token_type is
false. My
guess is that it's a security measure, because $token is ignored (since you
don't
have 'oauth_token'). The special case is written so deliberately that it must
have
been for a good reason, and since I'm not sure, I'd rather not just remove it.
You could call getConsumer to get that information, if you are admin. If you do
have
'oauth_token', then just set token_type as "access" -- it does not seem to have
any
side effects and I think it will work.
Let me know if this solves your problem.
Original comment by brunobg%[email protected]
on 26 May 2010 at 8:48
from oauth-php.
I think that works! This is what I ended up with - does this look about right?:
if (OAuthRequestVerifier::requestIsSigned()){
try{
$req = new OAuthRequestVerifier();
$req->verify(FALSE);
// If no errors were thrown, the request checks out
$consumer_key = $req->getParam('oauth_consumer_key');
$store = OAuthStore::instance();
$consumer = $store->getConsumer($consumer_key, NULL, TRUE);
$user_id = $consumer['user_id'];
// Do authenticated stuff
}
catch (OAuthException2 $e){
// The request was signed, but failed verification
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: OAuth realm=""');
header('Content-Type: text/plain; charset=utf8');
exit();
}
} else {
// Do anonymous stuff
}
Original comment by [email protected]
on 27 May 2010 at 2:19
from oauth-php.
Yes, that is precisely it :)
Original comment by brunobg%[email protected]
on 27 May 2010 at 4:46
- Changed state: Fixed
from oauth-php.
Related Issues (20)
- Minor fix that allows for the implementation of your OAuthStore
- OAuth POST request combines parameters from original server request with parameters being sent via oauth for Oauth consumers HOT 1
- Array of Array
- No server associated with consumer_key "..."
- Putting project to packagist
- Saving Recurring events from Google calendar api
- connect Oauth(PHP) Client to Oauth server (ruby on rails)
- cgi sapi oauth callback is required hot fix available
- Error with OAuth instance 2legged
- Invalid consumer HOT 1
- remote server request error
- Error when creating tables with foreign key constraints
- POST data included in signature when content type is "multipart/form-data" HOT 4
- I get error "Authorized token from Service Provider does not match supplied Request Token details"
- Patch for /trunk/example/client/twoleggedtwitter.php
- OAuth Verification Failed HOT 1
- oAuth with PHP 4.4.9
- where is the updateConsumer function? HOT 1
- [deleted issue]
- SQL bug (with fix) in PostgreSQL Store checkServerNonce method
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth-php.