PHP 5.6.0beta1 released

OAuth::fetch

(PECL OAuth >= 0.99.1)

OAuth::fetchLit une ressource protégée par OAuth

Description

public mixed OAuth::fetch ( string $protected_resource_url [, array $extra_parameters [, string $http_method [, array $http_headers ]]] )

Lit une ressource protégée par OAuth.

Liste de paramètres

protected_resource_url

URL de la ressource protégées par OAuth.

extra_parameters

Paramètres supplémentaires à envoyer avec la requête, à la ressource.

http_method

Une des constantes OAUTH constants OAUTH_HTTP_METHOD_*, incluant GET, POST, PUT, HEAD, ou DELETE.

HEAD (OAUTH_HTTP_METHOD_HEAD) peut être utile pour découvrir des informations avant la demande (si les autorisations OAuth sont dans l'en-tête Authorization header).

http_headers

Les entêtes client HTTP (tels que User-Agent, Accept, etc.)

Valeurs de retour

Cette fonction retourne TRUE en cas de succès ou FALSE si une erreur survient.

Historique

Version Description
1.0.0 Avant cette version, NULL était retourné au lieu de FALSE.
0.99.5 Ajout du paramètre http_method
0.99.8 Ajout du paramètre http_headers

Exemples

Exemple #1 Exemple avec OAuth::fetch()

<?php
try {
    
$oauth = new OAuth("consumer_key","consumer_secret",OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION);
    
$oauth->setToken("access_token","access_token_secret");

    
$oauth->fetch("http://photos.example.net/photo?file=vacation.jpg");

    
$response_info $oauth->getLastResponseInfo();
    
header("Content-Type: {$response_info["content_type"]}");
    echo 
$oauth->getLastResponse();
} catch(
OAuthException $E) {
    echo 
"Exception caught!\n";
    echo 
"Response: "$E->lastResponse "\n";
}
?>

Voir aussi

add a note add a note

User Contributed Notes 5 notes

up
1
sun at drupal dot org
2 years ago
Make sure that your $extra_parameters is an array.

If it's not, then OAuth will silently skip the malformed data type and produce a signature base string that is invalid (doesn't contain POST parameters, as defined in the RFC).

You should file a critical bug report against any REST API you find in the wild that accepts such a bogus signature to pass authentication.
up
1
Lyuben Penkovski (l_penkovski at yahoo dot com)
3 years ago
If the provider's web server is configured to use Keep-Alive extension to HTTP protocol (HTTP 1.1), there can be a big delay in the response time from the provider. By default Apache is configured to use Keep-Alive for 5 seconds. This is the delay after which the response will come back to the consumer. If you have this issue of delayed result, you can pass in HTTP headers when calling $consumer->fetch():

<?php
$consumer
= new OAuth("consumer_key", "consumer_secret", OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_FORM);
$consumer->fetch('http://example.com/api/', null, OAUTH_HTTP_METHOD_POST, array('Connection'=>'close'));
?>

Then the provider will send the result immediately after it's ready with the processing and the connection will be closed. Unfortunately, when calling $consumer->getRequestToken() and $consumer->getAccessToken() there's no way provided to pass in HTTP headers and this delay (if present) cannot be avoided, or at least we could not find a way to avoid it.

The solution that worked for us is to send this header from the provider when returning result to the consumer:

<?php
$result
= 'oauth_callback_accepted=true&oauth_token=' . $this->urlencode($token->oauth_token) .
         
'&oauth_token_secret='.$this->urlencode($token->oauth_token_secret);

header('HTTP/1.1 200 OK');
header('Content-Length: '.strlen($result));
header('Content-Type: application/x-www-form-urlencoded');
header('Connection:close');
echo
$result;
?>

This can work if you have the possibility to modify the code of the provider, e.g. if you are the provider yourself or if you can talk with the people that develop it and ask them to send this header for your request.
up
0
zverik at textual dot ru
15 days ago
If $extra_parameters is not an array, you have to specify Content-Type header, or else you'll get HTTP 401 error. Example:

<?php
$oauth
->fetch(ENDPOINT, '{"action": "get_user_info"}', OAUTH_HTTP_METHOD_PUT, array('Content-Type' => 'application/json'));
?>
up
0
chris dot barr at ntlworld dot com
1 year ago
The fetch() method will throw an OAuthException if the returned http status code is in the 4xx or 5xx range:

<?php
// Querying Twitter with bad login details
try {
 
$oauth->fetch('https://api.twitter.com/1.1/favorites/list.json');
}
catch(
Exception $e) {
  echo
$e->getCode(); // 401
  // Message generated by OAuth class
 
echo $e->getMessage(); // Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)
  // Message returned from Twitter
 
echo $e->lastResponse; // {"errors":[{"message":"Could not authenticate you","code":32}]}
}
up
-1
contact info at mech dot cx
3 years ago
I was having troubles getting fetch() to post, the remote server (Twitter, in this case) complained at me that their "resource only supports POST". Turned out to be a known bug in OAuth 1.1, downgrading to 1.0 fixed it.

Don't lose as much time over this as I did :-)
To Top