开发者

How to use the Yahoo! API with the oauth-php library?

I'm currently trying to use the Yahoo API directly with php. I already use the oauth-php library with some Google API and it works like a charm.

But the yahoo API don't like authorization headers which oauth-php uses. I see the PECL Oauth has an option to select how the authorization parameter is sent but can't find any equivalent in the almost non-existent documentation of oauth-php. So my question is: is it possible to select this method with oauth-php o开发者_如何转开发r should I start working on some patch ?

Edit: changed the title to reflect what the root cause of the problem was.


In case it can help another lost soul I got it at last. So Oauth-php stores tokens in a varchar(64) field in the oauth_consumer_token table. At least, in the downloadable r175 version; it was changed to varchar(255) in the r188 source of the installer.

But Yahoo!'s token are a lot longer than that (790 bytes at least) which means you have to change the table structure to have the colum oct_token as TEXT. And to do that, you have to drop a foreign key then an index.

Modified library/store/mysql/mysql.sql :

# Datamodel for OAuthStoreMySQL
#
# You need to add the foreign key constraints for the user ids your are using.
# I have commented the constraints out, just look for 'usa_id_ref' to enable them.
#
# The --SPLIT-- markers are used by the install.php script
#   
# @version $Id$
# @author Marc Worrell
#

# Changes:
#
# 2011-02-25
#           ALTER TABLE oauth_consumer_token MODIFY oct_token varchar(255) binary not null;
#           ALTER TABLE oauth_consumer_token MODIFY oct_token_secret varchar(255) binary not null;
#
# 2010-09-15
#      ALTER TABLE oauth_server_token MODIFY ost_referrer_host varchar(128) not null default '';
#
# 2010-07-22
#      ALTER TABLE oauth_consumer_registry DROP INDEX ocr_consumer_key;
#      ALTER TABLE oauth_consumer_registry ADD UNIQUE ocr_consumer_key(ocr_consumer_key,ocr_usa_id_ref,ocr_server_uri)
#
# 2010-04-20 (on 103 and 110)
#           ALTER TABLE oauth_consumer_registry MODIFY ocr_consumer_key varchar(128) binary not null;
#           ALTER TABLE oauth_consumer_registry MODIFY ocr_consumer_secret varchar(128) binary not null;
#
# 2010-04-20 (on 103 and 110)
#       ALTER TABLE oauth_server_token ADD ost_verifier char(10);
#       ALTER TABLE oauth_server_token ADD ost_callback_url varchar(512);
#
# 2008-10-15 (on r48) Added ttl to consumer and server tokens, added named server tokens
#
#      ALTER TABLE oauth_server_token
#      ADD ost_token_ttl datetime not null default '9999-12-31',
#      ADD KEY (ost_token_ttl);
#
#      ALTER TABLE oauth_consumer_token
#      ADD oct_name varchar(64) binary not null default '',
#      ADD oct_token_ttl datetime not null default '9999-12-31',
#      DROP KEY oct_usa_id_ref,
#      ADD UNIQUE KEY (oct_usa_id_ref, oct_ocr_id_ref, oct_token_type, oct_name),
#      ADD KEY (oct_token_ttl);
#
# 2008-09-09 (on r5) Added referrer host to server access token
#
#      ALTER TABLE oauth_server_token ADD ost_referrer_host VARCHAR(128) NOT NULL;
#


#
# Log table to hold all OAuth request when you enabled logging
#

CREATE TABLE IF NOT EXISTS oauth_log (
    olg_id                  int(11) not null auto_increment,
    olg_osr_consumer_key    varchar(64) binary,
    olg_ost_token           varchar(64) binary,
    olg_ocr_consumer_key    varchar(64) binary,
    olg_oct_token           varchar(64) binary,
    olg_usa_id_ref          int(11),
    olg_received            text not null,
    olg_sent                text not null,
    olg_base_string         text not null,
    olg_notes               text not null,
    olg_timestamp           timestamp not null default current_timestamp,
    olg_remote_ip           bigint not null,

    primary key (olg_id),
    key (olg_osr_consumer_key, olg_id),
    key (olg_ost_token, olg_id),
    key (olg_ocr_consumer_key, olg_id),
    key (olg_oct_token, olg_id),
    key (olg_usa_id_ref, olg_id)

#   , foreign key (olg_usa_id_ref) references any_user_auth (usa_id_ref)
#       on update cascade
#       on delete cascade
) engine=InnoDB default charset=utf8;

#--SPLIT--

#
# /////////////////// CONSUMER SIDE ///////////////////
#

# This is a registry of all consumer codes we got from other servers
# The consumer_key/secret is obtained from the server
# We also register the server uri, so that we can find the consumer key and secret
# for a certain server.  From that server we can check if we have a token for a
# particular user.

CREATE TABLE IF NOT EXISTS oauth_consumer_registry (
    ocr_id                  int(11) not null auto_increment,
    ocr_usa_id_ref          int(11),
    ocr_consumer_key        varchar(128) binary not null,
    ocr_consumer_secret     varchar(128) binary not null,
    ocr_signature_methods   varchar(255) not null default 'HMAC-SHA1,PLAINTEXT',
    ocr_server_uri          varchar(255) not null,
    ocr_server_uri_host     varchar(128) not null,
    ocr_server_uri_path     varchar(128) binary not null,

    ocr_request_token_uri   varchar(255) not null,
    ocr_authorize_uri       varchar(255) not null,
    ocr_access_token_uri    varchar(255) not null,
    ocr_timestamp           timestamp not null default current_timestamp,

    primary key (ocr_id),
    unique key (ocr_consumer_key, ocr_usa_id_ref, ocr_server_uri),
    key (ocr_server_uri),
    key (ocr_server_uri_host, ocr_server_uri_path),
    key (ocr_usa_id_ref)

#   , foreign key (ocr_usa_id_ref) references any_user_auth(usa_id_ref)
#       on update cascade
#       on delete set null
) engine=InnoDB default charset=utf8;

#--SPLIT--

# Table used to sign requests for sending to a server by the consumer
# The key is defined for a particular user.  Only one single named
# key is allowed per user/server combination

CREATE TABLE IF NOT EXISTS oauth_consumer_token (
    oct_id                  int(11) not null auto_increment,
    oct_ocr_id_ref          int(11) not null,
    oct_usa_id_ref          int(11) not null,
    oct_name                varchar(64) binary not null default '',
    oct_token               text binary not null,
    oct_token_secret        varchar(255) binary not null,
    oct_token_type          enum('request','authorized','access'),
    oct_token_ttl           datetime not null default '9999-12-31',
    oct_timestamp           timestamp not null default current_timestamp,

    primary key (oct_id),
    unique key (oct_usa_id_ref, oct_ocr_id_ref, oct_token_type, oct_name),
  key (oct_token_ttl)


#   , foreign key (oct_usa_id_ref) references any_user_auth (usa_id_ref)
#       on update cascade
#       on delete cascade           
) engine=InnoDB default charset=utf8;

#--SPLIT--


#
# ////////////////// SERVER SIDE /////////////////
#

# Table holding consumer key/secret combos an user issued to consumers.
# Used for verification of incoming requests.

CREATE TABLE IF NOT EXISTS oauth_server_registry (
    osr_id                      int(11) not null auto_increment,
    osr_usa_id_ref              int(11),
    osr_consumer_key            varchar(64) binary not null,
    osr_consumer_secret         varchar(64) binary not null,
    osr_enabled                 tinyint(1) not null default '1',
    osr_status                  varchar(16) not null,
    osr_requester_name          varchar(64) not null,
    osr_requester_email         varchar(64) not null,
    osr_callback_uri            varchar(255) not null,
    osr_application_uri         varchar(255) not null,
    osr_application_title       varchar(80) not null,
    osr_application_descr       text not null,
    osr_application_notes       text not null,
    osr_application_type        varchar(20) not null,
    osr_application_commercial  tinyint(1) not null default '0',
    osr_issue_date              datetime not null,
    osr_timestamp               timestamp not null default current_timestamp,

    primary key (osr_id),
    unique key (osr_consumer_key),
    key (osr_usa_id_ref)

#   , foreign key (osr_usa_id_ref) references any_user_auth(usa_id_ref)
#       on update cascade
#       on delete set null
) engine=InnoDB default charset=utf8;

#--SPLIT--

# Nonce used by a certain consumer, every used nonce should be unique, this prevents
# replaying attacks.  We need to store all timestamp/nonce combinations for the
# maximum timestamp received.

CREATE TABLE IF NOT EXISTS oauth_server_nonce (
    osn_id                  int(11) not null auto_increment,
    osn_consumer_key        varchar(64) binary not null,
    osn_token               varchar(64) binary not null,
    osn_timestamp           bigint not null,
    osn_nonce               varchar(80) binary not null,

    primary key (osn_id),
    unique key (osn_consumer_key, osn_token, osn_timestamp, osn_nonce)
) engine=InnoDB default charset=utf8;

#--SPLIT--

# Table used to verify signed requests sent to a server by the consumer
# When the verification is succesful then the associated user id is returned.

CREATE TABLE IF NOT EXISTS oauth_server_token (
    ost_id                  int(11) not null auto_increment,
    ost_osr_id_ref          int(11) not null,
    ost_usa_id_ref          int(11) not null,
    ost_token               varchar(64) binary not null,
    ost_token_secret        varchar(64) binary not null,
    ost_token_type          enum('request','access'),
    ost_authorized          tinyint(1) not null default '0',
  ost_referrer_host       varchar(128) not null default '',
  ost_token_ttl           datetime not null default '9999-12-31',
    ost_timestamp           timestamp not null default current_timestamp,
    ost_verifier            char(10),
    ost_callback_url        varchar(512),

  primary key (ost_id),
    unique key (ost_token),
    key (ost_osr_id_ref),
  key (ost_token_ttl),

  foreign key (ost_osr_id_ref) references oauth_server_registry (osr_id)
        on update cascade
        on delete cascade

#   , foreign key (ost_usa_id_ref) references any_user_auth (usa_id_ref)
#       on update cascade
#       on delete cascade           
) engine=InnoDB default charset=utf8;


Well, after some time messing around the authorization header was not the problem. Using some google oauth parameters (xoauth_displayname) for a yahoo one was. But while looking around the oauth-php lib (r175) I got to see a parameter in OAuthRequestSigner::getQueryString which is not used but give the possibility to get the headers in the query.

So, in case someone need this but not for the reason I tried it, you can modify OAuthRequester.php like that.

  • Line 149: add

    $auth_header = true;
    if(isset($options['auth_header']) && !$options['auth_header']){
      $auth_header = false;
    }
    
  • Line 164: replace $text = $oauth->curl_raw($curl_options, $auth_header); by $text = $oauth->curl_raw($curl_options, $auth_header);
  • Line 300: replace protected function curl_raw ( $opts = array() ) by protected function curl_raw ( $opts = array(), $auth_header = true )
  • Line 317: replace $query = $this->getQueryString() by $query = $this->getQueryString($auth_header);

Example of call:

$token = OAuthRequester::requestRequestToken($consumer_key, $user_id, $getAuthTokenParams, 'POST', array('auth_header' => FALSE));
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜