Missing required parameters (PHP7, PECL/Oauth 2.0.6 & Apache) #17
Description
Hi,
I search for same issue but it seems i'am the only one with it :
Since I upgraded to PHP 7.X I have issue with OAuth and PECL.
I created a minimal test case that crash on a env with Apache, PHP 7.2, PECL/Oauth 2.0.6 & Debian9).
First I created a client (very dumb one, it failed at the getRequestToken method :
<?php
session_start();
$config = [
'consumer_key' => 'key',
'consumer_secret' => 'secret'
];
$requestUrl = 'https://' . $_SERVER['SERVER_NAME'] . '/testServer.php?part=request';
$callbackUrl = 'https://' . $_SERVER['SERVER_NAME'] .'/testClient.php?part=callback';
if (!isset($_GET['part'])) {
echo "<a href='?part=connect'>Login</a>";
}
if ($_GET['part'] === 'connect') {
$oauth = new OAuth($config['consumer_key'], $config['consumer_secret'], OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION);
try {
$requestTokenInfo = $oauth->getRequestToken($requestUrl, $callbackUrl);
echo "We got a request token";
} catch (\Exception $e) {
echo "FAILED ! let's see what has been responded : \n <br>";
echo $oauth->getLastResponse();
echo "\n <br>";
echo "Error while fetching request token info : " . $e->getMessage();
}
}
`
Then a very dumb server as well :
<?php
$server = new \OAuthProvider(['oauth_signature_method' => OAUTH_SIG_METHOD_HMACSHA1]);
$checkConsumer = function()
{
return OAUTH_OK;
};
$checkNonce = function()
{
return OAUTH_OK;
};
$checkToken = function()
{
return OAUTH_OK;
};
$apacheHeaders = apache_request_headers();
if (isset($apacheHeaders['Authorization'])) {
echo "We got Auth Header";
var_dump($apacheHeaders['Authorization']);
}
$server->consumerHandler($checkConsumer);
$server->timestampNonceHandler($checkNonce);
$server->tokenHandler($checkToken);
$server->setRequestTokenPath('https://' . $_SERVER['SERVER_NAME'] . 'testServer.php?part=request');
if ($_GET['part'] === 'request') {
try {
$server->isRequestTokenEndpoint(true);
$server->checkOAuthRequest();
} catch (OAuthException $e) {
$message = \OAuthProvider::reportProblem($e);;
echo sprintf("Oauth Error %s", $e->getMessage());
echo "\n";
echo $message;
}
catch (\Exception $e) {
echo sprintf("Generic Error %s", $e->getMessage());
}
}
Normaly this kind of code may return an issue like "Error Signatures do not match " but it returns a "Missing required parameters"
Missing required parameters oauth_problem=parameter_absent&oauth_parameters_absent=oauth_consumer_key%26oauth_signature%26oauth_nonce%26oauth_timestamp
And $_SERVER['HTTP_AUTHORIZATION'] is filled with OAuth : oauth_callback="https%3A%2F%2Fwww.dyb.dev%2FtestClient.php%3Fpart%3Dcallback",oauth_consumer_key="key",oauth_signature_method="HMAC-SHA1",oauth_nonce="40210775545f5a3559528127.77187770",oauth_timestamp="1599747417",oauth_version="1.0",oauth_signature="H%2FCgZI6G%2F6uxvwsfj%2F3zBcop4uM%3D"
(also available with apache_request_headers or getallheaders)
If I change the client with :
$oauth = new OAuth($config['consumer_key'], $config['consumer_secret'], OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_FORM;
from OAUTH_AUTH_TYPE_AUTHORIZATION to _FORM it works !
But as most Oauth Library use headers by default (included PECL/OAuth) it fails for most of them.
Sorry for the long post, I saw that Nginx & Debian9 had issue ( Bug #76722 cURL library headers not recognized on Debian 9 ) so maybe another one ? Or am I missing something ?
Thanks.