I'm fairly new to the concept of OAuth and I'm trying to interact with the new Rdio API. I've managed to figure out the authentication using the PECL OAuth functions, but Rdio requires arguments to be passed in via POST and I can't figure out how that is done. The authentication works: the user is bounced to Rdio's site and asked to approve the application, and they are then returned to the site. After that, though, the request making calls to the API fails.
Here's some info on the Rdio API: http://developer.rdio.com/docs/REST/
Here's the code I have for authentication... the lines in italics are what I believe should make the call to the API requesting the method named "currentUser"
$req_url = 'http://api.rdio.com/oauth/request_token';
$authurl = 'https://www.rdio.com/oauth/authorize';
$acc_url = 'http://api.rdio.com/oauth/access_token';
$callback = 'http://localhost/test.php';
$api_url = 'http://api.rdio.com/1';
$conskey = 'vmu7x6u4rk8vae8dn28h';
$conssec = 'GrY7gF';
session_start();
if(!isset($_GET['oauth_token']) && $_SESSION['state']==1) $_SESSION['state'] = 0;
try {
$oauth = new OAuth($conskey,$conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI);
$oauth->enableDebug();
if(!isset($_GET['oauth_token']) && !$_SESSION['state']) {
$request_token_info = $oauth->getRequestToken($req_url);
$_SESSION['secret'] = $request_token_info['oauth_token_secret'];
$_SESSION['state'] = 1;
header('Location: '.$authurl.'?oauth_token='.$request_token_info['oauth_token'].'&oauth_callback='.urlencode($callback));
exit;
} else if($_SESSION['state']==1) {
$oauth->setToken($_GET['oauth_token'],$_SESSION['secret']);
$access_token_info = $oauth->getAccessToken($acc_url);
$_SESSION['state'] = 2;
$_SESSION['token'] = $access_token_info['oauth_token'];
$_SESSION['secret'] = $access_token_info['oauth_token_secret'];
}
$args = "method=currentUser";
$oauth->setToken($_SESSION['token'],$_SESSION['secret']);
$oauth->fetch("$api_url", $args);
$json = json_decode($oauth->getLastResponse());
print_r($json);
} catch(OAuthException $E) {
print_r($E);
}
The message I get back:
Warning: OAuth::fetch(http://api.rdio.com/1?oauth_consumer_key=vmu7x6u4rktv468vae8dn28h&oauth_signature_method=HMAC-SHA1&oauth_nonce=12606272174d85622ad26ce8.80381248&oauth_timestamp=1300587050&oauth_version=1.0&oauth_token=238zec5p4rpcpbfd8j36sjggz3jfsssybhxgcn9kvmmrmdxr3t4f2cnspt4dg5xf&oauth_signature=1mZhJ9AUbi0sm6qhNaAntumAckU%3D) [function.OAuth-fetch]: failed to open stream: HTTP request failed! HTTP/1.0 596
The problem is most likely that the arguments (method=currentUser) aren't being passed via POST properly. Does anyone have any idea how to do this using PECL's OAuth extensions?
In case anyone comes across this looking for the answer, here is what I found works:
To perform a POST OAuth signed request, you need to set the OAuth object to send using POST instead of GET by adding this method before the fetch() method:
$oauth->setAuthType(OAUTH_AUTH_TYPE_FORM);
Even if you're using the OAUTH_HTTP_METHOD_POST parameter in the fetch() method, the OAuth instance itself needs to have setAuthType(OAUTH_AUTH_TYPE_FORM) called on it first.
The code for the specific example I was citing is:
if(!isset($_GET['oauth_token']) && $_SESSION['state']==1) $_SESSION['state'] = 0;
$oauth = new OAuth($rdio_conskey,$rdio_conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI);
$oauth->enableDebug();
if(!isset($_GET['oauth_token']) && !$_SESSION['state']) {
$request_token_info = $oauth->getRequestToken($rdio_req_url);
$_SESSION['secret'] = $request_token_info['oauth_token_secret'];
$_SESSION['state'] = 1;
header('Location: '.$rdio_auth_url.'?oauth_token='.$request_token_info['oauth_token'].'&oauth_callback='.$callbackurl);
exit;
} else if($_SESSION['state']==1) {
$oauth->setToken($_GET['oauth_token'],$_SESSION['secret']);
$access_token_info = $oauth->getAccessToken($rdio_acc_url);
$_SESSION['state'] = 2;
$_SESSION['token'] = $access_token_info['oauth_token'];
$_SESSION['secret'] = $access_token_info['oauth_token_secret'];
}
$oauth = new OAuth($rdio_conskey, $rdio_conssec, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$oauth->setToken($access_token_info['oauth_token'],$access_token_info['oauth_token_secret']);
$oauth->setAuthType(OAUTH_AUTH_TYPE_FORM);
$oauth->fetch($rdio_api_url, array("method" => "currentUser", "extras" => "username"), OAUTH_HTTP_METHOD_FORM);
$json = json_decode($oauth->getLastResponse());
print_r($json);
Using OAUTH_AUTH_TYPE_FORM is only a workaround.
Pecl's oauth extension version 1.2.3 has a bug; getRequestToken and getAccessToken use GET requests instead of POST as the RFC wants.
You can work around this bug by passing OAUTH_HTTP_METHOD_POST as 3rd parameter to getRequestToken and 4th parameter to getAccessToken. Yes, those parameters are undocumented.
Version 1.2.4 of pecl/oauth will default to POST.