<?php
// Oauth basic configuration
$oauthbaseurl = "https://sandbox.woohoo.in/";
$requestTokenUrl = "https://sandbox.woohoo.in/oauth/initiate?oauth_callback=oob";
$accessTokenUrl = "https://sandbox.woohoo.in/oauth/token";
$consumerkey = "8af50260ae5444bdc34665c2b6e6daa9";
$consumersecret = "93c1d8f362749dd1fe0a819ae8b5de95";
$callbackUrl = "https://sandbox.woohoo.in/";
// oauth library file included
include_once "../../library/OAuthStore.php";
include_once "../../library/OAuthRequester.php";
define("WOOHOO_CONSUMER_KEY", "8af50260ae5444bdc34665c2b6e6daa9"); //
define("WOOHOO_CONSUMER_SECRET", "93c1d8f362749dd1fe0a819ae8b5de95");
// define constant variable
define("WOOHOO_OAUTH_HOST", "https://sandbox.woohoo.in/");
define("WOOHOO_REQUEST_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/initiate?oauth_callback=oob");
define("WOOHOO_AUTHORIZE_URL", WOOHOO_OAUTH_HOST . "oauth/authorize/customerVerifier");
define("WOOHOO_ACCESS_TOKEN_URL", WOOHOO_OAUTH_HOST . "oauth/token");
define('OAUTH_TMP_DIR', function_exists('sys_get_temp_dir') ? sys_get_temp_dir() : realpath($_ENV["TMP"]));
// Init the OAuthStore
$options = array(
'consumer_key' => WOOHOO_CONSUMER_KEY,
'consumer_secret' => WOOHOO_CONSUMER_SECRET,
'server_uri' => WOOHOO_OAUTH_HOST,
'request_token_uri' => WOOHOO_REQUEST_TOKEN_URL,
'access_token_uri' => WOOHOO_ACCESS_TOKEN_URL
);
// Note: do not use "Session" storage in production. Prefer a database
// storage, such as MySQL.
OAuthStore::instance("Session", $options);
try {
if (empty($_GET["oauth_token"])) {
$getAuthTokenParams = array(
'scope' => 'https://sandbox.woohoo.in/',
'xoauth_displayname' => 'Oauth test',
'oauth_callback' => 'https://sandbox.woohoo.in/'
);
// get a request token
$tokenResultParams = OAuthRequester::requestRequestToken(WOOHOO_CONSUMER_KEY, 0, $getAuthTokenParams);
// print the token result params
echo "Token obtain response";
echo "<pre>";
print_r($tokenResultParams);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => WOOHOO_AUTHORIZE_URL . "?oauth_token=" . $tokenResultParams['token'] . "&username=finnovationapisandbox@woohoo.in&password=finnovationapisandbox@1234",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"cache-control: no-cache"
)
));
$woohoovery_response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $woohoovery_response;
}
$woohoovery = json_decode($woohoovery_response);
$verifier = $woohoovery->verifier;
// print the verifier
echo "Token verrified response";
echo "<pre>";
print_r($woohoovery_response);
//exit;
$oauthTimestamp = time();
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$nonce = '';
for ($i = 0; $i < 32; $i++) {
$nonce .= $characters[mt_rand(0, strlen($characters) - 1)];
}
$oauthSignatureMethod = "HMAC-SHA1";
$oauthVersion = "1.0";
$params = array(
'oauth_consumer_key' => $consumerkey,
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => $oauthTimestamp,
'oauth_nonce' => $nonce,
'oauth_verifier' => $verifier,
'oauth_token' => $tokenResultParams['token'],
'oauth_version' => '1.0'
);
echo "<pre>";
print_r($params);
//exit;
$post_string = urlencode('GET') . "&" . urlencode(WOOHOO_ACCESS_TOKEN_URL) . "?";
echo "<pre>";
print_r($post_string);
//exit;
foreach ($params as $key => $value) {
$stringPart = urlencode($key . "=" . $value . "&");
$post_string .= $stringPart;
}
//exit;
$post_string = rtrim($post_string, '%26');
$signatureKey = urlencode($consumersecret) . "&" . urlencode($tokenResultParams['token_secret']);
echo "<pre>";
print_r($signatureKey);
$signature = base64_encode(hash_hmac('sha1', $post_string, $signatureKey));
$signature = urlencode($signature);
// print the signature
echo "<pre>";
echo " signature ";
print_r($signature);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => WOOHOO_ACCESS_TOKEN_URL . "?oauth_consumer_key=" . WOOHOO_CONSUMER_KEY . "&oauth_verifier=" . $verifier . "&oauth_token=" . $tokenResultParams['token'] . "&oauth_signature_method=" . $oauthSignatureMethod . "&oauth_signature=" . $signature . "&oauth_nonce=" . $nonce . "&oauth_timestamp=" . $oauthTimestamp . "&oauth_version=1.0",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"cache-control: no-cache"
)
));
$woohoospendresponse = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
// print final access token and secret key here i m getting signature invalid error
echo "<pre>";
print_r($woohoospendresponse);
exit;
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $woohoospendresponse;
}
}
}
catch (OAuthException2 $e) {
echo "OAuthException: " . $e->getMessage();
var_dump($e);
}
?>
What is access token secret that you are trying to refer? in any OAuth implementation you will get Authorization Code, Access token, refresh tokens, bearer tokens. Did you verify your Curl requests before executing your php code. Invoke Curl command and see if you were able to retrieve the required values.
Following are some of the Curl requests that you can use to test. Make sure your Curls are working and then proceed fixing your php code
#To retrieve Authorization Code
Curl -X POST -d "client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&resource=https%3A%2F%2Fservice.contoso.com%2F
&state=12345" 'https://login.microsoftonline.com/{tenant}/oauth2/authorize?'
#To retrieve acess token using Authorization code
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "code=AQABAAIAAABnfi&client_id=12456&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'
#This will retrieve new access token and refresh token. This is for native client which doesn't require client_secret
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=123456&refresh_token=dlfldfdklfdfsADS2sd&grant_type=refresh_token&client_secret=" 'https://login.microsoftonline.com/common/oauth2/v2.0/token'