I am implementing JWT in my application using php-jwt library from Firebase. I tried the example in the site and it is working fine.
$token = array(
"iss" => "http://example.org",
"aud" => "http://example.com",
"iat" => 1356999524,
"nbf" => 1357000000
);
However if I try to include other claims such as exp or sub, it throws UnexpectedValueException ('Wrong number of segments') exception. Has somebody encountered this issue ? Does the php-jwt library supports only the four claims shown in the example ? The code to receive the token in api is given below:
$headers = null;
if (isset($_SERVER['Authorization'])) {
$headers = trim($_SERVER["Authorization"]);
}
else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
$headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
} elseif (function_exists('apache_request_headers')) {
$requestHeaders = apache_request_headers();
$requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
//print_r($requestHeaders);
if (isset($requestHeaders['Authorization'])) {
$headers = trim($requestHeaders['Authorization']);
}
}
if (!empty($headers)) {
if (preg_match('/Bearer\s(\S+)/', $headers, $matches)) {
$jwt = $matches[1];
}
}
$key = "example_key";
$decoded = JWT::decode($jwt, $key, array('HS256'));
$decoded_array = (array) $decoded;
If the token is generated using the example in the site, then it works fine. If the token is generated using claims like:
$tokenId = base64_encode(mcrypt_create_iv(32));
$issuedAt = time();
$notBefore = $issuedAt + 3;
$expire = $notBefore + 3600;
$token = array(
"iss" => "http://example.com",
"aud" => "http://example.com",
"iat" => $issuedAt,
"nbf" => $notBefore,
"exp" => $expire,
"gate" => "kanchanjuri",
"tokenId" => $tokenId
);
then the api call fails.
From app, the token is sent s follows:
HttpURLConnection con = null;
URL url = new URL(query);
con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
con.addRequestProperty("Authorization", "Bearer " + token);
if (con.getResponseCode() != 200) {
throw new RuntimeException("Failed : HTTP error code : "
+ con.getResponseCode());
}
Thanks
Related
I've generated my client code from proto files. Now I'm trying to connect but get the 'jwt' is not located at the context error from server. Here's what I do:
$myServiceClient = new MyServiceClient(
"$host:$port",
[
'credentials' => ChannelCredentials::createInsecure(),
'update_metadata' => function ($metaData) use ($token) {
// $metaData['authorization'] = ['jwt' . $token]; // doesn't work
// $metaData['authorization']['jwt'] = $token; // doesn't work
// $metaData['jwt'] = $token; // doesn't work
$metaData['authorization'] = ['Bearer ' . $token]; // doesn't work
return $metaData;
},
]
);
$unaryCall = $myServiceClient->MyMethod(new MyMethodRequest());
$wait = $unaryCall->wait();
Try this
$myServiceClient = new MyServiceClient(
"$host:$port",
[
'credentials' => ChannelCredentials::createInsecure(),
'update_metadata' => function ($metaData) use ($token) {
$metaData['Authorization'] = 'Bearer ' . $token;
return $metaData;
},
]
);
Best HTTP Authorization header type for JWT
Or like this:
https://jwt.io/introduction
Authorization: Bearer <token>
The following works for me:
$myServiceClient = new MyServiceClient(
"$host:$port",
[
'credentials' => ChannelCredentials::createInsecure(),
'update_metadata' => function ($metaData) use ($token) {
$metaData['jwt'] = [$token];
return $metaData;
},
]
);
I want to communicate with an installation of Moodle 2.9.
The following sample client is a slight modification of:
https://github.com/moodlehq/sample-ws-clients/blob/master/PHP-REST/client.php
to use Unirest instead of Curl and JSON instead of XML:
$token = 'd1c74d6466daaaaad59b5d99906bfc84';
$domainname = 'http://moodle.example.com';
$functionname = 'core_user_create_users';
// REST RETURNED VALUES FORMAT
$restformat = 'json';
$user1 = new \stdClass();
$user1->username = 'testusername1';
$user1->password = 'testpassword1';
$user1->firstname = 'testfirstname1';
$user1->lastname = 'testlastname1';
$user1->email = 'testemail1#moodle.com';
$user1->auth = 'manual';
$user1->idnumber = 'testidnumber1';
$user1->lang = 'en';
$user1->theme = 'standard';
$user1->timezone = '-12.5';
$user1->mailformat = 0;
$user1->description = 'Hello World!';
$user1->city = 'testcity1';
$user1->country = 'au';
$preferencename1 = 'preference1';
$preferencename2 = 'preference2';
$user1->preferences = array(
array('type' => $preferencename1, 'value' => 'preferencevalue1'),
array('type' => $preferencename2, 'value' => 'preferencevalue2'));
$user2 = new \stdClass();
$user2->username = 'testusername2';
$user2->password = 'testpassword2';
$user2->firstname = 'testfirstname2';
$user2->lastname = 'testlastname2';
$user2->email = 'testemail2#moodle.com';
$user2->timezone = 'Pacific/Port_Moresby';
$users = array($user1, $user2);
$params = array('users' => $users);
/// REST CALL
$serverurl = $domainname . '/webservice/rest/server.php' . '?wstoken=' . $token . '&wsfunction=' . $functionname;
//if rest format == 'xml', then we do not add the param for backward compatibility with Moodle < 2.2
$restformat = ($restformat == 'json') ? '&moodlewsrestformat=' . $restformat : '';
$headers = array('Accept' => 'application/json');
$response = UnirestRequest::post($serverurl . $restformat, $headers, json_encode($params));
On execution I got an error:
"Notice: Array to string conversion"
, allegedly because of the parameters going in the body. So, I figured I had to serialize the body before sending it, but when I tried:
$response = UnirestRequest::post($serverurl . $restformat, $headers, json_encode($params));
I got back from Moodle:
{"exception":"invalid_parameter_exception","errorcode":"invalidparameter","message":"Detectado
valor de par\u00e1metro no v\u00e1lido","debuginfo":"Missing required
key in single structure: users"} ◀"
There must be something I'm not understanding about how exactly the POST request must look like. Any suggestion?
Moodle expects the body of the post to be URL encoded, so your body must be built
using http_build_query($params) (or any other method to encode your data) such as:
$convertedpostdata = implode('&', $params);//where $params is an array
As far as why, I dont really recall, I remember struggling with an implementation a while ago, you can view
[your_moodle_installation.com]/admin/webservice/documentation.php for more documentation, additionally you here's an example of what I did:
https://gist.github.com/Scott972/5d9e9495c1397a2ad728b66288ce1d42
I try to use an API for sending sms. I've followed the code from this example, but converted to Guzzle:
Implementation example in PHP for POST Rest Request
<?php
…....
try
{
//POST
$httpClient = new Zend_Http_Client();
$httpClient->setUri("http://www.web2sms.ro/prepaid/message");
$httpClient->setMethod(Zend_Http_Client::POST);
$httpClient->setHeaders("Content-Type", "application/json");
//method param
$crtDate = new Zend_Date();
$apiKey = ""; //value provided
$nonce = $crtDate->get(Zend_Date::TIMESTAMP);
$method = "POST";
$url = "/prepaid/message";
$sender = "";
$recipient = "07xxxxxxxx";//To be fill in !
$message = "";
$visibleMessage = "How the message do you want to appear on the interface. If empty string than $message value will be shown";
$scheduleDate = ''; //Format yyyy-MM-dd HH:mm:ss
$validityDate = ''; //Format yyyy-MM-dd HH:mm:ss
$callbackUrl = '';
$secret = ""; // value provided
$string = $apiKey . $nonce . $method . $url . $sender . $recipient . $message . $visibleMessage . $scheduleDate . $validityDate . $callbackUrl . $secret;
$signature = hash('sha512', $string);
$httpClient->setAuth($apiKey, $signature);
$data = array(
"apiKey" => $apiKey,
"sender" => $sender,
"recipient" => $recipient,
message" => $message,
"scheduleDatetime" => $scheduleDate,
"validityDatetime" => $validityDate,
"callbackUrl" => $callbackUrl,
"userData" => "",
"visibleMessage" => $visibleMessage,
"nonce" => $nonce);
$httpClient->setRawData(Zend_Json::encode($data));
$httpResponse = $httpClient->request();
var_dump($httpResponse);
var_dump($httpResponse->getBody());
var_dump(json_decode($httpResponse->getBody()));
}
catch (Zend_Http_Client_Exception $e)
{
//
}
My Code with Guzzle:
$apiKey = "xxxxxxxxx";
$nonce = time();
$method = "POST";
$url = "http://www.web2sms.ro/prepaid/message";
$sender = "XXXXXXXX";
$recipient = "0768814244";
$message = "Un mesaj";
$visibleMessage = "How the message do you want to appear on the interface. If empty string than value will be shown";
$secret = "xxxxxxxxxx";
$string = $apiKey . $nonce . $method . $url . $sender . $recipient . $message . $visibleMessage . $secret;
$signature = hash('sha512', $string);
$client = new GuzzleHttp\Client([
'headers' => ['Content-Type' => 'application/json']
]);
$data = array(
"apiKey" => $apiKey,
"sender" => $sender,
"recipient" => $recipient,
"message" => $message,
"visibleMessage" => $visibleMessage,
"nonce" => $nonce);
$body = GuzzleHttp\json_encode($data);
$request = $client->request('POST', 'http://www.web2sms.ro/prepaid/message', ['auth' => [$apiKey, $signature], 'body' => $body]);
But still not working;
I receive this error:
Client error: `POST http://www.web2sms.ro/prepaid/message` resulted in a `401 Unauthorized` response:
{"error":{"code":268435459,"message":"IDS_App_Controller_Rest_Message__E_INVALID_REQUEST_DATA_WRONG_SIGNATURE"}}
What I am getting wrong??
I was able to solve it by changing $url to /prepaid/message.
I'm trying to signin the user just with PHP and curl, without any external libraries for Twitter authentication. I follow these Twitter instructions. But I can't figure out how to complete step 3.
1. Obtaining a request token (done)
2. Redirecting the user (done)
3. Converting the request token to an access token. (done * problem)
Here is my code:
// API SETTINGS
$consumerSecret = 'xxx';
$consumerKey = 'xxx';
$oauth_signature_method = 'HMAC-SHA1';
if (!isset($_GET['oauth_verifier'])) {
// STEP 1 - TWITTER OBTAINING A REQUEST TOKEN
$callbackUrl = 'http://localhost/skeletons/webiik/example/login/';
$url = 'https://api.twitter.com/oauth/request_token';
// Data we will send
$data = [
'oauth_callback' => $callbackUrl,
'oauth_consumer_key' => $consumerKey,
'oauth_signature_method' => $oauth_signature_method,
'oauth_timestamp' => time(),
'oauth_nonce' => $token->generate(3),
'oauth_version' => '1.0',
];
// Sort data alphabetically, because Twitter requires that
ksort($data);
// Generate signature and add it to data array
$signData = 'POST&' . urlencode($url) . '&' . urlencode(http_build_query($data));
$secret = '';
$signKey = urlencode($consumerSecret) . '&' . urlencode($secret);
$data['oauth_signature'] = base64_encode(hash_hmac('sha1', $signData, $signKey, true));
// Prepare http headers from data
$httpHeaders = [];
foreach ($data as $key => $value) {
$httpHeaders[] = urlencode($key) . '="' . urlencode($value) . '"';
}
// Add OAuth header with all data
$httpHeaders = 'Authorization: OAuth ' . implode(', ', $httpHeaders);
// Send post request to Twitter API with http headers and data
$res = $http->post($url, ['httpHeaders' => [$httpHeaders]], []);
// If we got some error, show error message and stop
if (count($res['err']) > 0) {
echo $res['err'];
exit;
}
// Prepare data for step 2 and 3 from Twitter's response
parse_str($res['body'], $res);
$oauth_callback_confirmed = $res['oauth_callback_confirmed'];
$oauth_request_token = $res['oauth_token'];
// Store oauth_token_secret into session, we will need it in step 3
$this->sessions->setToSession('oauth_token_secret', $res['oauth_token_secret']);
$this->sessions->setToSession('oauth_token', $oauth_request_token);
// STEP 2 - REDIRECTING THE USER TO TWITTER LOGIN
header('HTTP/1.1 302 Found');
header('Location: https://api.twitter.com/oauth/authenticate?oauth_token=' . urlencode($oauth_request_token));
}
// STEP 3 - CONVERTING THE REQUEST TOKEN TO AN ACCESS TOKEN
$url = 'https://api.twitter.com/oauth/access_token';
$oauth_token = $_GET['oauth_token'];
$oauth_verifier = $_GET['oauth_verifier'];
// Data we will send
$data = [
'oauth_consumer_key' => $consumerKey,
'oauth_nonce' => $token->generate(3),
'oauth_signature_method' => $oauth_signature_method,
'oauth_timestamp' => time(),
'oauth_token' => $oauth_token,
'oauth_version' => '1.0',
];
// Sort data alphabetically, because Twitter requires that
ksort($data);
// Generate signature and add it to data array
$signData = 'POST&' . urlencode($url) . '&' . urlencode(http_build_query($data));
$secret = $this->sessions->getFromSession('oauth_token_secret');
$signKey = urlencode($consumerSecret) . '&' . urlencode($secret);
$data['oauth_signature'] = base64_encode(hash_hmac('sha1', $signData, $signKey, true));
// Sort data also with added oauth_signature, just for sure
ksort($data);
// Prepare http headers from data
$httpHeaders = [];
foreach ($data as $key => $value) {
$httpHeaders[] = urlencode($key) . '="' . urlencode($value) . '"';
}
// Add OAuth header with all data
$httpHeaders = ['Authorization: OAuth ' . implode(', ', $httpHeaders)];
$httpHeaders[] = 'Content-Length: ' . strlen('oauth_verifier=' . urlencode($oauth_verifier));
$httpHeaders[] = 'Content-Type: application/x-www-form-urlencoded';
// Add oauth_verifier to POST data
$postData = ['oauth_verifier' => $oauth_verifier];
// Send post request to Twitter API with http headers and data
$res = $http->post($url, ['httpHeaders' => $httpHeaders], $postData);
// If we got some error, show error message and stop
if (count($res['err']) > 0) {
echo $res['err'];
exit;
}
print_r($res);
Edit 1:
$http is just object that creates standard curl requests. In third step the curl request looks like:
$curl = curl_init($url);
curl_setopt_array($curl, [
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FAILONERROR => 1,
CURLOPT_VERBOSE => 1,
CURLOPT_HEADER => 1,
CURLOPT_HTTPHEADER => $arrayOfHttpHeaders,
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => http_build_query($postData),
]);
$response = curl_exec($curl);
// Process response...
Edit 2:
I just updated the code to be more accurate to Twitter's example. Now I really don't know where can be the problem.
Edit 3:
Solution: The code is ok. I had problem with router, which added slash at the end of URL. And I grabbed verifier_token with that slash.
I am using Google Tracks API to build a simple web based program to track a vehicle that has a tracking device sending latitude and longitude coordinates.
I am using PHP and the OAuth2 PHP library to make an authorized connection.
After authorizing and getting an access token I am making a request to create entities. Though I can't seem to get this working and keep getting a "400 Bad Request" response. Following all the steps shown in the documentation.
Here is my code:
$url = 'https://www.googleapis.com/tracks/v1/entities/create/?access_token='.$parsedAuth['access_token'];
$data = array('entities' => array( "name"=> "Chevrolet" ));
$json_data = json_encode($data);
$data_length = http_build_query($data);
$options = array(
'http' => array(
'header' => "Content-type: application/json\r\n". "Content-Length: " . strlen($data_length) . "\r\n",
'method' => 'POST',
'content' => $json_data
),
);
$context = stream_context_create($options);
$response = file_get_contents($url, false, $context);
var_dump($response);
Exact Error is: "failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request"
Why am I getting a bad request? What would be a good request that will register these entities and return id's?
Thank you
The answer given here is wrong. The documentation states that it must be a POST see here My issue was not with the Auth but with the Tracks API itself. I ended up moving to create the request with CURL and it works just fine.
Please. This is PHP with CURL. It works 100%.
//Google maps tracks connection
//Get Files From PHP Library
require_once 'google-api-php-client/src/Google/autoload.php';
require_once 'google-api-php-client/src/Google/Service/MapsEngine.php';
//Set Client Credentials
$client_id = '*************.apps.googleusercontent.com'; //Client ID
$service_account_name = '************#developer.gserviceaccount.com'; //Email Address
$client_email = '*************#developer.gserviceaccount.com';
$private_key = file_get_contents('************.p12');
$scopes = array('https://www.googleapis.com/auth/tracks');
//Create Client
$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
//Send Credentials
$credentials = new Google_Auth_AssertionCredentials(
$client_email,
$scopes,
$private_key
);
$client->setAssertionCredentials($credentials);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($credentials);
}
if (isset($_SESSION['service_token'])) {
$client->setAccessToken($_SESSION['service_token']);
}
$client->setAssertionCredentials($credentials);
$_SESSION['service_token'] = $client->getAccessToken();
foreach ($_SESSION as $key=> $value) {
$vars = json_decode($value);
}
$parsedAuth = (array) $vars;
$token = $parsedAuth['access_token'];
//all functions in the program use this auth token- It should be global for easy accesses.
global $token;
function createEntities(){
global $token;
$url = 'https://www.googleapis.com/tracks/v1/entities/create/?access_token='.$token;
//FIX ME: fields is temporarily hard coded- should be brought from DB
$fields = array(
'entities' => array(
'name' => "DemoTruck",
'type' => "AUTOMOBILE"
),
);
//json string the data for the POST
$query_string = '';
foreach($fields as $key => $array) {
$query_string .= '{"' . urlencode($key).'":[{';
foreach($array as $k => $v) {
$query_string .= '"' . urlencode($k) . '":"' . urlencode($v) . '",';
}
}
$str = rtrim($query_string , ',');
$fstr = $str.'}]}';
$length = strlen( $fstr );
//open connection
$ch = curl_init();
//test connection
if (FALSE === $ch)
throw new Exception('failed to initialize');
//set options
$header = array('Content-type: application/json');
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_HTTPHEADER, $header);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fstr);
$result = curl_exec($ch);
//dump in case of error
if (FALSE === $result){
var_dump( curl_error($ch) );
var_dump( curl_getinfo($ch) );
}
//close connection
curl_close($ch);
}