I've spent several hours reading through many posts already trying to get this to work and am still having issues with it. I'm trying to use the protectedpdf api which requires a three step process to login and receive an auth token, involving the hmac_sha1 hashing algorithm.
I'm making use of the hmac_hash() function in php so the code is simply:
$accessKey = "test";
$dataString = strtolower((string)$clientNonce.(string)$serverNonce.$accesskey);
$clientHash = strtoupper(hash_hmac('sha1', $dataString, $accessKey));
Where ClientNonce and ServerNonce are uuids like 30df805c-27d6-4df1-b482-48b685cc8f54
For a sample set of Client and Server Nonces, the built-in php function returns:
C39B753E50DB06DF3DE8E41C682FA8151B49ECBD and i get an authentication error in response to the login attempt.
Using the free formatter hmac generator online tool the same input yields:
7f48c3018c0e53a0b64a60bb7809c7a20a80c9a2
I would greatly appreciate any help - thanks!!!
Related
I am trying to set up Oauth with the YouTube Data API. I had a Laravel app which has Socialite set up. Out of the box YouTube isn't set up with this but I saw that there is a provider for YouTube here:
https://socialiteproviders.netlify.app/providers/you-tube.html
I have done all of the steps outlined on the page along with all routes that I need. I have also done the Oauth set up on Google Developer Console and got the client ID/secret key and set the callback.
When I use the login URL it works where I'm redirected for login with Google. The problem comes when the callback URL is reached. I get the error:
ErrorException
Undefined index: items
This occurs on the provider callback function which has the code:
$user = Socialite::driver('youtube')->user();
I have tried using stateless:
$user = Socialite::driver('youtube')->stateless()->user();
But get the same error. All caches have been cleared. I am pretty sure that the setup was done correctly as I'm also using the Twitch provider from https://socialiteproviders.netlify.app/providers/twitch.html which the setup was similar and it works correctly.
Please can anyone advise? Thanks.
Try selecting the fields you want to access first:
$user = Socialite::driver('youtube')->fields([
'items'
])->user();
I'm facing the same issue. Is it possible that the API has changed? If I take a look at the raw response there
I also stumbled onto this issue:
When I tested it, I did not got the error, but my colleague did so I figured it had something to do with the account that tried to connect.
I changed my approach from:
$user = Socialite::driver('youtube')->stateless()->user();
And just received tokens by doing this:
$socialite = Socialite::driver('youtube');
$code = $request->input('code');
$response = $socialite->getAccessTokenResponse($code);
$response will contain an array of tokens. I used these tokens to connect it to an existing user in my database.
I don't know if this is the solution for your workflow, but it is a way to get around the mysterious error.
The issue is due to YouTube no longer automatically creating a channel for your google/gmail account like it did in the past. This results in responses completely missing an items array.
if you dd($response->getBody()->getContents()) the response for an account that throws an error you'll see this.
I've made a pull request for this here. https://github.com/SocialiteProviders/YouTube/pull/8
I am attempting to a validate the webhook transaction from WooCommerce on my Node.js website. However I cannot get the 2 strings to match.
I can see that the php signature is generated with the following code, and the source can be viewed here WooCommerce Source.
base64_encode( hash_hmac( $hash_algo, $payload, $this->get_secret(), true ) ));
I have noticed that if i turn off true on the hash_hmac, I can then get the 2 systems to create a match, however I would rather not edit the core of WooCommerce so I am wondering if there is something I am missing here?
For my Example I did edit the core and forced the payload to be the following, just so i could easily try and match the 2 systems
payload = '{"id":1,"etc":2,"host":"http:/\/localhost\/view-order\/8"}'
secret = 'welcome'
My code in Node.Js is the following.
var crypto = require('crypto');
hmac = crypto.createHmac('sha256', secret);
hmac.setEncoding('binary');
hmac.write(payload);
hmac.end();
hash = hmac.read();
result = base64.encode(hash);
console.log(result);
If I remove the url from the "host" JSON then it does work, is it something to do with the way it has been escaped?
I think it may be an issue with the way PHP and node do the SHA256 hashing. I really can't workout exactly how to solve this.
Any help would be great,
Thanks
I have run into a similar issue as you, using the code suggested here:
SHA256 webhook signature from WooCommerce never verifies
var processWebHookSignature = function (secret, body, signature) {
signatureComputed = crypto.createHmac('SHA256', secret)
.update(new Buffer(JSON.stringify(body), 'utf8'))
.digest('base64');
return ( signatureComputed === signature ) ? true : false;
}
(Where body comes from req.body).
This only started working for me when I changed the way I obtain the raw body. I got it using the bodyParser middleware:
app.use(bodyParser.json({verify:function(req,res,buf){req.rawBody=buf}}))
(As explained in: https://github.com/expressjs/body-parser/issues/83#issuecomment-80784100)
So now instead of using
new Buffer(JSON.stringify(body), 'utf8') I just use req.rawBody
I hope this solves your problems too.
I can't get the Rdio PHP API to work (i.e. retrieve some meaningful data). I need to write a simple function for fetching info about track / album stored in a ShortCode.
I am using PHP version of this:
https://github.com/rdio/rdio-simple
And this is my PHP code:
require_once 'rdio.php';
$rdio = new Rdio(array("MyClientID", "MyClientSecret"));
$request = $rdio -> call("getObjectFromShortCode", array("short_code" => "SomeShortCode"));
return $request;
However, when I do print_r() on the function output, there is no output at all.
I am a bit confused about how to initialize the API and get the response. The Rdio developer documentation itself doesn't give me a clue when trying to resolve the issue.
Would you mind telling me how to properly retrieve data using PHP from the API?
The Rdio PHP library currently doesn't support OAuth 2.0. You can try using a generic OAuth 2.0 library to make requests.
As in the subject, I'm working with the Google DFA (DoubleClick for Advertisers) APIs v1.20 and I'm trying to get the list of all my Advertisers.
I didn't found any client library for PHP and DFA APIs v1.20.
The connection is established by SOAP, as requested by Google API docs (https://developers.google.com/doubleclick-advertisers/docs/getting_started)
The authentication process seems to work correctly but the list request return the following error:
WSDoAllReceiver: security processing failed; nested exception is: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: Callback supplied no password for: MyUsername)
To build the header I'm using the following code
$advertiserService = new SoapClient($advertiserWsdl, $options);
// Set headers.
$headers = array(DfaHeadersUtil::createWsseHeader($username, $authToken),
DfaHeadersUtil::createRequestHeader($namespace, $applicationName));
Where the DfaHeadersUtil is a class into the file DfaHeadersUtil.php provided by Google as "header creator".
Is there anybody could help me with this?
Thank you in advance,
Mauro
SOLVED:
The problem was given by not sufficient permissions assigned by the admin to my user..
Easy solution that made me waste half week.. :(
What I learnt:
Occam's razor: "the simplest explanation is usually the correct one"..
Next time.. check the permissions :)
Thank you
I try to get the Live Delegated Authentication to work for the purpose of reading the email addresses.
I am doing this in PHP with the help of the windowslivelogin library. The problem is that I get an error.
I'm not sure what I'm doing wrong, i registered my application on the Azure webpage and got the appid and the secret into the code. This is what i use to initialize the Live Library :
$o = new WindowsLiveLogin();
$o->setAppId('000000004801B670');
$o->setSecret('secret');
$o->setSecurityAlgorithm('wsignin1.0');
$o->setDebug(true);
$o->setPolicyUrl('http://www.google.com/aides.html');
$o->setReturnUrl("http://michaelp.dev.gamepoint.net/framework/mainsite/contactimporter/?service=live");
return $o;
Then I call
$this->LiveLibrary->getLoginUrl()
And after I Login in to Live, it posts 2 things back, $_POST['stoken'] and $_POST['action'].
As soon as I call
$this->LiveLibrary->processLogin($_REQUEST);
It fails and gives back an error that the token is invalid.
I tried getting Consent straight away by making redirecting to
$this->LiveLibrary->getConsentUrl("Contacts.View");
But that gives an 3007 error and says that it cant share the information
According to MS this means the following :
3007
Consent Service API failed in the <method name> method. The application verifier is invalid.
The offer security level requires that a valid application verifier be passed with the request.
I am using the following URL, generated by the library
https://consent.live.com/Delegation.aspx?ps=Contacts.Invite&ru=http%3A%2F%2Fmichaelp.dev.gamepoint.net%2Fframework%2Fmainsite%2Fcontactimporter%2F%3Fservice%3Dlive&pl=http%3A%2F%2Fwww.google.com%2Faides.html&app=appid%3D000000004801B670%26ts%3D1251722931%26sig%3DD2gkM%252F%252FwlRXXfS64NMrV%252Bkt50v6dAOcESblfRk7j%252FUE%253D
I don't understand most of the documentation Microsoft has on this thing, I think its really unclear and chaotic. Also the Sample I tried doesn't work. I get an error message, it can't validate/decode the token. Same I get when I try the processLogin().
Thanks in Advance,
Michael