I am trying to implement OAuth2 with Doctrine as an entity manager. I followed this tutorial exactly:
http://bshaffer.github.io/oauth2-server-php-docs/cookbook/doctrine2/
Here is my code that is called when a user makes a request to the API:
// obtaining the entity manager
$entityManager = EntityManager::create($conn, $config);
$clientStorage = $entityManager->getRepository('OAuthClient');
$clients = $clientStorage->findAll();
print_r($clients); // We are getting the clients from the database.
$userStorage = $entityManager->getRepository('OAuthUser');
$accessTokenStorage = $entityManager->getRepository('OAuthAccessToken');
$authorizationCodeStorage = $entityManager->getRepository('OAuthAuthorizationCode');
$refreshTokenStorage = $entityManager->getRepository('OAuthRefreshToken');
//Pass the doctrine storage objects to the OAuth2 server class
$server = new \OAuth2\Server([
'client_credentials' => $clientStorage,
'user_credentials' => $userStorage,
'access_token' => $accessTokenStorage,
'authorization_code' => $authorizationCodeStorage,
'refresh_token' => $refreshTokenStorage,
], [
'auth_code_lifetime' => 30,
'refresh_token_lifetime' => 30,
]);
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($clientStorage));
// handle the request
$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
Whenever a call using the correct credentials is made, I get this response:
Array
(
[0] => OAuthClient Object
(
[id:OAuthClient:private] => 1
[client_identifier:OAuthClient:private] => testclient
[client_secret:OAuthClient:private] => testpass
[redirect_uri:OAuthClient:private] => http://fake.com
[hashOptions:protected] => Array
(
[cost] => 11
)
)
[1] => OAuthClient Object
(
[id:OAuthClient:private] => 2
[client_identifier:OAuthClient:private] => trevor
[client_secret:OAuthClient:private] => hutto
[redirect_uri:OAuthClient:private] => https://www.another.com
[hashOptions:protected] => Array
(
[cost] => 11
)
)
)
{"error":"invalid_client","error_description":"The client credentials are invalid"}
So we are getting the clients from the database, we should be checking them, and returning that they in fact exists and issuing an access token. However, for some reason, OAuth2 Server (can be seen here) can not match the given credentials with the stored credentials.
I do not think this is a Doctrine problem because I can retrieve the results fairly easily using findAll().
My question is:
Why is this happening, and how can I fix it?
I found the problem. In the tutorial (http://bshaffer.github.io/oauth2-server-php-docs/cookbook/doctrine2/) they fail to mention that when the client secret is checked with against a hashed version of the provided client secret.
In the tutorial they do not hash the example client secret when they put it in the database.
If you hash your client secret when inserting it into the database, it will work as expected.
Related
I'm trying to integrate Cyber Source Payment gateway in php using REST API. And I found following reference link in github
After required changes finally I can able to login (Authenticate) to Cyber source but, Im getting below error. (I can check the logs from Cyber Source)
req_reference_number: 474 => ERROR 101 - Request parameters are invalid or missing
signed: true
Array
(
[auth_trans_ref_no] => 474
[decision] => ERROR
[message] => Request parameters are invalid or missing
[reason_code] => 101
[req_access_key] => 5e00e27842d73381b0**************
[req_amount] => 569
[req_bill_to_address_city] => Mountain View
[req_bill_to_address_country] => US
[req_bill_to_address_line1] => 1 My Apartment
[req_bill_to_address_line2] => 2 nd street
[req_bill_to_address_postal_code] => 94043
[req_bill_to_address_state] => CA
[req_bill_to_email] => someemail#somedomain.com
[req_bill_to_forename] => Elavarasan
[req_bill_to_phone] => 6508764564
[req_bill_to_surname] => Natarajan
[req_currency] => USD
[req_customer_ip_address] => 127.0.0.1
[req_device_fingerprint_id] => v1rh0p44gpnhag1a7mfp9tst25
[req_item_0_code] => KFLTFDIV
[req_item_0_name] => KFLTFDIV
[req_item_0_quantity] => 1
[req_item_0_sku] => sku001
[req_item_0_unit_price] => 20.00
[req_item_1_code] => KFLTFD70
[req_item_1_name] => KFLTFD70
[req_item_1_quantity] => 1
[req_item_1_sku] => sku002
[req_item_1_unit_price] => 10.00
[req_line_item_count] => 2
[req_locale] => en-us
[req_merchant_defined_data1] => MDD1
[req_merchant_defined_data2] => MDD2
[req_merchant_defined_data3] => MDD3
[req_merchant_defined_data4] => MDD4
[req_merchant_descriptor] => Krungsri
[req_override_custom_cancel_page] => http://localhost/cyphp/sa-wm/response.php
[req_override_custom_receipt_page] => http://localhost/cyphp/sa-wm/response.php
[req_profile_id] => *******************************
[req_reference_number] => 474
[req_transaction_type] => sale
[req_transaction_uuid] => 5aa6329409169
[required_fields] => payment_method
[signature] => IJ0iEsOJLZe2W4dNrogdzp8op8Evon2wU1KvA3W6SzM=
[signed_date_time] => 2018-03-12T07:57:00Z
[signed_field_names] => decision,req_access_key,req_profile_id,req_transaction_uuid,req_transaction_type,req_reference_number,req_amount,req_currency,req_line_item_count,req_locale,req_override_custom_receipt_page,req_override_custom_cancel_page,auth_trans_ref_no,req_item_0_code,req_item_0_name,req_item_0_quantity,req_item_0_sku,req_item_0_unit_price,req_item_1_code,req_item_1_name,req_item_1_quantity,req_item_1_sku,req_item_1_unit_price,req_bill_to_forename,req_bill_to_surname,req_bill_to_email,req_bill_to_phone,req_bill_to_address_line1,req_bill_to_address_line2,req_bill_to_address_city,req_bill_to_address_state,req_bill_to_address_country,req_bill_to_address_postal_code,req_customer_ip_address,req_device_fingerprint_id,req_merchant_defined_data1,req_merchant_defined_data2,req_merchant_defined_data3,req_merchant_defined_data4,req_merchant_descriptor,required_fields,reason_code,message,signed_field_names,signed_date_time
[utf8] => ✓
)
If I rename or remove any parameter, then authentication is failed. So I hope that, I'm passing some wrong value. But I couldn't find out which one is..
I tried to change almost every field values which I'm passing, but every time getting same error
ERROR 101 - Request parameters are invalid or missing
Finally I found sample code (php) from Cyber Source, we just have to configure as per the credential. Here is the link
Source Code
You have to define you Secret key in security.php file
define ('SECRET_KEY', '7f15d699ff14461b9a84*****');
And,
access_key and profile_id in signeddatafields.php file
<input type="hidden" name="access_key" value="5e00e27842d73******">
<input type="hidden" name="profile_id" value="43C533AC-****-****-****-*********">
That's it.
I only did the SOAP as well, but after a look at their rest v1 example, it looks like the api key and secret key are passed to create a paytoken in the Apiclient. An authorization payment should be something like this(after u install the sdk):
<?php
use \CyberSource\Authorizations as Authorizations;
use \CyberSource\Configuration as Configuration;
class CyberSource {
private $config;
function __construct($apiKey, $secretKey) {
// pass apikey and secretkey to configuration
$this->config = new Configuration($apiKey, $secretKey);
}
private function runAuth($this->config) {
$api = new Authorizations($this->config);
$jsonPayload = // ur json request payload
try{
// pass the request json payload object
$response = $api->createAuthorization($jsonPayload);
} catch (\E $e) {
//throw error here
}
}
}
if you have to use v2 then u need to read this pdf there are several things you need to add to the header for account authentication.
Having difficulties authorizing php SoapClient with MS Dynamic Great Plains. I can connect through SoapUI. However, it only successfully connects on 3rd attempt. Also, the auth token progressively gets longer. See pastebin link below.
I made use of the following package (https://github.com/mlabrum/NTLMSoap) to setup a NTLM stream, but it doesn't seem to be sending a correct token. The token length is shorter than what is sent through SoapUI.
$wsdlUrl = 'http://example.org:48620/Metadata/Legacy/Full/DynamicsGP.wsdl';
$options = [
'ntlm_username' => 'Domain\username',
'ntlm_password' => 'password'
];
$soapClient = new \NTLMSoap\Client($wsdlUrl, $options);
$params = array(
criteria => array(
'ModifiedDate' => array(
'GreaterThan' => '2016-04-18',
'LessThan' => '2016-04-19'
)
),>
'context' => array(
'OrganizationKey' => array(
'type' => 'CompanyKey',
'Id' =
)
)
);
$soapClient->__setLocation('http://example.org:48620/DynamicsGPWebServices/DynamicsGPService.asmx');
$response = $soapClient->GetPurchaseOrderList(array($params));
I had to set use ___setLocation() because client was being forwarded to http://localmachine:48620/DynamicsGPWebServices/DynamicsGPService.asmx
I have been trying to get Charles Web Proxy to work to show the actual the request/response, buts its crapped out on me.
This is the SoapUI output. http://pastebin.com/7zg4E3qD
My problem is quite strange (at least to me) as I have a request URL that works in the console but throws the Sorry, that page does not exist error in my php script, even though the connection is up and running.
So this
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_secret']);
$user = $connection->get('account/verify_credentials');
print_r($user);
works great, the $user data is printed out on the screen.
However, I am unable to check a friendship status as:
$x = $connection->get('https://api.twitter.com/1.1/friendships/show.json?source_id=707482092&target_id=755811768&target_screen_name=assetspersonifi');
As I get the error.
When I put this request into the Twitter API console, it gives back the json that I don't receive in my php code.
I'm using Abraham's twitteroauth library but this does not work either:
$follows_faelazo = $connection->get('friendships/exists', array('user_a' => 'blfarago', 'user_b' => 'faelazo'));
if(!$follows_faelazo){
echo 'You are NOT following #faelazo!';
$connection->post('friendships/create', array('screen_name' => 'faelazo'));
} else {
print_r($follows_faelazo);
}
stdClass Object ( [errors] => Array ( [0] => stdClass Object ( [message] => Sorry, that page does not exist [code] => 34 ) ) )
I read that friendships/exists API is no longer supported by the Twitter API and I should use friendships/show but how if it's not working as you see above?
To prove that everything else is working, I can follow others with
$connection->post('friendships/create', array('screen_name' => 'faelazo'));
Why?
I found a way. Here's the documentation
$following = $connection->get('friendships/show', array(
'source_screen_name' => $_SESSION['username'],
'target_screen_name' => $screen_name_to_follow,
));
An alternative would be
$following = $connection->get('friendships/lookup', array('screen_name' => $screen_name_to_follow));
Look it up in Twitter doc.
Just wondering if anyone knows why Amazon's AWS would be telling me "The X509 Certificate you provided does not exist in our records."
Here's the code I'm using...
$sqs = new AmazonSQS();
$queue_url = 'my_url';
$options = array(
'MaxNumberOfMessages' => 10,
);
$resp = $sqs->receive_message($queue_url, $options);
print_r($resp);
Here's the response I get...
[Type] => Sender
[Code] => InvalidClientTokenId
[Message] => The X509 Certificate you provided does not exist in our records.
[Detail] => CFSimpleXML Object
Here's the CFCredentials array I'm using inside config.inc.php...
'#default' => array(
'key' => 'my-key',
'secret' => 'my-secret',
'default_cache_config' => 'cache',
'certificate_authority' => FALSE
)
In order to use Amazon SQS, you have to specifically sign up for Amazon SQS ; it looks like you are not sign-up. You can do it by visiting this page and clicking the button labeled "Sign up for Amazon SQS".
The reason I was getting this error was because I am using MAMP PRO which doesn't have CURL installed with SSL. Only CURL.
So to get around this so I could test from my local machine was the below code. Note the "#" on the second line. I used this to suppress the warning that is given out by disable_ssl() method.
$s3 = new AmazonS3();
#$s3->disable_ssl();
Hey everyone,
I am trying to get the session_key and secret for a facebook session (offline_access) in canvas application.
However, I am unable to get these two particular variables.
When, I am testing the same code locally, I can get the variables above (but this can be because the local app is not a canvas application)
I 'm using the following code, for redirect:
$facebook->getLoginUrl(array(
'canvas' => 1,
'fbconnect' => 0,
'req_perms' => 'user_status,publish_stream,offline_access'
));
Can someone suggest me on how I can grab the session_key and secret, when the user authorizes the application? (for permanent offline access)
Here is an example session dump via Facebook:
Array (
[uid] => 100000926583671
[session_key] =>
[expires] => 0
[secret] =>
[base_domain] =>
[access_token] => 183043495039366|3ab6ac2asdkhj1bcfdec13d7-100000926583671|jJQaIT-n80YxioAasdwN0cm99U
[sig] => 2f64sadasc1da31c12927a052752776
)
and this is the error:
Array (
[error] => Array (
[type] => OAuthException
[message] => An active access token must be used to query information about the current user.
)
)
session_key and secret are now deprecated, and Facebook wants you to use Oauth authentication schema. Then, you will have to use given access_token (that you correctly get in $session) to make your api calls.
Try:
$session = $facebook->getSession();
$me = $facebook->api('/100000926583671',
array('access_token' => $session['access_token'])
);
var_dump($me);
Ref:
http://developers.facebook.com/docs/authentication/