I've been trying to integrate BitBucket to my application for the past 4 hours to no avail.
While reading through BitBucket's RESTful API documentation, I noticed that you need to use OAuth — it's OK, I'm using J.R Conlin's OAuthSimple library, which if fine by me (I tried oauth-php but it was kinda complicated — I didn't need all of those options for such a small integration).
For what I understand, the first step to authenticate with OAuth is to request a new token via POST. When providing the necessary parameters, you should get a response from BitBucket, like this:
oauth_token=Z6eEdO8lOmk394WozF9oJyuAv899l4llqo7hhlSLik&oauth_token_secret=Jd79W4OQfb2oJTV0vzGzeXftVAwglnEJ9lumzYcl&oauth_callback_confirmed=true
To do that, I'm using cURL and OAuthSimple:
$key = 'key_provided_by_bitbucket';
$secret = 'key_provided_by_bitbucket';
$path = 'https://api.bitbucket.org/1.0/oauth/request_token';
$params = array(
'oauth_consumer_key' => $key,
'oauth_nonce' => base_convert(mt_rand(10000, 90000), 10, 32) . 'a',
'oauth_signature' => 'HMAC-SHA1',
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => time(),
'oauth_callback' => base_url('dashboard'),
'oauth_version' => '1.0a'
);
$oauth = new OAuthSimple($key, $secret);
$result = $oauth->sign(array(
'action' => 'POST',
'path' => $path,
'parameters' => $params
));
// load resulting url into a string
$ch = curl_init($result['signed_url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$r = curl_exec($ch);
curl_close($ch);
The thing is that, when I send my request, one of two things happen:
If I send it like posted here, I will get a 401 error (I can see that via curl_getinfo($ch))
If I set curl_setopt($ch, CURLOPT_POST, 1), I get a 400 Bad request
The resulting string (stored in $r) is an empty string. The signed_url is a correctly formed URL AFAIK, which is something like this:
https://api.bitbucket.org/1.0/oauth/request_token?oauth_callback=http%3A%2F%2Flocalhost%2Fidv&oauth_consumer_key=key_provided_by_bitbucket&oauth_nonce=b47a&oauth_signature=3A1R%2FoKxTqh6Q23poaS%2BVNzhwpE%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1347167282&oauth_version=1.0a
If I enter manually that address into my address bar in a browser, I'll get an Authentication Dialog to the BitBucket API, port 443. I can't login with my credentials, though. Then it will just keep saying "Could not verify OAuth request."
I don't know what I'm doing wrong, since it's my first time using OAuth.
Any help's appreciated!
The problem is that Curl will verify the SSL certificate.
To solve the problem you can tell Curl to ignore the verification of the SSL certificates:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Related
I have developed a system which will send SMS to the customer after making insert to the database
but the system which I worked on is public ie. when my client asked me to buy the system he must insert his SMS API configuration to send a message to his customers
when I searched on the internet I found that every API have a differnt way to send SMS message
I have account in click tell API but when I send message by curl there is nothing happen
the code is
$url = 'https://platform.clickatell.com/messages/http/send?' . http_build_query(
[
'apiKey' => 'oGjnzDdSRhqdhhgnjFj3ZmzYA==',
// 'api_secret' => '4c98619ffb9af51585',
'to' => '94233698311783',
'content' => 'Hello from Netcom'
]
);
echo($url);echo('<br/>');
echo'https://platform.clickatell.com/messages/http/send?apiKey=oGkmzDdSRgekvjFjaZnzYA==&to=905373545631&content=Test+message+text"';
$ch = curl_init($url);
echo($ch);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
echo $response;
Where my code is wrong and what is the way to send SMS dynamically depending on the client's API info
For quick fix and testing add this in your curl request and check response.(Because url is https)
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
But it is recomonded to downloading a CA root certificate bundle at the curl website and saving it on your server which protect your site
I am not aware of Clickatell, but Aws SNS is quite simple,
$payload = array(
'Message' => $message,
'PhoneNumber' => $mobile,
'MessageAttributes' => $msgAttributes
);
$result = $sns->publish($payload);
I am trying coinbase api to send and get money and going to use in game,on running below code for sending money getting invalid signature error, not sure where I am wrong. I tried getting account detail, which is working fine and I am able to get account details.
<?php
$API_VERSION = '2016-02-01';
$curl = curl_init();
$timestamp = json_decode(file_get_contents("https://api.coinbase.com/v2/time"), true)["data"]["epoch"];
$req = "/v2/accounts/:account_id/transactions";
$url = "https://api.coinbase.com".$req;
$cle = "xxxxxxx";
$secret = "xxxxxxxx";
$params=['type'=>'send', 'to'=>'xxxxxxxxxx', 'amount'=>0.0001, 'currency'=>'BTC'];
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_USERAGENT, 'local server',
CURLOPT_POSTFIELDS => json_encode($params),
CURLOPT_HTTPHEADER => array(
"CB-VERSION:" . $API_VERSION,
"CB-ACCESS-SIGN:" . hash_hmac('sha256', $timestamp."GET".$req, $secret),
"CB-ACCESS-KEY:" . $cle,
"CB-ACCESS-TIMESTAMP:" . $timestamp,
'Content-Type: application/json'
),
CURLOPT_SSL_VERIFYPEER => false
));
$rep = curl_exec($curl);
curl_close($curl);
print_r($rep);
?>
In the $req URL, you need to replace :account_id with an actual account ID such as 3c04e35e-8e5a-5ff1-9155-00675db4ac02.
Most importantly, since this is a post request, the OAuth signature needs to include the payload (POST data) in the signature.
hash_hmac('sha256', $timestamp."POST".$req.json_encode($params), $secret),
When I encountered this error, it ended up being the account id, which is different for each of your currency accounts. Spent way too much time trying to figure out what was wrong with my signature... Anyways, I'd definitely try that out as GETs worked for me, but every other request type ended up with the invalid signature error.
Does anyone here know about how to access Google Photos API now that Google has started using OAuth2? The PHP client library in their developer website is now obsolete and does not work!
I have used OAuth to work with Google Drive but Photos does not work! :(
First I use Google_Client to successfully authenticate user. Then in the redirect page I am trying following:
require_once("Google/Client.php");
//set up path for Zend GData, because Google Documentation uses that lib
$clientLibraryPath = '/path/to/ZendGData/library';
$oldPath = set_include_path(get_include_path() . PATH_SEPARATOR . $clientLibraryPath);
require_once 'Zend/Loader.php';
Zend_Loader::loadClass('Zend_Gdata_Photos');
try
{
$authCode = $_GET['code']; //authorization code returned from google
//next create google OAuth Client object and validate...
$webAuth= new Google_Client();
$webAuth->setClientId($clientId);
$webAuth->setClientSecret($clientSecret);
$webAuth->authenticate($authCode); //this authenticate() works fine...
//now my problem is HOW do I tie this to GData API for Picasa :(
//I tried following but it throws error
//*Token invalid - Invalid token: Request token used when not allowed.*
$client = Zend_Gdata_AuthSub::getHttpClient($authCode);
$gp = new Zend_Gdata_Photos($client, "GData:2.0");
$userFeed = $gp->getUserFeed("default");
I have also tried a bunch of third party libraries, tried hooking up my $webAuth into Zend_GData_Photos in everywhich way I can try...I even tried raw curl calls, but nothing is working!
Can anyone help me please? I am at my wits end....I can't believe Google left a fully functional library (PicasaWeb PHP API Ver 1.0) hanging like that when they updated their authentication to OAuth.
I had the same problem but finally I got it working again.
The best thing is, that you do not need any client library to get access to private photos.
I have spent two days trying to make it work with 'service account' but with no luck.
Then I have found this page:
https://holtstrom.com/michael/blog/post/522/Google-OAuth2-with-PicasaWeb.html
which helped me to achieve what I wanted.
It is pretty long article but it should not take to long to sort it out and get it working. Basically you will need to use 'OAuth 2.0 client ID' instead of 'Service account' in your project at https://console.developers.google.com
Within your 'OAuth 2.0 client ID' you will have following information:
Client ID (something-random.apps.googleusercontent.com)
Client Secret (random-client-secret)
Name (www.yoursite.com)
Authorized JavaScript origins (https://www.yoursite.com)
Authorized redirect URIs (https://www.yoursite.com/oauth2.php)
You will use this data in your verification process.
Before you begin, you will need to complete OAuth Consent Screen.
In that tutorial there is a note to store these tokens in DB, but in this case I'd rather suggest to display them directly in web page. This is much easier.
There is suggestion to use https rather than http but it should work on both.
I have used https for my application.
This is shorter version of the article from the link above.
Create oauth2.php file and place it on https://www.yoursite.com/oauth2.php
<?php
if (isset($_GET['code']))
{
$clientId = 'your-client-id.apps.googleusercontent.com';
$clientSecret = 'your-client-secret';
$referer = 'https://www.yoursite.com/oauth2.php';
$postBody = 'code='.urlencode($_GET['code'])
.'&grant_type=authorization_code'
.'&redirect_uri='.urlencode($referer)
.'&client_id='.urlencode($clientId)
.'&client_secret='.urlencode($clientSecret);
$curl = curl_init();
curl_setopt_array( $curl,
array( CURLOPT_CUSTOMREQUEST => 'POST'
, CURLOPT_URL => 'https://accounts.google.com/o/oauth2/token'
, CURLOPT_HTTPHEADER => array( 'Content-Type: application/x-www-form-urlencoded'
, 'Content-Length: '.strlen($postBody)
, 'User-Agent: www.yoursite.com/0.1 +https://www.yoursite.com/'
)
, CURLOPT_POSTFIELDS => $postBody
, CURLOPT_REFERER => $referer
, CURLOPT_RETURNTRANSFER => 1 // means output will be a return value from curl_exec() instead of simply echoed
, CURLOPT_TIMEOUT => 15 // max seconds to wait
, CURLOPT_FOLLOWLOCATION => 0 // don't follow any Location headers, use only the CURLOPT_URL, this is for security
, CURLOPT_FAILONERROR => 0 // do not fail verbosely fi the http_code is an error, this is for security
, CURLOPT_SSL_VERIFYPEER => 1 // do verify the SSL of CURLOPT_URL, this is for security
, CURLOPT_VERBOSE => 0 // don't output verbosely to stderr, this is for security
) );
$response = curl_exec($curl);
$http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
echo($response);
echo($http_code);
}
else { echo 'Code was not provided.'; }
?>
Prepare and visit this link:
https://accounts.google.com/o/oauth2/auth?scope=https://picasaweb.google.com/data/&response_type=code&access_type=offline&redirect_uri=https://www.yoursite.com/oauth2.php&approval_prompt=force&client_id=your-client-id.googleusercontent.com
fields to adjust: redirect_uri and client_id
After visiting link from step 2. you should see your consent screen where you will have to approve it and you will be redirected to your oauth.php page but this time with code parameter:
https://www.yoursite.com/oauth2.php?code=some-random-code
'code' parameter will be then sent by oauth.php to: https://accounts.google.com/o/oauth2/token
which will return(print) json formatted data containing: access_token, token_type, expires_in and refresh_token.
Http Response code should be 200.
Access_token will be the one to use to get privet albums data.
Create index.php with content:
<?php
$curl = curl_init();
$url = 'https://picasaweb.google.com/data/entry/api/user/default';
curl_setopt_array( $curl,
array( CURLOPT_CUSTOMREQUEST => 'GET'
, CURLOPT_URL => $url
, CURLOPT_HTTPHEADER => array( 'GData-Version: 2'
, 'Authorization: Bearer '.'your-access-token' )
, CURLOPT_RETURNTRANSFER => 1 // means output will be a return value from curl_exec() instead of simply echoed
) );
$response = curl_exec($curl);
$http_code = curl_getinfo($curl,CURLINFO_HTTP_CODE);
curl_close($curl);
echo($response . '<br/>');
echo($http_code);
?>
After running script from step 5. you should receive your default feed from picasaweb API. When I say 'default' it ,eans default when you are logged that is with private albums. From now on, you should be able to use that approach to get access to your picasa photo library.
Access token will expire after 3600 seconds (1 hour) so you will have to get new one. this can be achieved with script like this one below:
$clientId = 'your-client-id.apps.googleusercontent.com';
$clientSecret = 'your-client-secret';
$referer = 'https://www.yoursite.com/oauth2.php';
$refreshToken = 'your-refresh-token';
$postBody = 'client_id='.urlencode($clientId)
.'&client_secret='.urlencode($clientSecret)
.'&refresh_token='.urlencode($refreshToken)
.'&grant_type=refresh_token';
$curl = curl_init();
curl_setopt_array( $curl,
array( CURLOPT_CUSTOMREQUEST => 'POST'
, CURLOPT_URL => 'https://www.googleapis.com/oauth2/v3/token'
, CURLOPT_HTTPHEADER => array( 'Content-Type: application/x-www-form-urlencoded'
, 'Content-Length: '.strlen($postBody)
, 'User-Agent: www.yoursite.com/0.1 +https://www.yoursite.com/'
)
, CURLOPT_POSTFIELDS => $postBody
, CURLOPT_RETURNTRANSFER => 1 // means output will be a return value from curl_exec() instead of simply echoed
, CURLOPT_TIMEOUT => 15 // max seconds to wait
, CURLOPT_FOLLOWLOCATION => 0 // don't follow any Location headers, use only the CURLOPT_URL, this is for security
, CURLOPT_FAILONERROR => 0 // do not fail verbosely fi the http_code is an error, this is for security
, CURLOPT_SSL_VERIFYPEER => 1 // do verify the SSL of CURLOPT_URL, this is for security
, CURLOPT_VERBOSE => 0 // don't output verbosely to stderr, this is for security
) );
$response = curl_exec($curl);
$http_code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
if (strlen($response) < 1)
{ echo('fail 01'); }
$NOW = time();
$responseDecoded = json_decode($response, true); // convert returned objects into associative arrays
$expires = $NOW - 60 + intval($responseDecoded['expires_in']);
if ( empty($responseDecoded['access_token'])
|| $expires <= $NOW )
{ echo('fail 02'); }
echo($http_code . '<br/>');
echo($response . '<br/>');
echo($expires . '<br/>');
?>
You can run code from step 7. in separate script manually, just to get new access-token for another 3600 seconds, but normally you would want to have it automated so when access_token expires, you automatically ask for new one using a call with refresh_token from step 4.
Ufff. That is is. I hope you'll get this up and running.
I want to connect to the Redmine API. The page is protected by a .htaccess file.
As long as the user credentials (name + password) are the same for .htaccess and Redmine, there aren't any problems.
Well... Two of my teammates are using different credentials (their error code: 401, not authorized) and they just don't want to change them.
Actually, I think this is because they don't pass .htaccess (with their credentials) or they pass .htaccess but aren't able to use Redmine with their data.
I was searching for hours (well, at least since 12:30 o'clock) but couldn't resolve this problem. I just can't figure out how to pass the .htaccess and API credentials correctly.
My Code:
$sURL = 'https://myserver/redmine/';
$sAction = 'projects.json';
$sApiUser = 'user_name';
$sApiPass = 'user_pass';
$sHtAccUser = 'htacc_user';
$sHtAccPass = 'htacc_pass';
#$sURL = sprintf('https://%s:%s#myserver/redmine/',$sUser,$sPass);
$aOptions = array(
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_USERPWD => $sUser.':'.$sPass,
CURLOPT_PORT => 443,
CURLOPT_CONNECTTIMEOUT => 4,
CURLOPT_TIMEOUT => 6,
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_SSL_VERIFYHOST => FALSE,
CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
CURLOPT_HEADER => FALSE,
#CURLOPT_HTTPHEADER => array('Authorization: Basic '.base64_encode($sHtAccUser.':'.$sHtAccPass)),
CURLOPT_FOLLOWLOCATION => TRUE,
CURLOPT_URL => $sURL.$sAction.$sGetParamQuery);
$ch = curl_init();
if($ch === false)
{
die('Failed to create curl object');
}
curl_setopt_array($ch,$aOptions);
$mResult = curl_exec($ch);
$aCurlInfo = curl_getinfo($ch);
$iHTTPStatus = (int) $aCurlInfo['http_code'];
curl_close($ch);
So, after I had a conversation with someone who is more experienced, I could solve the problem "myself".
Actually, htaccess and redmine use the same authentication method (HTTP Basic authentication), which can't used twice. For this reason, I have to use the individual API key (which you can found at /my/account, on your own redmine).
As long as both credentials (htaccess + redmine) are the same, you don't need the API key.
If the credentials are different... well, you have to login into redmine, get your API key and use it. Maybe not a comfortable way but actually the way to go.
ive tried to authenticate to restrict access but i cant get it to work ive tried with both helper libs and using just curl but it does not work for me. i get full access no matter what i use in the token for 'uiqd'.
here is the code
$url1 = 'https://***.firebaseio.com/';
$secret = '***';
$user = array( 'v' => 0, 'iat' => time(), 'd' => array('uidq' => 'qq'));
$token = JWT::encode($user, $secret);
$testurl =$url1. 'test.json?auth='.$token;
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $testurl
));
$response = curl_exec($curl);
return $response;
rules
either
"test": {".read": auth.uidq !== 'qq'}
or
"test": {".read": false}
none work. I still get access to the data. These rules are just for testing purposes.
can someone put a working example with the php script and the security rules online so i test it working to restrict and allow access. Thanks
Use the official firebase php generator -- works great
https://github.com/firebase/firebase-token-generator-php