I have been trying to figure this out, and it seems to be a common problem but everything else people are doing doesn't seem to be working.
I am using the Yahoo oAuth API (ultimately trying to import contacts), however once I get to step 4 in this tutorial (https://developer.yahoo.com/oauth/guide/oauth-accesstoken.html) which is the step where I am trying to get the access_token I am getting the error, array(1) { ["oauth_problem"]=> string(17) "signature_invalid" }
on the oauth_signature line under getAccessToken() I have tried separating by &, %26 and %26& none of those have worked. I tried using HMAC-SHA1 instead of PLAINTEXT a separating by & but all of those have yielded the same results. I've also tried urlencode()'ing everything and that didn't work. When I var_dump(\Session::get(\Auth::user()->id . '.oauth_token_secret')) I get what looks like a real oauth_token_secret so I don't think that's the problem.
But anyways, here is the code (sorry the curl() method all over the place)
<?php
namespace App\Models\oAuth2;
class Yahoo {
static public $consumer_key = 'xxx';
static public $consumer_secret = 'xxx';
static public function getContactsLink() {
parse_str(self::curl('https://api.login.yahoo.com/oauth/v2/get_request_token', 'post', NULL, [
'oauth_consumer_key' => self::$consumer_key,
'oauth_signature' => self::$consumer_secret . '&',
'oauth_signature_method' => 'PLAINTEXT',
'oauth_callback' => action('ImportController@yahooContacts'),
'oauth_nonce' => uniqid(rand()),
'oauth_timestamp' => time(),
'oauth_version' => '1.0',
'xoauth_lang_pref' => 'en-us'
]), $response);
\Session::put(\Auth::user()->id . '.oauth_token_secret', $response['oauth_token_secret']);
return $response['xoauth_request_auth_url'];
}
static public function getAccessToken() {
parse_str(self::curl('https://api.login.yahoo.com/oauth/v2/get_token', 'post', NULL, [
'oauth_consumer_key' => self::$consumer_key,
'oauth_signature' => self::$consumer_secret . '%26' . \Session::pull(\Auth::user()->id . '.oauth_token_secret'),
'oauth_signature_method' => 'PLAINTEXT',
'oauth_nonce' => uniqid(rand()),
'oauth_timestamp' => time(),
'oauth_version' => '1.0',
'oauth_verifier' => \Input::get('oauth_verifier'),
'oauth_token' => \Input::get('oauth_token')
]), $response);
dd($response);
}
static function curl($url, $method = 'get', $header = null, $postdata = null, $includeheader=FALSE, $timeout = 60) {
$s = curl_init();
curl_setopt($s,CURLOPT_URL, $url);
if ($header)
curl_setopt($s,CURLOPT_HTTPHEADER, $header);
/*if ($this->debug)*/
curl_setopt($s,CURLOPT_VERBOSE, FALSE);
curl_setopt($s,CURLOPT_TIMEOUT, $timeout);
curl_setopt($s,CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($s,CURLOPT_MAXREDIRS, 3);
curl_setopt($s,CURLOPT_RETURNTRANSFER, true);
curl_setopt($s,CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($s,CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($s,CURLOPT_COOKIEFILE, 'cookie.txt');
if(strtolower($method) == 'post')
{
curl_setopt($s,CURLOPT_POST, true);
curl_setopt($s,CURLOPT_POSTFIELDS, $postdata);
}
else if(strtolower($method) == 'delete')
{
curl_setopt($s,CURLOPT_CUSTOMREQUEST, 'DELETE');
}
else if(strtolower($method) == 'put')
{
curl_setopt($s,CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($s,CURLOPT_POSTFIELDS, $postdata);
}
curl_setopt($s,CURLOPT_HEADER, $includeheader);
//curl_setopt($s,CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1');
curl_setopt($s, CURLOPT_SSL_VERIFYPEER, false);
$html = curl_exec($s);
$status = curl_getinfo($s, CURLINFO_HTTP_CODE);
curl_close($s);
return $html;
}
}
