Skip to content
Advertisement

Using OAuth 1.0 with PHP cUrl

I am working on a small PHP script which calls an API. This API uses OAuth 1.0 authorization. Hence I need to create the signature and request-header. I am pretty sure my signature-generation method and the generation of the request-header work well as I have done the same in C# (where the everything works) and the signature as well as the header look quite the same.

Generating signature:

function generateSignature($method,$url,$consumerKey,$consumerSecret,$tokenValue,$tokenSecret,$timestamp, $nonce, $signatureMethod, $version)
    {
        $base = $method . "&" . rawurlencode($url) . "&"
            . rawurlencode("oauth_consumer_key=" . rawurlencode($consumerKey)
            . "&oauth_nonce=" . rawurlencode($nonce)
            . "&oauth_signature_method=" . rawurlencode($signatureMethod)
            . "&oauth_timestamp=" . rawurlencode($timestamp)
            . "&oauth_token=" . rawurlencode($tokenValue)
            . "&oauth_version=" . rawurlencode($version));

        $key = rawurlencode($consumerSecret) . '&' . rawurlencode($tokenSecret);
        $signature = base64_encode(hash_hmac('sha1', $base, $key, true));

        return $signature;
    }

Generating authorization header:

$authHeader = "OAuth realm=".""","."
        oauth_consumer_key="{$consumerKey}",
        oauth_nonce="{$nonce}",
        oauth_signature_method="{$signatureMethod}",
        oauth_timestamp="{$timestamp}",
        oauth_token="{$tokenValue}",
        oauth_version="{$version}",
        oauth_signature="{$signature}"";

I got stuck at the point of passing the authorization header over to the API I am calling.

Setting the authorization:

$header = array('Content-Type: application/x-www-form-urlencoded');

    curl_setopt($ch, CURLOPT_HTTPHEADER,$header);
    curl_setopt($ch, CURLOPT_POSTFIELDS,urlencode($authHeader));

Finally, when I make the request I get the response, that a parameter is missing.

Advertisement

Answer

Fixed my problem with the help of this tutorial. Moreover, I forgot removing the query parameters from the url used to create the sigunature, which probably was the main problem.

4 People found this is helpful
Advertisement