PHPoAuthLib icon indicating copy to clipboard operation
PHPoAuthLib copied to clipboard

Published 20 hours ago verified publisher icon daviddesberg

Xing auth AccessToken

Open vkunz opened this issue 8 years ago • 8 comments

Hi,

updating lib from 0.3.0 to 0.8.0, I was unable to auth against xing.

git bisect pointed me to 9ffcd7ae62110cac7666f721717c8e885809b807 as the culprit.

Reverting the commit ontop of master/0.8.0 fixes the issue for me.

I am no expert in oauth, and the only change was an additional oauth_verifier inside the Auth header.

According to xing docs the oauth_verifier is required.

For me it only works if oauth_verifier is not provided.

Can somebody verify and/or point me into the right direction what is failing in this case?

vkunz

vkunz avatar Oct 13 '15 12:10 vkunz

That's interesting - thanks for tracking down the commit. You say the king doc say that oauth_verifier is required but it only works when you don't provide it? Perhaps the xing api is more strict or everyone else is a bit more relaxed about the standards.

Perhaps you can patch the Xing service class?

elliotchance avatar Oct 13 '15 22:10 elliotchance

I have reverted this change in v0.8.1, please test again.

elliotchance avatar Oct 14 '15 03:10 elliotchance

Hi,

it works with 0.8.1, but this fix for Xing might break others.

I am not sure, but according to comments in c6e2d74eca2b8bc6f9d9aea183655886e49b5216, some services require you to send the verifier.

This might need a service based solution.

vkunz

vkunz avatar Oct 14 '15 05:10 vkunz

I reverted it because another service (QuickBooks) was broken because of this change. The original change went in as part of fixing up a Yahoo service so it's more likely that the Yahoo services didn't care about the change but it broke a lot of existing OAuth clients.

elliotchance avatar Oct 14 '15 06:10 elliotchance

@elliotchance and @vkunz would loved to know the Git command you guys used in reverting a commit in a working/master branch.

Still learning Git :dancer:

w3guy avatar Oct 21 '15 15:10 w3guy

hi,

git revert <commit-hash>

creates a reverse-commit and applies it to current HEAD.

If the resulting patch applies cleanly, you get a reverse commit, otherwise a conflict working tree.

vkunz

vkunz avatar Oct 21 '15 15:10 vkunz

‎Thanks a bunch. From: Valentin KunzSent: Wednesday, 21 October 2015 4:52 PMTo: Lusitanian/PHPoAuthLibReply To: Lusitanian/PHPoAuthLibCc: Agbonghama CollinsSubject: Re: [PHPoAuthLib] Xing auth AccessToken (#435)hi,

git revert

creates a reverse-commit and applies it to current HEAD.

If the resulting patch applies cleanly, you get a reverse commit, otherwise a conflict working tree.

vkunz

—Reply to this email directly or view it on GitHub.

w3guy avatar Oct 21 '15 15:10 w3guy

Hi all. I have an issue that oauth_verifier is missing in the Authorization header. I think we need an explicit way to determine whether to send this parameter in the Authorization header or not.

germanow avatar Jun 18 '19 09:06 germanow