HWIOAuthBundle
HWIOAuthBundle copied to clipboard
hwi
SoundCloud requires Authorization: OAuth
SoundCloud recently rolled out some changes that require an authentication header token accompany all requests. More detail about it here: https://developers.soundcloud.com/blog/security-updates-api
If I understand the code right in SoundcloudResourceOwner.php it checks the https://api.soundcloud.com/me.json endpoint to verify the login. But I believe that's currently failing because the request doesn't have the accompanying required Authorization: OAuth ACCESS_TOKEN. This token is the access token provided while logging in. As a result, all my users are automatically being logged into another user's account (oops!).
I'm going to keep poking around here, but hoping someone else can point me in the right direction.
Okay so use_bearer_authorization got me close. It led me to GenericOAuth2ResourceOwner.php where I saw this:
if ($this->options['use_bearer_authorization']) {
$content = $this->httpRequest($this->normalizeUrl($this->options['infos_url'], $extraParameters), null, array('Authorization: Bearer '.$accessToken['access_token']));
} else {
$content = $this->doGetUserInformationRequest($this->normalizeUrl($this->options['infos_url'], array_merge(array($this->options['attr_name'] => $accessToken['access_token']), $extraParameters)));
}
Changing Bearer to OAuth in the first section allows SoundCloud login. So, I hacked a little use_oauth_authorization field, and my code now works if setup as follows:
GenericOAuth2ResourceOwner.php
if ($this->options['use_bearer_authorization']) {
$content = $this->httpRequest($this->normalizeUrl($this->options['infos_url'], $extraParameters), null, array('Authorization: Bearer '.$accessToken['access_token']));
} else if ($this->options['use_oauth_authorization']) {
$content = $this->httpRequest($this->normalizeUrl($this->options['infos_url'], $extraParameters), null, array('Authorization: OAuth '.$accessToken['access_token']));
} else {
$content = $this->doGetUserInformationRequest($this->normalizeUrl($this->options['infos_url'], array_merge(array($this->options['attr_name'] => $accessToken['access_token']), $extraParameters)));
}
SoundcloudResourceOwner.php
protected function configureOptions(OptionsResolverInterface $resolver)
{
parent::configureOptions($resolver);
$resolver->setDefaults(array(
'access_token_url' => 'https://api.soundcloud.com/oauth2/token',
'attr_name' => 'oauth_token',
'authorization_url' => 'https://soundcloud.com/connect',
'infos_url' => 'https://api.soundcloud.com/me',
'scope' => '',
'use_oauth_authorization' => true,
));
}
A little bit hacky. Let me know if there's a cleaner approach!
Message to comment on stale issues. If none provided, will not mark issues stale
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been stalled for 5 days with no activity.