Debugging OAuth

This is some code I use to debug oauth issues.




Note: there is a bug somewhere in this that results in an invalid signature.  Please let me know if you spot it.



Usage:
  1. Upload this file to your server
  2. Get a key/secret from your oauth data provider.  The code currently has Yahoo! hardcoded as the provider, so just change the endpoints to use another one.

<?php // a php script that uses the standard oauth lib (via yos sdk) to do the oauth dance
// error_reporting(E_ALL);
require '../yosdk/yahoo-yos-social-php5-86eef28/lib/OAuth/OAuth.php';

// we've got a stored access token
if ( $_COOKIE['serialized_access_token'] ) {

    $access_token = json_decode( stripslashes( $_COOKIE['serialized_access_token'] ) );

    printf('<pre>%s</pre>', print_r($access_token, true));

// we're on the callback
} elseif ( $_COOKIE['serialized_request_token'] && $_GET['oauth_verifier'] ) {

    //debug - sanity check to see if input is passed correctly
    // echo $_GET['oauth_verifier'].$_COOKIE['callback'];die;

    $consumer = new OAuthConsumer($_COOKIE['key'], $_COOKIE['secret']);

    $parameters = array('oauth_verifier' => $_GET['oauth_verifier'], 'oauth_callback' => $_COOKIE['callback']);

    $request_token = json_decode( stripslashes( $_COOKIE['serialized_request_token'] ) );

    //debug - make sure the request token decoded properly
    // var_dump($request_token); die;

    //kludge
    $request_token->key = $_GET['oauth_token'];

    $request = OAuthRequest::from_consumer_and_token(
        $consumer, $request_token, 'GET', 'https://api.login.yahoo.com/oauth/v2/get_token', $parameters);

    //debug - see params: useful for debugging empty variable issues
    // var_dump($request); die;

    $request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, $request_token);

    //debug - see base string: useful for debugging encoding issues
    var_dump($request); die;

    //debug - see url: useful for sanity checking actual request to server
    // echo $request->to_url(); die;

    $curl = curl_init($request->to_url());
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_HEADER, true);
    $response = curl_exec($curl);

    //debug - see raw response, incl headers, which can contain additional info
    // var_dump($response); die;

    curl_close($curl);

    parse_str($response, $access_token);

    //debug - see parsed data: useful for debugging parsing bugs
    // var_dump($token); die;

    // clear req token
    setcookie('serialized_request_token', '', time()-3600);

    // cache access token
    setcookie('serialized_access_token', json_encode( $access_token ) );

    printf('<pre>%s</pre>', print_r($access_token, true));

    exit;

// we just submitted the form
} elseif( $_GET['submit'] ){

    $consumer = new OAuthConsumer($_GET['key'], $_GET['secret']);

    $parameters = array('oauth_callback' => $_GET['callback']);
    $request = OAuthRequest::from_consumer_and_token($consumer, null, 'GET', 'https://api.login.yahoo.com/oauth/v2/get_request_token', $parameters);

    $request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, null);

    //debug - see base string: useful for debugging encoding issues
    // var_dump($request); die;

    //debug - see url: useful for sanity checking actual request to server
    // echo $request->to_url(); die;

    $curl = curl_init($request->to_url());
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($curl);
    curl_close($curl);

    //debug - see raw response, incl headers, which can contain additional info
    // var_dump($response); die;

    parse_str($response, $token);

    //debug - see parsed data: useful for debugging parsing bugs
    // var_dump($token); die;

    // cache params & token for 2nd step
    setcookie('key', $_GET['key'] );
    setcookie('secret', $_GET['secret'] );
    setcookie('callback', $_GET['callback'] );
    setcookie('serialized_request_token', json_encode($token));

    $params = array('oauth_token'=>$token['oauth_token']);
    header("Location: https://api.login.yahoo.com/oauth/v2/request_auth?".http_build_query($params));
    exit;
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
    "http://www.w3.org/TR/html4/strict.dtd">
<html>
    <head>
        <link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/2.8.1/build/reset-fonts-grids/reset-fonts-grids.css">
        <style>
            body {
                padding: 20px;
            }
            button {
                float: left;
                background-color: #fff;
                padding: 1ex;
                margin: 2ex 0;
            }
            label {
                display: block;
                text-align: left;
                width: 10em;
            }
            input {
                float: left;
                width: 64em;
                padding: 1ex;
                margin: 2ex 0;
            }
            #submit {
                width: 7em;
            }
        </style>
    </head>
    <body>
        <form>
            <div>
                <label>Consumer key:</label><input name="key" value="">
                <div style="clear:both"/>
            </div>
            <div>
                <label>Consumer secret:</label><input name="secret" value="">
                <div style="clear:both"/>
            </div>
            <div>
                <label>Callback URL:</label><input name="callback" value="">
                <div style="clear:both"/>
            </div>
            <input value="Authorize" name="submit" type="submit" id="submit">
        </form>
    </body>
</html>