A typical call to a token_request would be as follows:
http://www.example.com/webservice/token_request?oauth_version=1.0&oauth_...

The definition of _oauth_token_request() is:
function _oauth_token_request($timestamp, $nonce, $consumer_key, $consumer_secret)
and _oauth_token_request() is directly called from the menu system through this snippet: 

$items['webservice/token_request'] = array(
    'access callback'   => TRUE,
    'file'              => 'oauth.inc',
    'page callback'     => '_oauth_token_request',
    'type'              => MENU_CALLBACK,
  );

This means that the example call above with explicit parameters won't work, spitting a lot of 'missing parameter' errors. In fact only arguments in the directory-like form (e.g.: /webservice/token_request/arg1/arg2/arg3) will be passed to the callback.

As far as I understand, the current function implementation is written to work with the webservices module (_oauth_token_request is mentioned in hook_webservices_info() implementation too). So there must be some kind of conflict in implementation.

In this patch I'm implementing a quick and dirty approach using a tunnel function (_oauth_direct_token_request) referenced in the hook_menu that maps GET parameters correctly.
This fixes the missing parameter errors but still keeps outputting these errors which leave me a bit more clueless:


    * warning: array_fill() [function.array-fill]: Number of elements must be positive in /var/www/drupal-6.6/includes/database.inc on line 241.
    * warning: implode() [function.implode]: Invalid arguments passed in /var/www/drupal-6.6/includes/database.inc on line 241.
    * warning: array_keys() [function.array-keys]: The first argument should be an array in /var/www/drupal-6.6/modules/user/user.module on line 500.
    * user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: SELECT p.perm FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN () in /var/www/drupal-6.6/modules/user/user.module on line 500.
    * warning: array_keys() [function.array-keys]: The first argument should be an array in /var/www/drupal-6.6/modules/block/block.module on line 406.
    * warning: array_fill() [function.array-fill]: Number of elements must be positive in /var/www/drupal-6.6/includes/database.inc on line 241.
    * warning: implode() [function.implode]: Invalid arguments passed in /var/www/drupal-6.6/includes/database.inc on line 241.
    * warning: array_merge() [function.array-merge]: Argument #2 is not an array in /var/www/drupal-6.6/modules/block/block.module on line 407.
    * user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module' at line 1 query: SELECT DISTINCT b.* FROM blocks b LEFT JOIN blocks_roles r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '' AND b.status = 1 AND (r.rid IN () OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module in /var/www/drupal-6.6/modules/block/block.module on line 407.
CommentFileSizeAuthor
#5 fix_direct_token_request.4.patch2.11 KBflevour
#3 fix_direct_token_request.2.patch1.45 KBflevour
#4 fix_direct_token_request.3.patch1.57 KBflevour
#1 fix_direct_token_request.patch1.7 KBflevour

Comments

flevour’s picture

flevour commented
Status: Active » Needs work
StatusFileSize
new fix_direct_token_request.patch1.7 KB

Attaching patch.

flevour’s picture

flevour commented
Status: Needs work » Needs review

Re-rolling the patch against DRUPAL-6--2 instead of DRUPAL-6--2-0.

flevour’s picture

flevour commented
Assigned: flevour » Unassigned
StatusFileSize
new fix_direct_token_request.2.patch1.45 KB

Re-rolling the patch against DRUPAL-6--2 instead of DRUPAL-6--2-0 and actually attaching it.

flevour’s picture

flevour commented
Assigned: Unassigned » flevour
StatusFileSize
new fix_direct_token_request.3.patch1.57 KB

Re-rolling the patch using the correct $_GET parameters (was missing the 'oauth_').

flevour’s picture

flevour commented
Assigned: Unassigned » flevour
StatusFileSize
new fix_direct_token_request.4.patch2.11 KB

I took me an afternoon of debugging, but I finally found out the current implementation of _oauth_token_request() was quite broken.
In fact it wasn't passing the correct set of parameters to OAuthRequest::from_request(), therefore generating a different signature.

This patch does the following:
* keeps the 'tunnel function' approach, not to interfere with webservices calls (I don't know how these work);
* changes the _oauth_token_request() arguments dropping consumer_secret which shouldn't be sent in the GET request and including oauth_version and signature.
* changes the code inside accordingly.

Probably this change affects the definition of the array in oauth_webservices_info(). Let's keep this in mind if the patch is accepted,

brmassa’s picture

brmassa commented
Title: Possibly bad way of passing parameters to_oauth_token_request() » Token access and token request called using Menu API was not using the function arguments correctly
Status: Needs review » Fixed

Francesco,

Thanks a lot about this report. I confess ive never used the token requests using normal Menu API calls. I always call them using Web Services module. It might need further fixes in order to work properly. I ask you to test the current CVS code.

i changed you patch in order to be more powerful.

I repeat that i really appreciate all your work on OAuth/Web Services modules.

best regards,

massa

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.