Redirect issue

Fantastic effort. Thanks so much, Manuel.

My problem is that a custom configuration won't redirect back to the URI we're trying to use the access_token on.
It just displays a JSON string at the API server site which looks like this:

{"access_token":"1168f1f7-49fc-4c55-a624-a62253f1fb95","token_type":"bearer","expires_in":3600,"refresh_token":"9ad2b9a3-6f8b-42e7-b4da-1f1d08e05e3b"}

It's an OAuth2 restful solution at the other end.

I can send you more details if I can PM/direct message you.
I would commission you to make this work.
Do you take on jobs?

Marcus Link
Vu Online Ltd

...and of course I would appreciate if you have any idea what's going on. I also tried using append_state_to_redirect_uri but no difference.

It is hard to tell without seeing the documentation of that OAuth server and what exactly what you are setting in the configuration.

Is this server publicly documented?

It's a partner API utilizing OAuth, Restful endpoints, and JSON.

This redirect issue arises when using your test_oauth_client.php: it forwards us to server and returns the correct response on screen. That's it.

This much I can pass on:

... OAuth process which follows the OAuth 2.0 specifications and presents all its processes in a restful state.
Our current OAuth implementation adheres to the following specifications:
 The OAuth 2.0 Authorization Protocol (rev 16)
 The OAuth 2.0 Authorization Protocol: Bearer Tokens (rev 16)

STATELESSNESS
[The API] is completely restful. All endpoints are designed to respond in a restful manor and all status codes returned represent the correct HTTP 1.1 expectations. You can find all information on these at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html.

RESPONSE DATA FORMAT
[The API] returns data in one of two standardly accepted formats JSON and XML. By default we return JSON, if a request presents the HTTP Header “Accept: application/xml” or “Accept: text/xml” we will send XML instead. We strongly suggest using the default JSON response content type as it is a commonly accepted standard of mobile development. Endpoints take JSON objects under the PUT, DELETE and POST verbs. (see the Endpoints section for more details)

I see but this does not help clarifying the problem.

OAuth is a protocol standard but each server implements it in different ways that make it work differently.

The class provides means to adjust certain details of the way each API work but I have way of knowing what details to adjust without seeing in practice what comes from the server. From what you tell me, I can only guess.

It seems that the server redirects back to your script but if the class does not proceed with the protocol, maybe something is missing.

I suspect it can be the state parameter that the class uses to avoid security attacks.

You may want to enable debugging information setting the debug variable and see what appears in the PHP error log.

I understand. And, yes, indeed I am logging. Here's an example:

[27-Feb-2013 17:56:44] OAuth client: Checking if OAuth access token was already retrieved from https://secure.example.com/OAuth/access_token
[27-Feb-2013 17:56:44] OAuth client: Checking the authentication state in URI /api_demos/test_oauth_client.php
[27-Feb-2013 17:56:44] OAuth client: Redirecting to OAuth Dialog https://secure.example.com/OAuth/access_token?client_id=clientid.subdomain.example.com&client_secret=6CD3B809-BEC3-4684-BFC0-26D68A816878&grant_type=client_credentials&scope=RegisterUser&redirect_uri=http%3A%2F%2Fsubdomain.example.com%2Fapi_demos%2Ftest_oauth_client.php

I am still not sure what happens.

Above you tell that the it displays some JSON structure.

Now you show a log stating that the last thing that happens is redirecting to the server.

Does the browser get redirected to the server? What happens next?

I do apologise. It seems I can't upload a screengrab here so I'll describe what I do and get.

1) I have installed your http and oauth classes and set-up oauth_client.php and test_oauth_client.php as best I can with the data provided by the oauth and API documentation

2) I direct my browser to http://subdomain.mysite.com/api_demos/test_oauth_client.php where it is installed.

3) My browser redirects to this page:

secure.oauthserver.com/OAuth/access ...

4) and displays this JSON string:

{"access_token":"536312b0-7392-4990-ba48-f2dc7d563315","token_type":"bearer","expires_in":3600,"refresh_token":"9e0c313c-6192-4991-bcd9-2359bbea40ed"}

5) The log reads as follows:

[28-Feb-2013 10:21:01] OAuth client: Checking if OAuth access token was already retrieved from https://secure.serverdomain.com/OAuth/access_token
[28-Feb-2013 10:21:01] OAuth client: Checking the authentication state in URI /api_demos/test_oauth_client.php
[28-Feb-2013 10:21:01] OAuth client: Redirecting to OAuth Dialog https://secure.serverdomain.com/OAuth/access_token?client_id=clientid.subdomain.serverdomain.com&client_secret=6CD3B809-BEC3-4684-BFC0-26D68A816878&grant_type=client_credentials&scope=RegisterUser&redirect_uri=http%3A%2F%2Fsubdomain.clientdomain.com%2Fapi_demos%2Ftest_oauth_client.php

It seems you have configured incorrectly the dialog_url variable and set it to URL that should go in the access_token_url variable, so they are probably with switched values.