Suggestion to change all http:// using the proper current scheme

Instead of hardcoding the http scheme it would be better to detect the current URL scheme. This is specially useful for websites running on https (slowly increasing in numbers).

Inside the library I'm referring to:
Function GetRedirectURI(&$redirect_uri)

And in the examples that require redirect_uri (for instance facebook) they are also hardcodded (didn't check all).

Thanks for such wonderful library, I have used facebook/twitter a lot.

OK, I just added HTTPS detection. Anyway, it is always recommended that you set the redirect_uri explicitly so it matches what you entered in the API server application configuration.

For sure I agree it should be set explicitely, but as I said not only in the library but in most examples it is hardcoded to.

$client->redirect_uri = 'http://'.$_SERVER['HTTP_HOST']. dirname(strtok( $_SERVER['REQUEST_URI'],'?')). '/login_with_facebook.php';

Right, several example scripts explicitly set https because it is mandatory.

As for the others https or http may be correct or not, it depends on what you set to create the application. I can add more code to the examples to set to the current protocol, I am just not sure if it would make it more complicated than it is for new users.

I didn't know about such restrictions in OAuth. The main problem is that if I upload a "http" hardcoded sample into an https server the auto redirect from http to https may break things.

In the other hand, this class is years old and nobody ever complained about that. Your OAuth knowledge is much better than mine (class user only) so I'll leave it to your decision about changing or not the examples.

Thanks for your attention, abraços brasileiros.

Nothing special. Some APIs require that you use HTTPS, or that the domain is valid (not fake ones as you may use in development), or the redirect URI is exactly what you entered in the application creation.

When people leave OAuth client and secret variable empty in the example scripts, I usually display an error telling what the API demands that I am aware.