unable to connect to pump.io

Hi, i tried to make a class in order to connect my app to pump.io .
Pump.io uses 2 leg oauth 1.0

I don't understand why the consumer_key change during the authentification flow. At the end i have an invalid token.

Here my class :

<?php

// don't forget to change pump_callback_url and $mypump->user (end of the script) !!

session_start();

require('http.php');
require('oauth_client.php');




class pumpio_class {


var $consumer_key = "";
var $consumer_secret = "";
var $oauth_token = "";
var $oauth_token_secret = "";
const PUMP_HOST = "localhost:8000";
const PUMP_CALLBACK_URL = "http://mysite.com/testapipump.php"; // this script url

function init() {

$consumer_key = $_SESSION['consumer_key'];
$consumer_secret = $_SESSION['consumer_secret'];
$oauth_token = $_SESSION['oauth_token'];
$oauth_token_secret = $_SESSION['oauth_token_secret'];

}

function pumpio_registerclient() {

echo "<br>=============== register client ===================<br>";

if (strlen($this->consumer_key) ==0 || strlen($this->consumer_secret) == 0) {

echo "get token<br>";

$url = "http://".self::PUMP_HOST."/api/client/register";

$params = array();

$params["type"] = "client_associate";
$params["contacts"] = "tereosysteme.tech@live.fr";
$params["application_type"] = "native";
$params["application_name"] = "tereo cloud robotic";
$params["logo_url"] = "http://mysite.com/images/headerlogo.png";
$params["redirect_uris"] = self::PUMP_CALLBACK_URL;

$this->consumer_key = "";
$this->consumer_secret = "";

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
curl_setopt($ch, CURLOPT_USERAGENT, "Cloud_robotic");

$s = curl_exec($ch);
$curl_info = curl_getinfo($ch);

if ($curl_info["http_code"] != "200") {
return;
}

$values = json_decode($s);
$this->consumer_key = $values->client_id;
$this->consumer_secret = $values->client_secret;

$_SESSION['consumer_key'] = $this->consumer_key;
$_SESSION['consumer_secret'] = $this->consumer_secret;

var_dump($_SESSION);


}



echo "<br>get auth<br>";

$client = new oauth_client_class;
$client->debug = 0;
$client->server = '';
$client->oauth_version = '1.0a';
$client->request_token_url = 'http://'.self::PUMP_HOST.'/oauth/request_token';
$client->dialog_url = 'http://'.self::PUMP_HOST.'/oauth/authorize';
$client->access_token_url = 'http://'.self::PUMP_HOST.'/oauth/access_token';
$client->url_parameters = false;
$client->authorization_header = true;
$client->redirect_uri = self::PUMP_CALLBACK_URL;
$client->client_id = $this->consumer_key;
$client->client_secret = $this->consumer_secret;

if (($success = $client->Initialize())) {
if (($success = $client->Process())) {
if (strlen($client->access_token)) {

$this->oauth_token = $client->access_token;
$this->oauth_token_secret = $client->access_token_secret;

$_SESSION['oauth_token'] = $this->oauth_token;
$_SESSION['oauth_token_secret'] = $this->oauth_token_secret;
echo "oauth_token:".$client->access_token;
echo "oauth_token_secret:".$client->access_token_secret;

}
}
$success = $client->Finalize($success);
}
if($client->exit)
echo 'Could not connect to pumpio. Refresh the page or try again later.';

if($success) {
echo "You are now authenticated to pumpio.";
}


}


function pumpio_connect() {

if (strlen($this->consumer_key) == 0 || strlen($this->consumer_secret) == 0) {
$this->pumpio_registerclient();
return false;
}

if ($this->consumer_key == "" || $this->consumer_secret == "") {
return false;
}

return 1;

}


function pumpio_call() {

echo "<br>=============== call api ===================<br>";


if(strlen($this->oauth_token)>0 && strlen($this->oauth_token_secret)>0) {

$params = array();

$params['verb'] = "post";
$params['object'] = array(
'objectType' => "note",
'content' => "test de note");

$client = new oauth_client_class;
$client->oauth_version = '1.0a';
$client->server = '';
$client->debug=1;
$client->url_parameters = false;
$client->authorization_header = true;
$client->access_token_url = 'http://'.self::PUMP_HOST.'/oauth/access_token';
$client->request_token_url = 'https://'.self::PUMP_HOST.'/oauth/request_token';
$client->dialog_url = 'https://'.self::PUMP_HOST.'/oauth/authorize';
$client->client_id = $_SESSION['consumer_key'];
$client->client_secret = $_SESSION['consumer_secret'];


if (($success = $client->Process())) {
if (strlen($client->access_token)) {
$this->oauth_token = $client->access_token;
$this->oauth_token_secret = $client->access_token_secret;


$success = $client->CallAPI(
'http://'.self::PUMP_HOST.'/api/user/'.$this->user.'/feed',
'POST', $params, array('FailOnAccessError'=>true, 'RequestContentType'=>'application/json'), $this->user);

if($success)
echo 'pumpio_send: success';
else
echo 'pumpio_send: general error: ' . print_r($this->user,true);

}
}
$success = $client->Finalize($success);

}
else
{
$this->pumpio_connect();
}

}


}


$mypump = new pumpio_class();
$mypump->init();
$mypump->user = "demo";


$mypump->pumpio_call();

echo "<br><br>";
var_dump($_SESSION);

?>


Thank for your help and your time.

It is a bit hard to figure the problem because I do not have a pump.io server to test and so I could not run your code.

Anyway, for 2-legged authentication, the CallAPI $options parameter must have an entry with '2Legged'=>true .

Just let me know if that is not the problem.

Thank you for your quick answer. I tried the 2legged option. I have the same error. Here my log :


[Wed May 07 09:25:51 2014] [error] [client 2001:41d0:8:9198::1] PHP Notice: A session had already been started - ignoring session_start() in /var/www/oauth_client.php on line 898
[Wed May 07 09:25:54 2014] [error] [client 2001:41d0:8:9198::1] PHP Notice: A session had already been started - ignoring session_start() in /var/www/oauth_client.php on line 898, referer: http://localhost:8000/oauth/authorize?oauth_token=2IoK7XKvELFEkHvOL9eBgw
[Wed May 07 09:25:54 2014] [error] [client 2001:41d0:8:9198::1] OAuth client: Checking the OAuth token authorization state, referer: http://localhost:8000/oauth/authorize?oauth_token=2IoK7XKvELFEkHvOL9eBgw
[Wed May 07 09:25:54 2014] [error] [client 2001:41d0:8:9198::1] PHP Notice: A session had already been started - ignoring session_start() in /var/www/oauth_client.php on line 898, referer: http://localhost:8000/oauth/authorize?oauth_token=2IoK7XKvELFEkHvOL9eBgw
[Wed May 07 09:25:54 2014] [error] [client 2001:41d0:8:9198::1] OAuth client: The OAuth token was already authorized, referer: http://localhost:8000/oauth/authorize?oauth_token=2IoK7XKvELFEkHvOL9eBgw
[Wed May 07 09:25:54 2014] [error] [client 2001:41d0:8:9198::1] OAuth client: Accessing the API call at http://localhost:8000/api/user/demo/feed, referer: http://localhost:8000/oauth/authorize?oauth_token=2IoK7XKvELFEkHvOL9eBgw
[Wed May 07 09:25:54 2014] [error] [client 2001:41d0:8:9198::1] OAuth client: Could not retrieve the OAuth access. Error: it was not possible to access the API call: it was returned an unexpected response status 400 Response: Invalid / expired Token, referer: http://localhost:8000/oauth/authorize?oauth_token=2IoK7XKvELFEkHvOL9eBgw


When i dump my $_SESSION variable th auth_token is not 2IoK7XKvELFEkHvOL9eBgw

For pump.io for people who want to test, you can create a free account here : http://pump.io/tryit.html but the site seems down for the moment.

Regards

It seems you are using an old version of the class because the current version already checks if the sessions were already started before calling session_start.

Please upgrade your class version. Make sure you are subscribed to get changed class updates so you are aware of new versions that may contain important bug fixes.

I downloaded the last oauth_client and http class version.
Now at the Process() function i have "autorized"=>true instead of false

CallApi return Invalid/Expired token.

I added http_debug = 1, now i have a strange header, oauth_token="" :



[Wed May 07 20:25:50 2014] [error] [client 84.98.53.53] C Authorization: OAuth oauth_consumer_key="QMzxKOuPpCNSZ5NVO2ncnQ",oauth_nonce="8e11099ed17a576e7f435ce5cf2350fd",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1399487150",oauth_version="1.0",oauth_token="",oauth_signature="TnqfT8C8ygbAFs9h3J4%2FsaFqaow%3D", referer: http://xxxx:8000/oauth/authorize

When i do echo $client->access_token it is not empty

Ok now it's work fine now. The Auth_verifier wasn't handled by the process function. The solutions is : At the callback script store auth_token and auth_verifier in the $_SESSION variable then call a second time the process function.

Thank you for everything

Isn't that because you set the oauth_version to '1.0' instead of '1.0a'?

I tried to change 1.0a to 1.0 with no change.
An other pb, I want to store the connection parameters into a database. I saved consumer key and secret, access_token and access_token_secret.

I restore the parameters before calling process() :

$client->access_token = $db->oauth_token;
$client->access_token_secret = $db->oauth_token_secret;
$client->client_id = $db->consumer_key;
$client->client_secret = $db->consumer_secret;

I have a message "Signature non valid"

Do i need to use signature and signature_method ?

Thank you

The invalid signature only occur when i try to get the inbox message list. It works fine with posting.

The oauth_verifier parameter is checked by the class only when oauth_version is set to '1.0a'. It is named oauth verifier, not Auth_verifier as you mentioned above. If the server returns Auth_verifier, it may be a bug in the server.

The process function is to start the OAuth authorization process from the start. If you call it, it will override whatever you put in the access_token and access_token_secret variables. So don't call the process function if you have preset those functions.

Alternatively you may want to use the database_oauth_client class or a subclass like mysqli_oauth_client_class to have your tokens stored and retrieved from a database instead of using the session storage as in the base class.