Vyacheslav Slinko

Some oauth2 servers doesn't recognize Authorization header

Showing 1 changed file with 27 additions and 22 deletions
@@ -27,6 +27,9 @@ @@ -27,6 +27,9 @@
27 27
28 class OAuth2_Service_Configuration 28 class OAuth2_Service_Configuration
29 { 29 {
  30 + const AUTHORIZATION_METHOD_HEADER = 1;
  31 + const AUTHORIZATION_METHOD_ALTERNATIVE = 2;
  32 +
30 /** 33 /**
31 * @var string 34 * @var string
32 */ 35 */
@@ -40,7 +43,7 @@ class OAuth2_Service_Configuration @@ -40,7 +43,7 @@ class OAuth2_Service_Configuration
40 /** 43 /**
41 * @var string 44 * @var string
42 */ 45 */
43 - private $_useOnlyAuthorizationHeader = true; 46 + private $_authorizationMethod = self::AUTHORIZATION_METHOD_HEADER;
44 47
45 /** 48 /**
46 * @param string $authorizeEndpoint 49 * @param string $authorizeEndpoint
@@ -68,15 +71,15 @@ class OAuth2_Service_Configuration @@ -68,15 +71,15 @@ class OAuth2_Service_Configuration
68 /** 71 /**
69 * @return string 72 * @return string
70 */ 73 */
71 - public function setUseOnlyAuthorizationHeader($useOnlyAuthorizationHeader) { 74 + public function setAuthorizationMethod($authorizationMethod) {
72 - $this->_useOnlyAuthorizationHeader = $useOnlyAuthorizationHeader; 75 + $this->_authorizationMethod = $authorizationMethod;
73 } 76 }
74 77
75 /** 78 /**
76 * @return string 79 * @return string
77 */ 80 */
78 - public function getUseOnlyAuthorizationHeader() { 81 + public function getAuthorizationMethod() {
79 - return $this->_useOnlyAuthorizationHeader; 82 + return $this->_authorizationMethod;
80 } 83 }
81 84
82 } 85 }
@@ -267,23 +270,26 @@ class OAuth2_Service @@ -267,23 +270,26 @@ class OAuth2_Service
267 270
268 $parameters = null; 271 $parameters = null;
269 272
270 - if (!$this->_configuration->getUseOnlyAuthorizationHeader()){ 273 + $authorizationMethod = $this->_configuration->getAuthorizationMethod();
271 - /* 274 +
272 - http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1 275 + switch ($authorizationMethod) {
273 - Clients SHOULD only use the request URI or body when the 276 + case OAuth2_Service_Configuration::AUTHORIZATION_METHOD_HEADER:
274 - "Authorization" request header field is not available, and MUST NOT 277 + $additionalHeaders = array_merge(array('Authorization: OAuth ' . $token->getAccessToken()), $additionalHeaders);
275 - use more than one method in each request.only one method should be used as per the Draft. 278 + break;
276 - Allow to override correct behavior for misimplemented servers 279 + case OAuth2_Service_Configuration::AUTHORIZATION_METHOD_ALTERNATIVE:
277 - */ 280 + if ($method !== 'GET') {
278 - if ($method !== 'GET') { 281 + if (is_array($postBody)) {
279 - if (is_array($postBody)) { 282 + $postBody['oauth_token'] = $token->getAccessToken();
280 - $postBody['oauth_token'] = $token->getAccessToken(); 283 + } else {
  284 + $postBody .= '&oauth_token=' . urlencode($token->getAccessToken());
  285 + }
281 } else { 286 } else {
282 - $postBody .= '&oauth_token=' . urlencode($token->getAccessToken()); 287 + $uriParameters['oauth_token'] = $token->getAccessToken();
283 } 288 }
284 - } else { 289 + break;
285 - $uriParameters['oauth_token'] = $token->getAccessToken(); 290 + default:
286 - } 291 + throw new OAuth2_Exception("Invalid authorization method specified");
  292 + break;
287 } 293 }
288 294
289 if ($method !== 'GET') { 295 if ($method !== 'GET') {
@@ -298,9 +304,8 @@ class OAuth2_Service @@ -298,9 +304,8 @@ class OAuth2_Service
298 $endpoint .= (strpos($endpoint, '?') !== false ? '&' : '?') . http_build_query($uriParameters); 304 $endpoint .= (strpos($endpoint, '?') !== false ? '&' : '?') . http_build_query($uriParameters);
299 } 305 }
300 306
301 - $headers = array_merge(array('Authorization: OAuth ' . $token->getAccessToken()), $additionalHeaders);  
302 307
303 - $http = new OAuth2_HttpClient($endpoint, $method, $parameters, $headers); 308 + $http = new OAuth2_HttpClient($endpoint, $method, $parameters, $additionalHeaders);
304 $http->execute(); 309 $http->execute();
305 310
306 return $http->getResponse(); 311 return $http->getResponse();