Issues

ZF-12145: Zend_Oauth_Consumer realm value not used in oauth request header

Issue Type: Bug Created: 2012-04-10T15:23:21.000+0000 Last Updated: 2012-04-12T13:58:12.000+0000 Status: Open Fix version(s): Reporter: Chad Sturtz (csturtz) Assignee: Pádraic Brady (padraic) Tags: - Zend_Oauth

Related issues: Attachments:

Description

When constructing a Zend_Oauth_Consumer with a set of parameters that includes a 'realm', the realm value does not get used in the Authorization header. Instead, the realm value that gets used is just an empty string.

The same problem exists in at least two places. First, it exists on lines 103 - 105 in the function getRequestSchemeHeaderClient() in Zend/Oauth/Http/RequestToken.php. Second, it exists on line 98 of Zend/Oauth/Http/AccessToken.php.

In both places, a call is made to the function toAuthorizationHeader() on an instance of Zend_Oauth_Http_Utility. This function expects a second argument for the realm value, yet the consumer's realm value is not passed in here.

I fixed this issue locally by changing this (this is the code from RequestToken.php):

<pre class="literal">
$headerValue = $this->_httpUtility->toAuthorizationHeader(
    $params
);

to this:

<pre class="literal">
$headerValue = $this->_httpUtility->toAuthorizationHeader(
    $params, $this->_consumer->getRealm()
);

The fix for AccessToken.php was the same.

ADDITIONAL NOTES: 1. I was specifying the request scheme in my consumer configuration to Zend_Oauth::REQUEST_SCHEME_HEADER 2. I was specifying the http method in my consumer configuration to 'POST' 3. This issue was seen when retrieving the request token as well as when retrieving the access token ( i.e. $consumer->getRequestToken();, $consumer->getAccessToken() ) 4. I simply put in a quick fix for this issue locally. I did not spend any time trying to determine the 'best' way to fix.

Comments

No comments to display

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts