Using OAuth-enabled APIs with CakePHP

58 comments baked

• Andreas September 01, 2008 at 20:33

  This is great, thanks Daniel.
  Just a few weeks ago I thought, that it would be really great if there was a OAuth Component in CakePHP.

  I will try this one out as soon as i can.

  Have you also experimented with enabling a cakePHP-app as a OAuth-provider? I tried but failed horribly ;-)

• Tarique Sani September 02, 2008 at 06:56

  +1 to Andreas’s request CakePHP app as an OAuth provider would be great!

• cakebaker September 02, 2008 at 17:48

  @Andreas, Tarique: Thanks for your comments!

  Yes, I’m experimenting with enabling a CakePHP app to be an OAuth provider and I hope I can write about it soon ;-)

• OAuth for .NET and CakePHP « OAuth September 09, 2008 at 08:34

  [...] first is a component for CakePHP for accessing services with OAuth called OAuth component for CakePHP (points for [...]

• Bryan Young January 13, 2009 at 23:29

  Daniel, thanks for the great OAuth tutorial. You may want to mention somewhere in your article that the security level in /config/core.php needs to be set to ‘low’ to make this work.

• cakebaker January 14, 2009 at 18:50

  @Bryan: Thanks for the hint, I added your hint to the article!

• Justin Spencer January 28, 2009 at 23:35

  Thanks for the great tutorial!
  It worked just fine for Fire Eagle, but when I tried getting a request token from myspace, who also has OAuth for their applications, it returned a null $requesToken after calling getRequestToken() and passing in the proper parameters. Should the code be any different between providers?

• cakebaker February 01, 2009 at 17:16

  @Justin: Did you use a network analyzer like Wireshark to analyze what’s going on? And do you use the correct HTTP method to request the request token?

• Rui Cruz February 04, 2009 at 22:56

  I’ve been trying to set this up using plugins but seems like the oauth consumer cannot find the consumer files.

  It throws an error on line 69 because it’s searching for the main app component folder.

  Is this a handicap or am I doing something wrong?

• Rui Cruz February 04, 2009 at 23:16

  Actually I changed line 59 to this

  $CONSUMERS_PATH = dirname(__FILE__).DS.’oauth_consumers’.DS;

  and it now works in the plugin except I’m having a null accessToken…

  was it me :|

• cakebaker February 05, 2009 at 18:42

  @Rui: The issue with not finding the consumer files is definitely a bug, I didn’t think about plugins at the time I developed it. I have to fix this.

  Regarding the second issue, it is difficult to say what could be the problem. Did you use a tool like Wireshark to see what’s going on?

• Rui Cruz February 06, 2009 at 11:17

  @cakebaker: If you change your line 59 to what it posted it will work.

  The rest was me being lazy and not setting the security level on cake to low.

  It seem to work ok now.

  BTW why not post your component on github or something?

• cakebaker February 06, 2009 at 16:32

  @Rui: Ok, the bug is now fixed. And I’m glad the other problem disappeared :)

  The component is already available on github: http://github.com/cakebaker/oauth-consumer-component/. However, I didn’t have linked to it yet ;-)

• Rui Cruz February 06, 2009 at 18:17

  @cakebaker: Tip, how about another article using Gdata? :)

• cakebaker February 10, 2009 at 17:33

  @Rui: Good idea, though I don’t have used Gdata yet ;-)

• Ryan Billingsley April 07, 2009 at 23:58

  I know this article was written back in September but I just found it and am having problems. First, writing the requestToken Object to the Session is getting destroyed by Cake once the redirect has happened. Is anyone else having this issue? I am trying to do this with Twitter and I can get Twitter to allow my application but once it redirects to my callback url, there is no token to read, so I can’t get the access token. Any help would be really appreciated.

• cakebaker April 08, 2009 at 16:23

  @Ryan: Thanks for your comment!

  Hm, what’s the setting of “Security.level” in app/config/core.php? Can you set it to “medium” or “low”, and try again?

  Hope that helps!

• Ryan Billingsley April 08, 2009 at 16:34

  Security level is set to low. I have tried changing Session.start to false and manually creating my session but that didn’t seem to help. I have Session.save set to database, so I can see that it is writing the token to Session, but then it creates a new session once I return from Twitter.

• cakebaker April 08, 2009 at 17:18

  @Ryan: You mention you set “Session.save” to “database”. Does it work if you keep the default value (“php”)?

• Ryan Billingsley April 08, 2009 at 17:33

  No it didn’t work then either. I don’t know if that is tied into the cookies being saved as CAKEPHP and PHPSESSID, I haven’t tried that yet.

• cakebaker April 10, 2009 at 16:38

  @Ryan: Hm, at the moment I don’t have any idea what could be the problem… I currently use it with Twitter in NoseRub, without any problem so far.

• psuedo April 17, 2009 at 18:21

  I’m running Cake 1.2.2.8120 and I’m getting the error:

  Fatal error: Class ‘OAuthConsumer’ not found in (…)/controllers/components/oauth_consumers/abstract_consumer.php on line 40

• psuedo April 17, 2009 at 18:25

  Sorry, I just didn’t put the library into the vendors directory when I thought I had… Feel free to delete this and the last comment!

• cakebaker April 22, 2009 at 09:01

  @psuedo: No problem, I hope it works now as expected!

• Jerry May 04, 2009 at 16:45

  Does anyone know how to import contacts from Gmail, yahoo hotmail using this?

  The example is very basic but a good example to start off with.

  Thanks

• cakebaker May 05, 2009 at 16:22

  @Jerry: At least if the services you mention provide an OAuth-enabled API it should work in a similar way as shown in the example: you have to get an access token and with that access token you can then access the respective API. Or did you encounter a specific issue?

• Keith May 29, 2009 at 22:52

  Hi David,

  Iam trying to connect to google docs api using this component.. however, I get an error saying
  “parameter_absent oauth_parameters_absent:scope ”

  The code Im using is as follows:
  

  $requestToken = $this->OauthConsumer->getRequestToken('Google', 'https://www.google.com/accounts/OAuthGetRequestToken', 'GET');
  $this->Session->write('requestToken', $requestToken);
  		
  $this->redirect('https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token='.$requestToken->key);

  Because of this I cannot seem to get past the first step of this tutorial ;)

  Ever run across this?
  thanks

• Keith June 01, 2009 at 16:22

  Fixed… our server time was off.

• cakebaker June 03, 2009 at 16:20

  @Keith: Good to hear you could fix the issue in the meantime :)

• J. Adam Moore June 14, 2009 at 18:25

  You don’t have an example of using a previously stored access token. This would be greatly appreciated as it is not clear to me at all how to do this, nor have I seen or heard of anyone doing this with a site like, let’s say Twitter. Is it possible, or are you just pointing out how to use a preexisting library of code? Because as actual solutions go, this one isn’t fully realized.

• cakebaker June 16, 2009 at 17:55

  @J. Adam: Thanks for your comment!

  Well, usually an access token is represented by a model, and so you retrieve it with something like $this->AccessToken->find(‘first’, some criteria); And with those data you can then call the respective API as shown in the article, simply replace $accessToken->key and $accessToken->secret with the data you got from your model.

  Hope that helps!

• kunal July 13, 2009 at 14:35

  cakebaker..thanks for another great article. Though I was hoping there would be a component to have a CakePHP app be an OAuth provider.. are you close to a solution for that one? :)

• cakebaker July 13, 2009 at 17:45

  @kunal: Thanks for your comment!

  Well, you can find an implementation of an OAuth provider in NoseRub (http://code.google.com/p/noserub), though it is a bit more than just a component: it consists of a component, two controllers and some models ;-)

  However, I’m currently adapting it to OAuth 1.0a and so the code in the development branch is a bit in an undefined state… Maybe I should try to make this part of NoseRub more independent, so it can be used by others, or at least write an article about it.

• kunal July 20, 2009 at 06:27

  thanks, if you could write an article on that, and perhaps if you get a chance to make a modular component out of it, that would be awesome.

• Rui Cruz September 05, 2009 at 01:51

  Hum.. Haven’t touched this in a while.

  Still having problems in using this in a plugin, but this time it’s not the same as before (thanks for using my #BUGFIX ;))

  On line 75 of the oauth_consumer.php || return $consumerClass->getConsumer();

  Throws me an exception “Fatal error: Class ‘OAuthConsumer’ not found”

  Following the code, the getConsumer() method of the abstract_consumer.php returns || new OAuthConsumer($this->consumerKey, $this->consumerSecret);

  I’m not getting it, any clues?! this worked before (I just downloaded the most recent code you had available)

• Rui Cruz September 05, 2009 at 02:06

  Dumb ass… working late has these things.

  I figured it out, it’s very simple. I was trying to use the /plugin/vendors/OAuth/OAuth.php and you script searches for the /app/vendors/OAuth/OAuth.php

  I need to override this, any suggestions as for the better place to do it?

• cakebaker September 06, 2009 at 11:36

  @Rui: I uploaded a new version which should fix this issue: http://code.42dh.com/oauth (please also check the changelog).

• Rui Cruz September 06, 2009 at 11:44

  Nice dude,

  I’m going to update my code asap and I’ll let you know how it all worked out.

• SayB September 10, 2009 at 04:35

  for those who are trying to get auth or access tokens for YouTube BE-WARNED (ACHTUNG) do not include a callback parameter when you “getRequestToken” this is because YouTube does not return the “oauth_verifier” and you will also have to change a few lines of code in the OauthConsumerComponent::getAccessToken() – just introduce a simple check to include ‘oauth_verifier’ only when the value is set.

  YouTube does not seem to have aligned itself to OAuth 1.0a and what’s more funny is that even if you specify oauth_version to be 1.0, it’s going to “treat” it as 1.0a if you include a callback url and will demand an oauth_verifier although it will not provide you one. May be they’ll fix this issue soon.

• cakebaker September 12, 2009 at 15:23

  @SayB: You could try the previous version of the component, as it supported OAuth 1.0. But maybe it would make sense to re-add support for OAuth 1.0?

• HHuan September 15, 2009 at 07:58

  I try to use the vendors of OAuth, how to return the code. Please see the code.

  App::import('Vendor', 'oauth', array('file'=>'OAuth'. DS. 'oauth_consumer.php'));
  class AuthloginController extends AppController
  {
  	public $uses = array();
      
  	public function twitter() 
  	{
  		$this->autoRender = false;
  		$consumer = $this->createConsumer();
  		//var_dump($consumer);
  		$requestToken = $consumer->getRequestToken('http://127.0.0.1/ts/authlogin/rs', 'http://127.0.0.1/ts/authlogin/twitter_callback');
  		var_dump($requestToken);
  		$this->Session->write('twitter_request_token', $requestToken);
      }
  		      
  	public function twitter_callback() 
  	{
  		file_put_contents('mmm1.txt', $this->params);
      }
      
  	public function rs()
  	{
  		if ($_SERVER['REQUEST_METHOD'] == 'POST')
  		{
  			file_put_contents('mmm2.txt', var_export(array('a', 'b', 'c')));
  		}
  		echo array('a', 'b', 'c');
  	}
  	
  	private function createConsumer() 
      {
          return new OAuth_Consumer('YOUR_CONSUMER_KEY', 'YOUR_CONSUMER_SECRET');
      }
  }

  but when I var_dump($requestToken); of line 12, it is NULL, why? Can anybody help me?Thx~

• cakebaker September 15, 2009 at 16:48

  @HHuan: Hm, I don’t know why you specify the url to your “rs” action as the first parameter for the getRequestToken() method (and not the url to get a request token for Twitter, i.e. http://twitter.com/oauth/request_token )…

  Anyway, if you want to use your rs() method to return a request token, then the method should look like:
  

  public function rs() {
      echo 'oauth_token=token&oauth_token_secret=secret';
  }

  Hope that helps!

• HHuan September 16, 2009 at 05:12

  Thx a lot, coz i am new to use OAuth, i misunderstood before, but in our country, we are rejected to view twitter, too bad…

  By the way, is that linking to google is different from linking to twitter? Please help me.

  App::import('Vendor', 'oauth', array('file'=>'OAuth'. DS. 'oauth_consumer.php'));
  class AuthloginController extends AppController
  {
  	public $uses = array();
      
  	public function google() 
  	{
  		$this->autoRender = false;
  		$consumer = $this->createConsumer();
  		$requestToken = $consumer->getRequestToken('https://www.google.com/accounts/OAuthGetRequestToken', 'http://127.0.0.1/ts/authlogin/google_callback');
  		var_dump($requestToken);
  		$this->Session->write('google_request_token', $requestToken);
      }
  		      
  	public function google_callback() 
  	{
  		$requestToken = $this->Session->read('google_request_token');
  		$consumer = $this->createConsumer();
  		$accessToken = $consumer->getAccessToken('https://www.google.com/accounts/OAuthGetAccessToken', $requestToken);
  		//********************below i dont know how to handle it****************
  		$consumer->post($accessToken->key, $accessToken->secret, 'http://twitter.com/statuses/update.json', array('status' => 'hello world!'));
      }
      
  	private function createConsumer() 
      {
          return new OAuth_Consumer('MY_CONSUMER_KEY', 'MY_CONSUMER_SECRET');
      }
  
  }

• cakebaker September 17, 2009 at 16:28

  @HHuan: Hm, I am not sure I understand your question. What do you try to accomplish? In the code I noticed two things: in the google() method you have to redirect to an “authorize” page at the end of the method. And the code below “below i dont know how to handle it” you have to use a Google url, you can’t post to twitter with an access token from Google.

  Hope that helps a bit!

• Tweets that mention Using OAuth-enabled APIs with CakePHP - cakebaker -- Topsy.com November 09, 2009 at 00:08

  [...] This post was mentioned on Twitter by Benjamin Pearson, Benjamin Pearson. Benjamin Pearson said: @benjaminpearson It's basically built on this http://bit.ly/vnwlj [...]

• Kakakatt December 01, 2009 at 03:04

  Please help me! I use your OAuth component with google service but i have a problem. I don’t know why $requestToken is NULL !!! My code is:
  ������b�x�u�kz�������+ �殶��˦z�-��Qz������Ƣ�%zm���� ��%y�&��������Fz�^�笵:$z���ݺjkz��������+m�+ �'��*'��+�׫z�������z�������+ �������m���� ��%y�&��������@��h�,�N�����h���z�������G�������b�w�V�rJު笵:$z{a��-I�,��භ�v����-N���z��G����Ӛ��B�{.����
�����Ƣ�%zm���� ��%y�&��������Fz�q�,N������-N�

  and in oauth_consumer folder i have a file google_consumer.php :

  rV��j(�W��{.����קv����rШ�˦z�nnX�~�ܶ*'r�춻����z{�{-��-�)�l�y��

  I checked it and I realized that the request method in http_socket.php doesn’t work, It always return NULL. I don’t know why. Please help me.

• Kakakatt December 01, 2009 at 12:18

  oops, what ‘s wrong with my code :| ?
  

  public function index() {
  		
          $requestToken = $this->OauthConsumer->getRequestToken('Google','https://www.google.com/accounts/OAuthGetRequestToken');
  		//var_dump($requestToken); exit();
          $this->Session->write('requestToken', $requestToken);
          $this->redirect('https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token='.$requestToken->key);
      }
  
  	 public function callback() {
          $requestToken = $this->Session->read('requestToken');
          $accessToken = $this->OauthConsumer->getAccessToken('Google', 'https://www.google.com/accounts/OAuthGetAccessToken', $requestToken);
      }

  In google_consumer.php

  class GoogleConsumer extends AbstractConsumer {
      public function __construct() {
          parent::__construct('my key', 'my secret');
      }
  }

  In http_socket.php the code
  

  $response = null;
  		
  		while ($data = $this->read()) {
  			
  			$response .= $data;				
  		}

  
  It doesn’t work, $response is always NULL !!!

• cakebaker December 05, 2009 at 15:59

  @Kakakatt: Your code looks correct. Did you check with a tool like Wireshark whether a request was performed? And is the OpenSSL extension activated in your php.ini?

  Hope this helps!

• Kakakatt December 05, 2009 at 17:50

  I found the error.It occurs when I tried to receive the request token,
  There was a oauth_callback_confirmed string flowing. It looks like this:
  object(OAuthToken)#30 (2) { ["key"]=> string(30) "4/kJgZjbdAcEujx8acnVOyaPYJZKRa" ["secret"]=> string(54) "N4lAsT6qQnZahUTbRF1Cm66/&oauth_callback_confirmed=true" }
  Yep, you need to remove the call back string and then the problem will be solved
  object(OAuthToken)#30 (2) { ["key"]=> string(30) "4/kJgZjbdAcEujx8acnVOyaPYJZKRa" ["secret"]=> string(54) "N4lAsT6qQnZahUTbRF1Cm66/" }
  But I have a other problem that OAuth can’t be used with picasa. Are there anyone want to help me ? Thanks

• Kakakatt December 05, 2009 at 17:52

  I found the error.It occurs when I tried to receive the request token,
  There was a oauth_callback_confirmed string flowing. It looks like this:
  object(OAuthToken)#30 (2) { ["key"]=> string(30) "4/kJgZjbdAcEujx8acnVOyaPYJZKRa" ["secret"]=> string(54) "N4lAsT6qQnZahUTbRF1Cm66/&oauth_callback_confirmed=true" }
  Yep, you need to remove the call back string and then the problem will be solved
  object(OAuthToken)#30 (2) { ["key"]=> string(30) "4/kJgZjbdAcEujx8acnVOyaPYJZKRa" ["secret"]=> string(54) "N4lAsT6qQnZahUTbRF1Cm66/" }
  But I have a other problem that OAuth can’t be used with picasa. Are there anyone want to help me ? Thanks

• cakebaker December 09, 2009 at 17:34

  @Kakakatt: Hm, I just tried it myself and it worked fine without removing the param. Do you use the latest version of the oauth component?

  What is the problem with picasa? At least from this ticket http://code.google.com/p/gdata-issues/issues/detail?id=701 it seems like OAuth is supported by picasa.

• Kakakatt December 10, 2009 at 01:45

  May I read your code ? I have used Oauth component 2009-09-05 version.
  The link you provided do not deal with the problem, it was just warning of mistake. I have read sources from Google API that: Picasa is just compatible with Auth http://code.google.com/apis/picasaweb/docs/1.0/developers_guide_php.html

• cakebaker December 10, 2009 at 17:52

  @Kakakatt: Sure, here it is. The consumer class:
  

  // app/controllers/components/oauth_consumers/google_consumer.php
  class GoogleConsumer extends AbstractConsumer {
      public function __construct() {
          parent::__construct('anonymous', 'anonymous');
      }
  }

  
  And the controller:
  

  // app/controllers/google_example_controller.php
  class GoogleExampleController extends AppController {
      public $uses = array();
      public $components = array('OauthConsumer');
  	
      public function index() {
          $requestToken = $this->OauthConsumer->getRequestToken('Google', 'https://www.google.com/accounts/OAuthGetRequestToken', 'http://test.localhost/google_example/callback', 'POST', array('scope' => 'http://picasaweb.google.com/data'));
          $this->Session->write('request_token', $requestToken);
  	
          $this->redirect('https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=' . $requestToken->key);
      }
  	
      public function callback() {
          $requestToken = $this->Session->read('request_token');
          $accessToken = $this->OauthConsumer->getAccessToken('Google', 'https://www.google.com/accounts/OAuthGetAccessToken', $requestToken);
          
          debug($accessToken);
          exit;
      }
  }

  
  I hope this helps.

  And regarding OAuth and Picasa: at least according to Google’s OAuth announcement Picasa should also be supported.

• CantonDog March 31, 2010 at 06:23

  Would you know any reason why the callback would return NULL in a Google Chrome browser but work fine in FireFox and IE? So far I can’t figure it out.

  The first error I get when using chrome is Trying to get property of non-object

  The line it’s throwing the error on is:
  $credentials = $consumer->get($accessToken->key, $accessToken->secret, 'http://twitter.com/account/verify_credentials.json');

• cakebaker March 31, 2010 at 16:28

  @CantonDog: Hm, I assume you get the error when accessing the key and secret properties of $accessToken, right? Did you check whether you got an access token back after calling the getAccessToken() method?

  I’m not sure if this helps…

• Implementing a Two-Legged OAuth Server in CakePHP · Dunedinmusic.com Development Blog July 10, 2010 at 13:42

  [...] are no available CakePHP components or plugins that implement an OAuth server (although there are these for doing client [...]

• amjedonline July 28, 2010 at 18:35

  Hii, thanks for this great component.
  Am facing the same problem as ryan and cantondog.
  either requestToken is getting destroyed from the session, although I have set my security level to low.

• cakebaker July 31, 2010 at 15:05

  @amjedonline: Hm, so it works with some browsers, but not with others? In which browsers do you encounter issues? On which platform are you? And which CakePHP version do you use?

  Here on Linux with Cake v1.3.2 it works fine with FF 3.6.8 and Chrome 5.0.375.125 if the security level is set to “low”.

Bake a comment