Invalid Protected Resource URL in Pecl_Oauth

I had a funny (funny weird, not funny haha) problem the other day when working with pecl_oauth in PHP to talk to a service. I'd gone through all the handshaking steps, got the acces token and was ready to start talking to the service itself. However when I tried to call OAuth::fetch, I got an error message:

Fatal error: Uncaught exception 'OAuthException' with message 'Invalid protected resource url, unable to generate signature base string'

There are two things to notice about this. The first one is that I should be catching exceptions thrown by this code :) The second is that I could see nothing wrong with my url, http://api.local. It turned out, after some experimentation, that what is missing here is a trailing slash, and if I supply http://api.local/, everything works perfectly nicely! I'm unclear if this is intended functionality or not, but if you see this error message and you're requesting a URL with no path info, make sure you have a trailing slash.

OAuth Google API for Unregistered Applications

It is pretty common when using OAuth for there to be a relationship between the provider and consumer; as a consumer you usually register with the provider to obtain a consumer key and consumer secret. Google's APIs however do not require this. It is recommended that you register your application, however it is also possible to use OAuth without registering.

To make this work, when you sign your OAuth request Google will accept some default values for consumer key and secret - see their documentation on signing oauth requests. To do this, set both consumer key and secret to the value "anonymous", and proceed as you normally would. The only difference so far as I can see is that the user will be shown a more cautious message when they are prompted to grant access to your application. Personally I think this is a great approach, particularly when prototyping ideas. Registering the applications though is simple and quick so I'd recommend registering for most applications once they get beyond concept stage.

Authenticating with OAuth from PHP

I've been looking into OAuth recently and really like what I see, so I started looking at actually starting to play with something that uses it (and isn't twitter). In the pursuit of this, I spent some time walking through the process of how to actually authenticate using OAuth, as a client. I chose Yahoo!'s service, because they have some fabulous developer documentation and have a standard OAuth implementation. Although you don't strictly need any special libraries to handle OAuth, that would be a bit like decoding XML with a regex, so I used the OAuth Package from PECL. For others (including me after I've slept), here's an outline of the process.

Continue reading

Missing pcre.h when installing pecl_oauth

I was playing with pecl_oauth last week (more about that in a later post) and when I tried to install from PECL, it grabbed the files, ran the configure step but stopped with an error status during make. This is bad news for those of us who are ubuntu users rather than compile-happy linux users! Closer inspection showed this line around the point things started to go wrong:

Error: /usr/include/php5/ext/pcre/php_pcre.h:29:18: error: pcre.h: No such file or directory

I didn't have the header files for pcre installed - in ubuntu the headers are in the -dev packages so I just installed what I needed:

sudo aptitude install libpcre3-dev

Re-attempting the pecl install, everything worked as expected. This is on Ubuntu 10.04 Lucid Lynx, and from reading around you'd want to install the same package in response to this error message, regardless of what you were doing to cause it. Hope this helps someone.