-
AtomPub + OAuth for Wordpress!
- body
-
After getting the answers I needed from the OAuth list, I decided to go back to hacking at getting OAuth to play nice with AtomPub on my host. I am pleased to report that it now works! It requires a two-line patch to Wordpress (for my host anyway, YMMV), and I had to change the wp-oauth plugin a bit (lastest in SVN), but I have successfully posted to my test blog using a remote AtomPub script authenticated using OAuth.
See some example code. The future is bright!
© 2006-2008 Stephen Paul Weber. Some Rights Reserved.
-
OAuth and XRDS-Simple in Wordpress
- body
-
I'm publishing two plugins today. The first is pretty simple in what it can do for users directly - the XRDS-Simple plugin allows users to delegate their OpenID to their Wordpress blog - basically letting you log in on OpenID enabled sites using your blog address, but without needing to run your own provider.
On a far geekier level, the plugin allows other plugins to add XRDS-Simple services and other information (such as OAuth Discovery) using a progammatic API. A brief example of this API is on the plugin's page.
I am also releasing a more DiSo related plugin - WP-OAuth. This plugin enables interacting with Wordpress authentication using the open OAuth protocol. This could be exciting if combined with AtomPub or another protocol / format supported by Wordpress or another plugin.
© 2006-2008 Stephen Paul Weber. Some Rights Reserved.
-
OAuth Discovery
- body
-
Take 2! Now enhanced with XRDSs! Eran has blogged about the changes and the initial vendor support. This plays right into my dream of infinite interop. I'm quite happy about how small the spec is now that it just rides on XRDSs. There's some weirdness (need two XRDs, can have one XRDSs reference another). Eran has explained his reasoning to me and it makes sense, but I'm still not convinced that it's necessary.
Anyway, I should roll out a new XRDSs and OAuth DiSo plugin soon with support for draft 2. And new examples. There is an alternate PHP class that Eran says will be including support. I will probably use that when it comes out, but I'll bootstrap with JanRain Yadis and the standard OAuth PHP class for now.
© 2006-2008 Stephen Paul Weber. Some Rights Reserved.
Singpolyma
Archive of "OAuth"
On July 24, 2008
- singpolyma listened to Cortez & Pizarro by Slim @ 2008-07-24 19:30 (and 37 more...)
- singpolyma listened to Customize by Connor O'Brien @ 2008-07-24 19:27
- singpolyma listened to Journeys begin by Torley on Piano @ 2008-07-24 19:24
- singpolyma listened to Breathe by Christy Nockels @ 2008-07-24 19:21
- singpolyma listened to Could've Been by Talley Lambert @ 2008-07-24 19:17
- singpolyma listened to Flingg by Torley on Piano @ 2008-07-24 19:16
- singpolyma listened to What if His People Prayed by Casting Crowns @ 2008-07-24 19:14
- singpolyma listened to Dare You to Move by Switchfoot @ 2008-07-24 19:10
- singpolyma listened to Earthquake by Family Force 5 @ 2008-07-24 19:06
- singpolyma listened to Running Just To Catch Myself by Mark Schultz @ 2008-07-24 19:04
- singpolyma listened to Glyding by Torley on Piano @ 2008-07-24 19:02
- singpolyma listened to Cell Phone by Riley Armstrong @ 2008-07-24 18:59
- singpolyma listened to Who Am I by Casting Crowns @ 2008-07-24 18:55
- singpolyma listened to Get Rhythm by Johnny Cash @ 2008-07-24 18:51
- singpolyma listened to A Matter of Time by Petra @ 2008-07-24 18:48
- singpolyma listened to Complete by True Vibe @ 2008-07-24 18:44
- singpolyma listened to Intermezzo Softcore by Daniel Bautista @ 2008-07-24 18:42
- singpolyma listened to The Invitation by Petra @ 2008-07-24 18:39
- singpolyma listened to Nowhere by Antarhes @ 2008-07-24 18:34
- singpolyma listened to Where I Belong by MercyMe @ 2008-07-24 18:29
- singpolyma listened to Never Get Out by Brad Sucks @ 2008-07-24 18:26
- singpolyma listened to I Think I'm In Love by Sinkhole @ 2008-07-24 18:23
- singpolyma listened to My Lover is a Sailor by Kray Van Kirk @ 2008-07-24 18:05
- singpolyma listened to Better Is One Day by Matt Redman @ 2008-07-24 18:00
- singpolyma listened to The Older I Get by Skillet @ 2008-07-24 17:55
- singpolyma listened to Glyding by Torley on Piano @ 2008-07-24 17:53
- singpolyma listened to Canker by Sinkhole @ 2008-07-24 17:50
- singpolyma listened to Work Out Fine by Brad Sucks @ 2008-07-24 17:45
- singpolyma listened to Outermission by Torley on Piano @ 2008-07-24 17:42
- singpolyma listened to Another ascent by Torley on Piano @ 2008-07-24 17:40
- singpolyma listened to Angels by Allison Crowe @ 2008-07-24 17:37
- singpolyma listened to Cadillac Phunque by Family Force 5 @ 2008-07-24 17:33
- singpolyma listened to Awaiting the King's Return by Daniel J. Weber @ 2008-07-24 17:31
- singpolyma listened to Tentativo50 by Orlando @ 2008-07-24 17:28
- singpolyma listened to Michael Nyman - And Do They Do 2 by Topology @ 2008-07-24 17:07
- singpolyma listened to Giallo by Torley on Piano @ 2008-07-24 17:03
- singpolyma listened to Wreck On The Highway by Sinkhole @ 2008-07-24 17:01
- singpolyma listened to Make Me Better by Sinkhole @ 2008-07-24 16:58
RSS Feed
Comment at 
Comment at 
You can trackback from you own site.
7 Comments
I uploaded a new AtomPub patch on that ticket, http://trac.wordpress.org/attachment/ticket/6995/wp-app.php.diff can you confirm that the new patch works as expected.
Hi Singpolyma,
I got some some errors when playing with your oAuth/Wordpress code. I will appreciate it if you could make some comments from the screen dump listed below. It seems the test passed oAuth but was not able to post to Wordpress. In this test, wp_app.php was in the oauth plugin folder. If there is nothing apparently wrong, maybe I should test the Wordpress Atompub separately. It looks like APE is difficult to setup, I think I should just try to use the cURL routines.
1)
http://localhost/wordpress/wp-app.php/posts?oauth_version=1.0&oauth_nonce=be69e7af98c008c2baa9ea3b5627e1f6&oauth_timestamp=1213975361&oauth_consumer_key=91a8964820d53b9faab85c68d5c964158aa01470&oauth_token=&oauth_signature_method=HMAC-SHA1&oauth_signature=SGWl9XFBVQU%2B4TO22TlIO35MyMY%3D
string(215) "HTTP/1.1 404 Not Found
Date: Fri, 20 Jun 2008 15:22:41 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.1 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.1
Content-Length: 0
Content-Type: text/plain
______________________________________________________________________
2)
**When $service = curl_exec($curl) is commented out, the screen dump is listed below. Please note that base_string is NULL. Is there something wrong with it?
http://localhost/wordpress/wp-app.php/posts?oauth_version=1.0&oauth_nonce=19d219064006656cd398c1e7950ae727&oauth_timestamp=1213975481&oauth_consumer_key=91a8964820d53b9faab85c68d5c964158aa01470&oauth_token=2741d783759305b6ebf8dfe9b222b3add7269da4&oauth_signature_method=HMAC-SHA1&oauth_signature=fc8VSycdBPqWgvKNGndDzNg6TMU%3D
object(OAuthRequest)#86 (4) {
["parameters:private"]=>
array(7) {
["oauth_version"]=>
string(3) "1.0"
["oauth_nonce"]=>
string(32) "19d219064006656cd398c1e7950ae727"
["oauth_timestamp"]=>
int(1213975481)
["oauth_consumer_key"]=>
string(40) "91a8964820d53b9faab85c68d5c964158aa01470"
["oauth_token"]=>
string(40) "2741d783759305b6ebf8dfe9b222b3add7269da4"
["oauth_signature_method"]=>
string(9) "HMAC-SHA1"
["oauth_signature"]=>
string(28) "fc8VSycdBPqWgvKNGndDzNg6TMU="
}
["http_method:private"]=>
string(4) "POST"
["http_url:private"]=>
string(43) "http://localhost/wordpress/wp-app.php/posts"
["base_string:private"]=>
NULL
}
________________________________________________________________________________
**I had to hard-code the callback_url. Otherwise, it would not work. If callback_url is simply commented out, wordpress will display "Authorized! You may now close this window"
$callback_url = "/wordpress/wp-content/plugins/wp-oauth/wp_app.php?action=access";
//$callback_url = "$base_url/wp_app.php?action=access";
Note: the last line in Common.inc.php has to be commented out in order to use wp_app.php in a different folder from the plugin iself.
@Ming RE (1) : have you applied the patch? You will get a 404 if you have not. If you have, can you send me the contents of $_SERVER for that request?
RE (2) : I have no idea if that's wrong… is there a specific problem?
RE (3) : This is expected behaviour
RE NOTE : What is your setup like? PHP should resolve __FILE__ to the file the statement is in, and then the relative path should work… always has for me.
Thank you very much. I reapplied the patch manually after I found that the patch command did not work as expected. Now it looks like this in file wp-app.php:
global $always_authenticate;
if( !empty( $_SERVER['ORIG_PATH_INFO'] ) )
$path = $_SERVER['ORIG_PATH_INFO'];
else
$path = $_SERVER['PATH_INFO'];
$method = $_SERVER['REQUEST_METHOD'];
log_app('REQUEST',"$method $path\n================");
This is the dumped $SERVER:
["SERVER_SOFTWARE"]=>
string(61) "Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.1 with Suhosin-Patch"
["SERVER_NAME"]=>
string(9) "localhost"
["SERVER_ADDR"]=>
string(9) "127.0.0.1"
["SERVER_PORT"]=>
string(2) "80"
["REMOTE_ADDR"]=>
string(9) "127.0.0.1"
["DOCUMENT_ROOT"]=>
string(9) "/var/www/"
["SERVER_ADMIN"]=>
string(19) "webmaster@localhost"
["SCRIPT_FILENAME"]=>
string(29) "/var/www/oauthtest/wp_app.php"
["REMOTE_PORT"]=>
string(5) "49426"
["GATEWAY_INTERFACE"]=>
string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=>
string(8) "HTTP/1.1"
["REQUEST_METHOD"]=>
string(3) "GET"
["QUERY_STRING"]=>
string(13) "action=access"
["REQUEST_URI"]=>
string(35) "/oauthtest/wp_app.php?action=access"
["SCRIPT_NAME"]=>
string(21) "/oauthtest/wp_app.php"
["PHP_SELF"]=>
string(21) "/oauthtest/wp_app.php"
["REQUEST_TIME"]=>
int(1214026621)
["argv"]=>
array(1) {
[0]=>
string(13) "action=access"
}
["argc"]=>
int(1)
}
This is the description about how the error still happened (wp_app.php in another folder)
Once I clicked the test button, I was redirected to the Wordpress to authorize the consumer right. I then clicked yes, then I got the error of non-existent URL "http://localhost/wp_app.php?action=access", which should be "http://localhost/oauthtest/wp_app.php?action=access"
Tring to make it work, I changed "$callback_url = "$base_url/wp_app.php?action=access" to "$callback_url = "http://localhost/oauthtest/wp_app.php?action=access"" because I thought something is wrong with the base_url.
I then cliked the test button again, this time the authorization window did not show up (already approved), I got an error as
"http://localhost/wordpress/wp-app.php/posts?oauth_version=1.0&oauth_nonce=a6c0ce38cff5bf899d072867d0d4694e&oauth_timestamp=1214025525&oauth_consumer_key=ccaa282c3f6c66cf0b2491b9f152e11ad4bd822c&oauth_token=faebda8608c455bfef6d2f0628fd5c055276659a&oauth_signature_method=HMAC-SHA1&oauth_signature=VzGlNOYOHhq1XaTL4wk9mWuiQsI%3D
string(215) "HTTP/1.1 404 Not Found"
Thank you very much. I reapplied the patch manually after I found that the patch command did not work as expected.
Now it looks like this in file wp-app.php:
global $always_authenticate;
if( !empty( $_SERVER['ORIG_PATH_INFO'] ) )
$path = $_SERVER['ORIG_PATH_INFO'];
else
$path = $_SERVER['PATH_INFO'];
$method = $_SERVER['REQUEST_METHOD'];
log_app('REQUEST',"$method $path\n================");
This is the dumped $SERVER (no PATH_INFO?):
["SERVER_SOFTWARE"]=>
string(61) "Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.1 with Suhosin-Patch"
["SERVER_NAME"]=>
string(9) "localhost"
["SERVER_ADDR"]=>
string(9) "127.0.0.1"
["SERVER_PORT"]=>
string(2) "80"
["REMOTE_ADDR"]=>
string(9) "127.0.0.1"
["DOCUMENT_ROOT"]=>
string(9) "/var/www/"
["SERVER_ADMIN"]=>
string(19) "webmaster@localhost"
["SCRIPT_FILENAME"]=>
string(29) "/var/www/oauthtest/wp_app.php"
["REMOTE_PORT"]=>
string(5) "49426"
["GATEWAY_INTERFACE"]=>
string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=>
string(8) "HTTP/1.1"
["REQUEST_METHOD"]=>
string(3) "GET"
["QUERY_STRING"]=>
string(13) "action=access"
["REQUEST_URI"]=>
string(35) "/oauthtest/wp_app.php?action=access"
["SCRIPT_NAME"]=>
string(21) "/oauthtest/wp_app.php"
["PHP_SELF"]=>
string(21) "/oauthtest/wp_app.php"
["REQUEST_TIME"]=>
int(1214026621)
["argv"]=>
array(1) {
[0]=>
string(13) "action=access"
}
["argc"]=>
int(1)
}
This is the description about how the error still happened (wp_app.php in another folder)
Once I clicked the test button, I was redirected to the Wordpress to authorize the consumer right. I then clicked yes, then I got the error of non-existent URL "http://localhost/wp_app.php?action=access", which should be "http://localhost/oauthtest/wp_app.php?action=access"
Tring to make it work, I changed "$callback_url = "$base_url/wp_app.php?action=access" to "$callback_url = "http://localhost/oauthtest/wp_app.php?action=access"" because I thought something is wrong with the base_url.
I then cliked the test button again, this time the authorization window did not show up (already approved), I got an error as
"http://localhost/wordpress/wp-app.php/posts?oauth_version=1.0&oauth_nonce=a6c0ce38cff5bf899d072867d0d4694e&oauth_timestamp=1214025525&oauth_consumer_key=ccaa282c3f6c66cf0b2491b9f152e11ad4bd822c&oauth_token=faebda8608c455bfef6d2f0628fd5c055276659a&oauth_signature_method=HMAC-SHA1&oauth_signature=VzGlNOYOHhq1XaTL4wk9mWuiQsI%3D
string(215) "HTTP/1.1 404 Not Found"
I finally run through your code after making some minor changes:
1) In wp_app.php, I had to hard-code the callback-url because otherwise the base_url is empty.
//$callback_url = "$base_url/wp_app.php?action=access";
2) At first SCRIPT_URI was undefined in my server setup. This was fixed by configuring virtualhost and enabling RewriteEngine module.
3) Finally, this thing got work after commenting out one line in wp-app.php:
//$_SERVER['PATH_INFO'] = preg_replace( '/.*\/wp-app\.php/', ", $_SERVER['REQUEST_URI'] );
Then I was able to post on my Wordpress! Thanks for the work.
@Ming (1) wp_app.php is just a test script - not surprising you had to make some changes. (2&3) Might make sense to submit reports of some kind to WordPress, since those are requirements for WordPress AtomPub and not my plugin.
Post a Comment