On Wed, Mar 19, 2014 at 3:20 PM, Magnus Manske <[email protected]>wrote:
> Hi Brad, > > I'm sure that's correct, but: > > * When I just sign the OAuth params (no content type, no POST fields), I > get "The authorization headers in your request are not valid: Invalid > signature" > * When I then add the content-type to the header, I get ... the API help > page, wrapped in the XML tag <error code="help" info="" > xml:space="preserve"> (even though I am querying JSON...) > > Apologies if this gets too detailed for the mailing list, it's just very > frustrating :-( > It's wikitech, code talk should be expected ;) I've taken the example code at < https://tools.wmflabs.org/oauth-hello-world/index.php?action=download> and changed it to use a multipart/form-data POST; this new version is at < https://tools.wmflabs.org/oauth-hello-world/multipart-formdata.php?action=download>. You'll notice only two changes to the code. The first (and the important one) is that the call to sign_request() from doApiQuery() only passes the OAuth header fields, not the post fields. The second is that the call to curl_setopt for CURLOPT_POSTFIELDS from doApiQuery() passes the $post array directly instead of first converting it to a string with http_build_query(). This is what makes curl (or PHP's implementation of it) use multipart/form-data rather than application/x-www-form-urlencoded. Besides some config and doc changes, everything else remains the same. I hope this helps. -- Brad Jorsch (Anomie) Software Engineer Wikimedia Foundation _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
