Magento REST API OAuth

Question

Magento ver. 1.7.0.2

I'm new to Magento, REST and oauth. I want to be able to use the Magento REST API to be able to modify an online store with an inhouse Customer Management System. I have been able to set up Magento easily enough, but I'm struggling with REST, specifically with the oauth.

I am currently running Magento on MAMP 2.1.1 on OSX 10.7.5. I was able to install OAUTH using these directions: Installing PHP OAuth in MAMP environment

Following the Magento tutorial I am using the Firefox RESTClient to test OAuth. I have set up Roles and a Consumer in Magento, and put the keys in the corresponding fields in RESTClient.

When I post to

http://localhost:8888/store/oauth/initiate?oauth_callback=http://localhost:8888/store/oauth_admin.php

I get the reponse

oauth_problem=signature_invalid&debug_sbs=QiIiTo3WGTZLTOhyIest9B5+l5s=

Using the test PHP script on Magento ( http://www.magentocommerce.com/api/rest/introduction.html )

<?php
/**
 * Example of products list retrieve using admin account via Magento REST
API. oAuth authorization is used
 */
$callbackUrl = "http://localhost:8888/store/oauth_admin.php";
$temporaryCredentialsRequestUrl =
"http://localhost:8888/store/oauth/initiate?oauth_callback=" .
urlencode($callbackUrl);
$adminAuthorizationUrl = 'http://localhost:8888/store/admin/oAuth_authorize';
$accessTokenRequestUrl = 'http://localhost:8888/store/oauth/token';
$apiUrl = 'http://localhost:8888/store/api/rest';
$consumerKey = 'obscured';
$consumerSecret = 'obscured';

session_start();
if (!isset($_GET['oauth_token']) && isset($_SESSION['state']) &&
$_SESSION['state'] == 1) {
   $_SESSION['state'] = 0;
}
try {
   $authType = ($_SESSION['state'] == 2) ? OAUTH_AUTH_TYPE_AUTHORIZATION
: OAUTH_AUTH_TYPE_URI;
   $oauthClient = new OAuth($consumerKey, $consumerSecret,
OAUTH_SIG_METHOD_HMACSHA1, $authType);
   $oauthClient->enableDebug();

  if (!isset($_GET['oauth_token']) && !$_SESSION['state']) {
   $requestToken =
$oauthClient->getRequestToken($temporaryCredentialsRequestUrl);
       $_SESSION['secret'] = $requestToken['oauth_token_secret'];
       $_SESSION['state'] = 1;
       header('Location: ' . $adminAuthorizationUrl . '?oauth_token=' .
$requestToken['oauth_token']);
       exit;
   } else if ($_SESSION['state'] == 1) {
       $oauthClient->setToken($_GET['oauth_token'], $_SESSION['secret']);
       $accessToken =
$oauthClient->getAccessToken($accessTokenRequestUrl);
       $_SESSION['state'] = 2;
       $_SESSION['token'] = $accessToken['oauth_token'];
       $_SESSION['secret'] = $accessToken['oauth_token_secret'];
       header('Location: ' . $callbackUrl);
       exit;
   } else {
       $oauthClient->setToken($_SESSION['token'], $_SESSION['secret']);
       $resourceUrl = "$apiUrl/products";
       $oauthClient->fetch($resourceUrl);
           $productsList = json_decode($oauthClient->getLastResponse());
           print_r($productsList);
       }
    } catch (OAuthException $e) {
       print_r($e);
    }
    ?>

I get the following error:

Notice: Undefined index: state in /Applications/MAMP/htdocs/store/test.php on line 23

Notice: Undefined index: state in /Applications/MAMP/htdocs/store/test.php on line 29
OAuthException Object ( [message:protected] => Invalid auth/bad request (got a 401,         expected HTTP/1.1 20X or a redirect) [string:private] => [code:protected] => 401     [file:protected] => /Applications/MAMP/htdocs/store/test.php [line:protected] => 31 [trace:private] => Array ( [0] => Array ( [file] => /Applications/MAMP/htdocs/store/test.php [line] => 31 [function] => getRequestToken [class] => OAuth [type] => -> [args] => Array ( [0] => http://localhost:8888/store/oauth/initiate?oauth_callback=http%3A%2F%2Flocalhost%3A8888%2Fstore%2Foauth_admin.php ) ) ) [lastResponse] => oauth_problem=signature_invalid&debug_sbs=c3Pb0LJa26al02LJh9hSubXlBs8= [debugInfo] => Array ( [sbs] => GET&http%3A%2F%2Flocalhost%3A8888%2Fstore%2Foauth%2Finitiate&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A8888%252Fstore%252Foauth_admin.php%26oauth_consumer_key%3D41rv8qwkai1og9yp6ragyew5rag5e9oj%26oauth_nonce%3D10898187885101843ed45b24.99726561%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1359053886%26oauth_version%3D1.0 [headers_sent] => GET /store/oauth/initiate?oauth_callback=http%3A%2F%2Flocalhost%3A8888%2Fstore%2Foauth_admin.php&oauth_consumer_key=41rv8qwkai1og9yp6ragyew5rag5e9oj&oauth_signature_method=HMAC-SHA1&oauth_nonce=10898187885101843ed45b24.99726561&oauth_timestamp=1359053886&oauth_version=1.0&oauth_signature=F36aIxyET2XEVXDCJxm4jxGsRPg%3D HTTP/1.1 User-Agent: PECL-OAuth/1.2.3 Host: localhost:8888 Accept: */* [headers_recv] => HTTP/1.1 401 Authorization Required Date: Thu, 24 Jan 2013 18:58:06 GMT Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8r DAV/2 PHP/5.2.17 X-Powered-By: PHP/5.2.17 Content-Length: 70 Content-Type: application/x-www-form-urlencoded [body_recv] => oauth_problem=signature_invalid&debug_sbs=c3Pb0LJa26al02LJh9hSubXlBs8= [info] => About to connect() to localhost port 8888 (#0) Trying ::1... connected Connected to localhost (::1) port 8888 (#0) Connection #0 to host localhost left intact Closing connection #0 ) ) 

As far as I can tell I've done everything correctly, going so far as to completely wipe Magento and doing a fresh install after figuring out how to get Oauth installed. I have no idea what to do next and any help would be greatly appreciated, thanks.

Answer 1

I learned you can't include the port number of a URL for an Oauth Request. The port number gets stripped, so when the keys are compared, they don't match. Changing the port to 80 (so that it doesn't have to be included in the url) solved the problem.

Answer 2

Just override Mage_Oauth_Model_Server::_validateSignature() , on line 52 (magetno CE 1.8.1)

$this->_request->getHttpHost()

and make it :

 $this->_request->getHttpHost(!Mage::getIsDeveloperMode())

This way, if you are in developer mode (set it by SetEnv in your vhost <Directory /> part), the method won't strip the port number, plus it won't change the production environment behavior.

++