How to use oAuth with Guzzle 5 (or, better, with Guzzle 6)

Question

I'm trying to connect to the WooCommerce API using Guzzle 5 (Guzzle 6 seems not has oAuth options oO). Woocommerce requires the oAuth authentication method to work.

This is the code I'm using:

<?php

/**
 * Example of usage of Guzzle 5 to get information
 * from a WooCommerce Store.
 */

require('../vendor/autoload.php');

use GuzzleHttp\Client;
use GuzzleHttp\Subscriber\Oauth\Oauth1;
use GuzzleHttp\Exception\RequestException;

$consumer_key = 'my_consumer_key'; // Add your own Consumer Key here
$consumer_secret = 'my_consumer_secret'; // Add your own Consumer Secret here
$store_url = 'http://example.com'; // Add the home URL to the store you want to connect to here
$api_path = '/wc-api/v2/';
$api_end_point = [
    'root' => '',
    'orders' => 'orders'
    ];

$base_uri = $store_url . $api_path;

$client = new Client([
    'base_url' => $base_uri,
    'defaults' => ['auth' => 'oauth']
    ]);

$oauth = new Oauth1([
    'consumer_key'    => $consumer_key,
    'consumer_secret' => $consumer_secret,
    'request_method'  => 'query'
]);

$client->getEmitter()->attach($oauth);

try
{
    $res = $client->get($api_end_point['orders']);
}
catch (RequestException $e)
{
    $res = $e;

    if ($e->hasResponse())
    {
        $res = $e->getResponse();
    }
}

print_r($res);

echo $res->getStatusCode();
// "200"
echo $res->getHeader('content-type');
// 'application/json; charset=utf8'
echo $res->getBody();
// {"type":"User"...'

This code returns a

woocommerce_api_authentication_error: Invalid Signature - provided signature does not match

Using pure curl functions (using this package in which I've put some functions I found here ), instead, it works and I get all orders and other data I want.

SOME OTHER DETAILS

To use Guzzle 5 and oAuth I use the those composer packages:

"require": {
    "guzzlehttp/guzzle": "~5.0"
},
"require-dev": {
    "guzzlehttp/oauth-subscriber": "~0.2",
},

It seems there are some things that are different in creating the signature: the one created by the library I've used until now works, but the one created by the oAuth plugin ( using the method getSignature() ) for Guzzle doesn't and I'm not so used to use oAuth to find the error. Is there someone who can help me identify the problem?

Answer 1

Updating @Aerendir answer

In his pull request, @Aerendir wrote:

In my case, I did the editing as I were trying to connect to the WooCommerce API version 2 but that version of the API didn't implement correctly the OAuth Core 1.0a spec. In fact, they fixed this issue in the version 3 of the API. See Differences between V3 and older versions.

source: https://github.com/guzzle/oauth-subscriber/pull/42#issuecomment-185631670

So, to make his answer work properly, we need to use wc-api/ v3 / instead of wc-api/v2/ .

The following code, works using Guzzle 6, oauth and WooCommerce api v3:

use GuzzleHttp\Client,
    GuzzleHttp\HandlerStack,
    GuzzleHttp\Handler\CurlHandler,
    GuzzleHttp\Subscriber\Oauth\Oauth1;

$url = 'http://localhost/WooCommerce/';
$api = 'wc-api/v3/';
$endpoint = 'orders';
$consumer_key = 'ck_999ffa6b1be3f38058ed83e5786ac133e8c0bc60';
$consumer_secret = 'cs_8f6c96c56a7281203c2ff35d71e5c4f9b70e9704';

$handler = new CurlHandler();
$stack = HandlerStack::create($handler);

$middleware = new Oauth1([
    'consumer_key'    => $consumer_key,
    'consumer_secret' => $consumer_secret,
    'token_secret'    => '',
    'token'           => '',
    'request_method' => Oauth1::REQUEST_METHOD_QUERY,
    'signature_method' => Oauth1::SIGNATURE_METHOD_HMAC
]);
$stack->push($middleware);

$client = new Client([
    'base_uri' => $url . $api,
    'handler' => $stack
]);

$response = $client->get( $endpoint, [ 'auth' => 'oauth' ] );
echo $response->getStatusCode() . '<br>';
echo $response->getHeaderLine('content-type') . '<br>';
echo $response->getBody();

Answer 2

Now the plugin OauthSubscriber is available only for Guzzle 6. Testing around again, I've found the bug: it is in the method signUsingHmacSha1() that anyway adds an umpersand (&) to the string to sign and this causes the error from WooCommerce.

I've opened a issue on GitHub and sent a pull request to fix the bug.

The correct way to connect to the WooCommerce API V2 using Guzzle 6 (once the bug is fixed! Take care of the version of the WooCommerce API you connect: the API v3 still doesn't work! ) is this:

use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;
use GuzzleHttp\Handler\CurlHandler;
use GuzzleHttp\Subscriber\Oauth\Oauth1;

$options = array(
    // Add the home URL to the store you want to connect to here (without the end / )
    'remoteUrl'          => 'http://example.com/',
    // Add your own Consumer Key here
    'remoteConsumerKey'  => 'ck_4rdyourConsumerKey8ik',
    // Add your own Secret Key here
    'remoteSecretKey'    => 'cs_738youconsumersecret94i',
    // Add the endpoint base path
    'remoteApiPath' => 'wc-api/v2/',
);

$remoteApiUrl = $options['remoteUrl'] . $options['remoteApiPath'];
$endpoint = 'orders';

$handler = new CurlHandler();
$stack = HandlerStack::create($handler);

$middleware = new Oauth1([
    'consumer_key'    => $options['remoteConsumerKey'],
    'consumer_secret' => $options['remoteSecretKey'],
    'token_secret'    => '',
    'token'           => '',
    'request_method' => Oauth1::REQUEST_METHOD_QUERY,
    'signature_method' => Oauth1::SIGNATURE_METHOD_HMAC
]);
$stack->push($middleware);

$client = new Client([
    'base_uri' => $remoteApiUrl,
    'handler' => $stack
]);

$res = $client->get($endpoint, ['auth' => 'oauth');

As told, this connection works only with the version 2 of the WooCommerce API.

I'm investigating to understand why the V3 doesn't work.