New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Description
In the Twitter API...
The following code:
$url = $endpoint . '?' . 'response_type=' . 'code'
. '&client_id=' . $client_id
. '&redirect_uri=' . rawurlencode[$redirect_uri]
. '&scope=' . rawurlencode[$scope]
. '&state=' . $state
. '&code_challenge=' . $code_challenge
. '&code_challenge_method=' . 'plain';
$ch = curl_init[];
curl_setopt[$ch, CURLOPT_URL,$url];
curl_setopt[$ch, CURLOPT_RETURNTRANSFER, true];
curl_setopt[$ch, CURLOPT_HTTPGET, true];
but this one doesnt work…and in my opinion should work:
$params = array['response_type' => 'code',
'client_id' => $client_id,
'redirect_uri' => rawurlencode[$redirect_uri],
'scope' => rawurlencode[$scope],
'state' => $state,
'code_challenge' => $code_challenge,
'code_challenge_method' => 'plain' ];
$url = $endpoint . '?' . http_build_query[$params];
$ch = curl_init[];
curl_setopt[$ch, CURLOPT_URL,$url];
curl_setopt[$ch, CURLOPT_RETURNTRANSFER, true];
curl_setopt[$ch, CURLOPT_HTTPGET, true];
Resulted in this output:
The first call co curl works, but the second doesnt..
But I expected this output instead:
Both requests are equivalent, so they have to return the same....
PHP Version
PHP 7.4
Operating System
No response
Don't double-encode params and it should work fine. i.e. Don't use rawurlencode when using http_build_query
I have to rawencode scope, because scope is something like:
$scope="tweet.read users.read offline.access";
if i dont encode its something like:
&scope=tweet.read%2520users.read%2520offline.access
Which twitter api doesnt work. So i have to transform somehow scope.
@ejgutierrez74 As
@kamil-tekiela mentioned, http_build_query encodes your input.
//3v4l.org/Oakob#v8.1.1
// These two are roughly equivalent [single encoding] var_dump[http_build_query[[ 'scope' => 'tweet.read users.read offline.access', ]]]; //> string[42] "scope=tweet.read+users.read+offline.access" var_dump['scope=' . urlencode['tweet.read users.read offline.access']]; //> string[42] "scope=tweet.read+users.read+offline.access" // These two are roughly equivalent [double encoding] var_dump[http_build_query[[ 'scope' => urlencode['tweet.read users.read offline.access'], ]]]; //> string[46] "scope=tweet.read%2Busers.read%2Boffline.access" var_dump['scope=' . urlencode[urlencode['tweet.read users.read offline.access']]]; //> string[46] "scope=tweet.read%2Busers.read%2Boffline.access"
To get the same encoding behavior as rawurlencode you can also pass specify the $encoding_type parameter. //www.php.net/manual/en/function.http-build-query.php
//3v4l.org/65Aer#v8.1.1
var_dump[http_build_query[[
'scope' => 'tweet.read users.read offline.access',
], encoding_type: PHP_QUERY_RFC3986]];
//> string[46] "scope=tweet.read%20users.read%20offline.access"Do these options work for you?
Not at all, because twitter api works that only scope should be rawurlencoded, not the other params.
So http_build_query would urlencode all the params not only scope.
Ive asked in twitter forums that allow also this kind of query:
&scope=tweet.read%2520users.read%2520offline.access
they
are going to think about it ;]
So the correct code should be as pointed before only scope and redirect_uri should be encoded, not all the query:
params = array['response_type' => 'code',
'client_id' => $client_id,
'redirect_uri' => rawurlencode[$redirect_uri],
'scope' => rawurlencode[$scope],
'state' => $state,
'code_challenge' => $code_challenge,
'code_challenge_method' => 'plain' ];
$url = $endpoint . '?' . http_build_query[$params];
Im following this tutorial://developer.twitter.com/en/docs/authentication/oauth-2-0/authorization-code
Authorize URL
With OAuth 2.0, you create an authorize URL, which you can use to allow a user to authenticate via an authentication flow, similar to “Sign In” with Twitter.
An example of the URL you are creating is as follows, where my redirect url should be: //votacionya.000webhostapp.com/callback/logintwitter.php:
//twitter.com/i/oauth2/authorize?response_type=code&client_id=cFo1S1g4azUweVJzWFBBcEx1LVE6MTpjaQ&redirect_uri=https%3A%2F%2Fvotacionya.000webhostapp.com%2Fcallback%2Flogintwitter.php &scope=tweet.read%20users.read%20follows.read+follows.write%20offline.access&state=state&code_challenge=NWRFR2hCRWU%3D&code_challenge_method=plain
%2520 is double encoded space, once from rawurlencode and once from http_build_query.
Not at all, because twitter api works that only scope should be rawurlencoded, not the other params.
Any parameters can be encoded with urlencode - tweeter api doesn't care about that. The
plus sign might be problematic, but this can be solved with PHP_QUERY_RFC3986 as mentioned above. Try following code and make sure it really doesn't work:
$params = array['response_type' => 'code', 'client_id' => $client_id, 'redirect_uri' => $redirect_uri, 'scope' => $scope, 'state' => $state, 'code_challenge' => $code_challenge, 'code_challenge_method' => 'plain' ]; $url = $endpoint . '?' . http_build_query[$params, "", null, PHP_QUERY_RFC3986]; $ch = curl_init[]; curl_setopt[$ch, CURLOPT_URL,$url]; curl_setopt[$ch, CURLOPT_RETURNTRANSFER, true]; curl_setopt[$ch, CURLOPT_HTTPGET, true];
You can also use composer package like: abraham/twitteroauth
No feedback was provided. The issue is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so. Thank you.