On Wed, Mar 19, 2014 at 3:20 PM, Magnus Manske magnusmanske@googlemail.comwrote:
Hi Brad,
I'm sure that's correct, but:
- When I just sign the OAuth params (no content type, no POST fields), I
get "The authorization headers in your request are not valid: Invalid signature"
- When I then add the content-type to the header, I get ... the API help
page, wrapped in the XML tag <error code="help" info="" xml:space="preserve"> (even though I am querying JSON...)
Apologies if this gets too detailed for the mailing list, it's just very frustrating :-(
It's wikitech, code talk should be expected ;)
I've taken the example code at < https://tools.wmflabs.org/oauth-hello-world/index.php?action=download%3E and changed it to use a multipart/form-data POST; this new version is at < https://tools.wmflabs.org/oauth-hello-world/multipart-formdata.php?action=do.... You'll notice only two changes to the code.
The first (and the important one) is that the call to sign_request() from doApiQuery() only passes the OAuth header fields, not the post fields.
The second is that the call to curl_setopt for CURLOPT_POSTFIELDS from doApiQuery() passes the $post array directly instead of first converting it to a string with http_build_query(). This is what makes curl (or PHP's implementation of it) use multipart/form-data rather than application/x-www-form-urlencoded.
Besides some config and doc changes, everything else remains the same.
I hope this helps.