Authorization url gives me 404 and cors

Question

Authorization url gives me 404 and cors

daav7713 opened this issue 6 years ago · 5 comments

I am trying to access the authentication page using oauth1, I get the authorization url but when trying to do a redirect (with php header ('Location: $ url')) it shows me a 404 error and a CORS error.

Any advice?

Answer 1 · 2020-03-19T16:33:52.000Z

This is an intentional security feature of our authentication flow (and OAuth in general). It would be bad if Javascript were able to access the authorization page without the user's knowledge.

In order to complete the OAuth 1 flow, you must direct the browser itself, not an AJAX request, to the authorization URL. Once the user authorizes your app, we will redirect the browser back to the callback URL you registered, per the standard OAuth 1.0/a flow, which you can read about more here (or Google around, there are plenty of articles :) )

Hope this helps!

Answer 2 · 2020-03-19T17:16:39.000Z

Hello, the error occurs when I am trying to redirect the user to the authorization page when I have already obtained the request token through an oauth1 library called RISAN, with php, I am not making any ajax request or using javascript.

Answer 3 · 2020-03-19T17:25:39.000Z

// this is my code

    $signer = new Risan\OAuth1\Signature\HmacSha1Signer();
    $oauth1 = Risan\OAuth1\OAuth1Factory::create([
        'client_credentials_identifier' => $this->consumer_key,
        'client_credentials_secret' => $this->consumer_secret,
        'temporary_credentials_uri'     => 'https://secure.splitwise.com/oauth/request_token',
        'authorization_uri'             => 'https://secure.splitwise.com/oauth/authorize',
        'token_credentials_uri'         => 'https://secure.splitwise.com/oauth/access_token',
        'callback_uri' => $this->consumer_callback,
    ],$signer);
    //
    $temporaryCredentials = $oauth1->requestTemporaryCredentials();
    // Store the temporary credentials in session.
    $_SESSION['temporary_credentials'] = serialize($temporaryCredentials);


    // // STEP 2: Generate and redirect user to authorization URI.
    $authorizationUri = $oauth1->buildAuthorizationUri($temporaryCredentials);
    // var_dump($authorizationUri);
    header("Location: {$authorizationUri}");
    //header("LOCATION: http://www.google.com"); exit();
    exit();

Answer 4 · 2020-03-19T17:41:48.000Z

@daav7713 I understand that your PHP server may be redirecting clients to the authorization URI, but in this case the client appears to be an XMLHttpRequest, which is why you're getting that CORS error. I'm happy to help if our OAuth flow is broken, but unfortunately I can't help debug your application.

Answer 5 · 2020-03-19T17:43:40.000Z

thanks @jas14 , i belive that the problem its that the code its runnig on the checkout process on a wordpress ajax call.