400 error: Invalid auth/bad request

[matlev]

Calling getRequestToken() is returning a 400 error when trying to connect to Intuit Quickbooks.

try {
  $oauth = new OAuth($consumer_key, $consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
  $oauth->enableDebug();
  $oauth->disableSSLChecks();
  
  // Currently throwing an exception every time (400 code) 
  $request_token = $oauth->getRequestToken($request_url, $callback_url);

  // Never gets executed
  print_r($request_token, TRUE);
}
catch (OAuthException $e) {
  print($e->getMessage());
  exit();
}

[vclayton]

Thanks for the report. I've had issues with getRequestToken before but couldn't get enough info out of the pecl source code to figure out what was different.

Are you able to run the same code using the native pecl OAuth extension?

[matlev]

Yeah, running pecl OAuth 1.2.3 it works fine. I've done some digging, one person suggested that the 'Content-Length: 0' header needs to be passed with the CURL request. Dumping the url with the oauth request parameters and putting it into the browser returns 'oauth_problem=signature_invalid'. Also, is there any reason why you're attaching '.'.time() to the oauth_nonce?

[vclayton]

I've copied and pasted your test code and haven't seen it fail using either php56+oauth-1.2.3, php7+oauth2.0.1, or unpecl-oauth with either php56 or php7. The only 400-level error code I got was when I had the wrong consumer_key or consumer_secret, which resulted in an 'Invalid auth/bad request' 401. Have you gotten any more info about why it's failing? Does the test suite pass for you?

Also, you're right, nonce doesn't need time().