0

Hi I'm trying to setup a PHP CURL call using OAuth1 authorization method.

I've tried with POSTMAN 1st, to generate the PHP code. I've completed it with the necessary datas

<?php
$conskey = 'XXXXXXX';
$conssec = 'XXXXXXX';
$nonce     = mt_rand();
$timestamp = time();
$url = 'https://some-website/api/project/subproject';
$method = 'POST';

$oauth = new OAuth($conskey, $conssec, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION);
$oauth->setNonce($nonce);
$oauth->setTimestamp($timestamp);
$signatureOAuth = $oauth->generateSignature($method,  $url);

$curl = curl_init($url);

curl_setopt_array($curl, array(
    CURLOPT_URL => $url.'?oauth_consumer_key='.$conskey.
        '&oauth_signature_method=HMAC-SHA1&oauth_timestamp='.$timestamp.
        '&oauth_nonce='.$nonce.
        '&oauth_version=1.0&oauth_signature='.$signatureOAuth,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => $jsonDatas,
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
// THE COOKIE I WANNA GET
        'Cookie: SSESSd4f3e89d4699e1d1a071aa37eab4fcEd=DWS4UqpaykI2y7q-HJXEzGN82AKHQYnWo5hbsqkAqiQ' 
    ),
));

$result = curl_exec($curl);
curl_close($curl);

But I've noticed that there's the cookie in the CURLOPT_HTTPHEADER entry but I don't have any idea how POSTMAN generate this cookie.

Without this cookie or with a dumb string, the CURL response is always Invalid Signature

skytorner
  • 405
  • 2
  • 8
  • 19
  • Maybe use a [cookie jar](https://stackoverflow.com/questions/30760213/save-cookies-between-two-curl-requests)? – apokryfos Feb 25 '22 at 10:25
  • I've take a look at it but I don't understand how I can send the request without having the cookies 1st ? – skytorner Feb 25 '22 at 11:16
  • https://learning.postman.com/docs/sending-requests/cookies/ If you read this it might be helpful – İbrahim Mar 01 '22 at 10:59
  • @İbrahim thanks, I did! but i dont see any part concerning the retrieve/generation of the cookie value. Just how to set cookie using POSTMAN. Did I miss something in the doc ? – skytorner Mar 01 '22 at 11:09
  • I'm not really sure if postman is generating those cookies on their own. I would say that you had to do the call to the API previously and within that previous response cookie was created. For each subsequent request Postman is adding this cookie, as the browser would do. It's server that is asking to create a cookie on a client side by [Set-Cookie header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie). – piotr.gradzinski Mar 02 '22 at 20:28
  • Postman doesn't generate cookies for you. you either did some prior GET requests to the website where postman recieved cookies, or gave the cookies to postman somehow. – hanshenrik Mar 04 '22 at 16:17
  • show us the actual url and we can probably help you. – hanshenrik Mar 04 '22 at 16:17

1 Answers1

3

Postman is not generating cookies for you, and neither is curl/php. you either did some prior requests (usually GET to get cookies) requests to the website where you received some cookies, or gave the cookies to postman some other way.

since you're not showing us the real url, we can only speculate, but to take an example, here is how to get a session cookie for stackoverflow.com:

<?php
$ch=curl_init();
curl_setopt_array($ch,array(
  CURLOPT_COOKIEFILE => "", // setting it to empty activates the curl cookie engine (its disabled by default.),
  CURLOPT_URL => "https://stackoverflow.com/",
  CURLOPT_RETURNTRANSFER => true,
));
$html=curl_exec($ch);
$cookies = (function($cookielist):array{
  $cookies = array();
  foreach($cookielist as $cookie_raw) {
      $chunks = explode("\t", $cookie_raw);
      //var_dump($chunks);
      $cookie['domain'] = $chunks[0];
      $cookie['secure'] = $chunks[1];
      $cookie['path'] = $chunks[2];
      $cookie['???todo_wtf_is_this'] = $chunks[3];
      $cookie['expiration'] = $chunks[4];
      $cookie['name'] = $chunks[5];
      $cookie['value'] = $chunks[6];
      $cookies[] = $cookie;
  }
  return $cookies;
})(curl_getinfo($ch, CURLINFO_COOKIELIST));
var_export($cookies);

prints something like

array (
  0 =>
  array (
    'domain' => '#HttpOnly_.stackoverflow.com',
    'secure' => 'TRUE',
    'path' => '/',
    '???todo_wtf_is_this' => 'FALSE',
    'expiration' => '2682374400',
    'name' => 'prov',
    'value' => '9c06f038-9f70-bee8-2a64-b095656175d1',
  ),
)

which could be used like

// THE COOKIE I WANNA GENERATE
        'Cookie: '. $cookies[0]["name"].'='.$cookies[0]["value"]

but this is very rarely done, usually you'd just use curl's built-in cookie engine to handle cookies automatically..

hanshenrik
  • 19,904
  • 4
  • 43
  • 89