Using OAuth getRequestHeader:
$consumerKey = $this->config[self::PARAM_OAUTH][self::PARAM_CONSUMER_KEY];
$consumerSecret = $this->config[self::PARAM_OAUTH][self::PARAM_CONSUMER_SECRET];
$timestamp = time();
$nonce = md5(microtime());
$oAuthVariables = [];
$oAuthVariables[self::FIELD_OAUTH_CONSUMER_KEY] = $consumerKey;
$oAuthVariables[self::FIELD_OAUTH_NONCE] = $nonce;
$oAuthVariables[self::FIELD_OAUTH_SIGNATURE_METHOD] =
self::OAUTH_SIGNATURE_METHOD;
$oAuthVariables[self::FIELD_OAUTH_TIMESTAMP] = $timestamp;
$oAuthVariables[self::FIELD_OAUTH_VERSION] = self::OAUTH_VERSION;
$oauth = new \OAuth($consumerKey, $consumerSecret);
$oauth->setTimestamp($timestamp);
$oauth->setNonce($nonce);
$oauth->setVersion(self::OAUTH_VERSION);
return $oauth->getRequestHeader(strtoupper($httpMethod), $endpointUrl,
$oAuthVariables); // $oAuthVariables aren't required, really
Using hash_hmac (without OAuth):
$consumerKey = $this->config[self::PARAM_OAUTH][self::PARAM_CONSUMER_KEY];
$consumerSecret = $this->config[self::PARAM_OAUTH][self::PARAM_CONSUMER_SECRET];
// define params that will be used either in Authorization header, or as url
query params, excluding 'oauth_signature'
$params = array(
'oauth_consumer_key' => $consumerKey,
'oauth_nonce' => uniqid(mt_rand(1, 1000)),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => time(),
'oauth_version' => '1.0',
);
// define HTTP method
$method = 'POST';
// start making the signature
ksort($params); // @see
Zend_Oauth_Signature_SignatureAbstract::_toByteValueOrderedQueryString() for
more accurate sorting, including array params
$sortedParamsByKeyEncodedForm = array();
foreach ($params as $key => $value) {
$sortedParamsByKeyEncodedForm[] = rawurlencode($key) . '=' .
rawurlencode($value);
}
$strParams = implode('&', $sortedParamsByKeyEncodedForm);
$signatureData = strtoupper($method) // HTTP method (POST/GET/PUT/...)
. '&'
. rawurlencode($endpointUrl) // base resource url - without port & query params
& anchors, @see how Zend extracts it in
Zend_Oauth_Signature_SignatureAbstract::normaliseBaseSignatureUrl()
. '&'
. rawurlencode($strParams);
$key = rawurlencode($consumerSecret) . '&';
$signature = base64_encode(hash_hmac('SHA1', $signatureData, $key, 1));
// end making signature
return 'OAuth '
. 'oauth_consumer_key="' . $params['oauth_consumer_key'] . '",'
. 'oauth_nonce="' . $params['oauth_nonce'] . '",'
. 'oauth_signature_method="' . $params['oauth_signature_method'] . '",'
. 'oauth_signature="' . rawurlencode($signature) . '",'
. 'oauth_timestamp="' . $params['oauth_timestamp'] . '",'
. 'oauth_version="' . $params['oauth_version'] . '"';
The most important thing is to strtoupper the HTTP method
programowanie.abedo.pl © 2025