3

I am using the league\oauth2-server and have it working perfectly when I am using the GET http verb.

However when doing a PUT request I am getting hit with

Call to undefined method League\OAuth2\Server\Util\Request::PUT()

The specific code that is throwing this error is a function Server/Resource.php file 

$accessToken = $this->getRequest()->{$method}($this->tokenKey);

From the function

protected function determineAccessToken($headersOnly = false)
{
    if ($header = $this->getRequest()->header('Authorization')) {
        // Check for special case, because cURL sometimes does an
        // internal second request and doubles the authorization header,
        // which always resulted in an error.
        //
        // 1st request: Authorization: Bearer XXX
        // 2nd request: Authorization: Bearer XXX, Bearer XXX
        if (strpos($header, ',') !== false) {
            $headerPart = explode(',', $header);
            $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $headerPart[0]));
        } else {
            $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
        }
        $accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
    } elseif ($headersOnly === false) {
        $method = $this->getRequest()->server('REQUEST_METHOD');
        $accessToken = $this->getRequest()->{$method}($this->tokenKey);
    }

    if (empty($accessToken)) {
        throw new Exception\InvalidAccessTokenException('Access token is missing');
    }

    return $accessToken;
}

I am using the POSTMAN request client to test the requests Postman Request

Hailwood
  • 89,623
  • 107
  • 270
  • 423

2 Answers2

0

Its throwing that error because PUT requests for the web service are not allowed. And that makes sense because you really should never need to do a PUT request for an OAuth2 request. PUT tells the RESTful service on the other end you are trying to update a specific entity. OAuth2 has no entities to update, only to retrieve.

Perhaps a better understanding of what you are trying to do might explain why you are using a PUT, but for OAuth2 it should always be a GET request.

Gareth McCumskey
  • 1,510
  • 7
  • 12
  • I am doing all the authentication through oauth for getting the token etc previously correctly. The code there is a generic request to the API specifically a put request to `/v1/users/1` hence I am trying to update the user. I actually managed to get it functioning correctly by using a bearer authorization header instead of passing the token through the query parameters. – Hailwood Sep 20 '13 at 10:47
0

if you set the 'http_headers_only' setting to true and send the token in the correct header, it should work.

By correct HTTP header I mean "Authorization: Bearer " instead of access_token: that can be seen in your postman screenshot. Also please note that "Authorization" is the key and the value consists of both "Bearer" keyword and your token, separated by a space character.

rioted
  • 1,076
  • 13
  • 24