Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
  • Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
/mod/lti/ -> OAuth.php (source)

[Source view]

Differences Between: [Versions 310 and 402] [Versions 311 and 402] [Versions 39 and 402] [Versions 400 and 402] [Versions 401 and 402]

This file contains the OAuth 1.0a implementation used for support for LTI 1.1.

Copyright: moodle
License: http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
File Size: 914 lines (30 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 13 classes

OAuthException:: (0 methods):

OAuthConsumer:: (2 methods):
  __construct()
  __toString()

OAuthToken:: (3 methods):
  __construct()
  to_string()
  __toString()

OAuthSignatureMethod:: (1 method):
  check_signature()

OAuthSignatureMethod_HMAC:: (1 method):
  build_signature()

OAuthSignatureMethod_HMAC_SHA1:: (1 method):
  get_name()

OAuthSignatureMethod_HMAC_SHA256:: (1 method):
  get_name()

OAuthSignatureMethod_PLAINTEXT:: (2 methods):
  get_name()
  build_signature()

OAuthSignatureMethod_RSA_SHA1:: (5 methods):
  get_name()
  fetch_public_cert()
  fetch_private_cert()
  build_signature()
  check_signature()

OAuthRequest:: (19 methods):
  __construct()
  from_request()
  from_consumer_and_token()
  set_parameter()
  get_parameter()
  get_parameters()
  unset_parameter()
  get_signable_parameters()
  get_signature_base_string()
  get_normalized_http_method()
  get_normalized_http_url()
  to_url()
  to_postdata()
  to_header()
  __toString()
  sign_request()
  build_signature()
  generate_timestamp()
  generate_nonce()

OAuthServer:: (12 methods):
  __construct()
  add_signature_method()
  fetch_request_token()
  fetch_access_token()
  verify_request()
  get_version()
  get_signature_method()
  get_consumer()
  get_token()
  check_signature()
  check_timestamp()
  check_nonce()

OAuthDataStore:: (5 methods):
  lookup_consumer()
  lookup_token()
  lookup_nonce()
  new_request_token()
  new_access_token()

OAuthUtil:: (6 methods):
  urlencode_rfc3986()
  urldecode_rfc3986()
  split_header()
  get_headers()
  parse_parameters()
  build_http_query()


Class: OAuthException  - X-Ref

Generic exception class

Class: OAuthConsumer  - X-Ref

OAuth 1.0 Consumer class

__construct($key, $secret, $callback_url = null)   X-Ref
No description

__toString()   X-Ref
No description

Class: OAuthToken  - X-Ref

__construct($key, $secret)   X-Ref
key = the token
secret = the token secret


to_string()   X-Ref
generates the basic string serialization of a token that a server
would respond to request_token and access_token calls with


__toString()   X-Ref
No description

Class: OAuthSignatureMethod  - X-Ref

check_signature(&$request, $consumer, $token, $signature)   X-Ref
No description

Class: OAuthSignatureMethod_HMAC  - X-Ref

Base class for the HMac based signature methods.

build_signature($request, $consumer, $token)   X-Ref
Name of the Algorithm used.

return: string algorithm name.

Class: OAuthSignatureMethod_HMAC_SHA1  - X-Ref

Implementation for SHA 1.

get_name()   X-Ref
Name of the Algorithm used.

return: string algorithm name.

Class: OAuthSignatureMethod_HMAC_SHA256  - X-Ref

Implementation for SHA 256.

get_name()   X-Ref
Name of the Algorithm used.

return: string algorithm name.

Class: OAuthSignatureMethod_PLAINTEXT  - X-Ref

get_name()   X-Ref
Name of the Algorithm used.

return: string algorithm name.

build_signature($request, $consumer, $token)   X-Ref
No description

Class: OAuthSignatureMethod_RSA_SHA1  - X-Ref

get_name()   X-Ref
Name of the Algorithm used.

return: string algorithm name.

fetch_public_cert(&$request)   X-Ref
No description

fetch_private_cert(&$request)   X-Ref
No description

build_signature(&$request, $consumer, $token)   X-Ref
No description

check_signature(&$request, $consumer, $token, $signature)   X-Ref
No description

Class: OAuthRequest  - X-Ref

__construct($http_method, $http_url, $parameters = null)   X-Ref
No description

from_request($http_method = null, $http_url = null, $parameters = null)   X-Ref
attempt to build up a request from what was passed to the server


from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = null)   X-Ref
pretty much a helper function to set up the request


set_parameter($name, $value, $allow_duplicates = true)   X-Ref
No description

get_parameter($name)   X-Ref
No description

get_parameters()   X-Ref
No description

unset_parameter($name)   X-Ref
No description

get_signable_parameters()   X-Ref
The request parameters, sorted and concatenated into a normalized string.

return: string

get_signature_base_string()   X-Ref
Returns the base string of this request

The base string defined as the method, the url
and the parameters (normalized), each urlencoded
and the concated with &.

get_normalized_http_method()   X-Ref
just uppercases the http method


get_normalized_http_url()   X-Ref
Parses {@see http_url} and returns normalized scheme://host/path if non-empty, otherwise return empty string

return: string

to_url()   X-Ref
builds a url usable for a GET request


to_postdata()   X-Ref
builds the data one would send in a POST request


to_header()   X-Ref
builds the Authorization: header


__toString()   X-Ref
No description

sign_request($signature_method, $consumer, $token)   X-Ref
No description

build_signature($signature_method, $consumer, $token)   X-Ref
No description

generate_timestamp()   X-Ref
util function: current timestamp


generate_nonce()   X-Ref
util function: current nonce


Class: OAuthServer  - X-Ref

__construct($data_store)   X-Ref
No description

add_signature_method($signature_method)   X-Ref
No description

fetch_request_token(&$request)   X-Ref
process a request_token request
returns the request token on success


fetch_access_token(&$request)   X-Ref
process an access_token request
returns the access token on success


verify_request(&$request)   X-Ref
verify an api call, checks all the parameters


get_version(&$request)   X-Ref
version 1


get_signature_method(&$request)   X-Ref
figure out the signature with some defaults


get_consumer(&$request)   X-Ref
try to find the consumer for the provided request's consumer key


get_token(&$request, $consumer, $token_type = "access")   X-Ref
try to find the token for the provided request's token key


check_signature(&$request, $consumer, $token)   X-Ref
all-in-one function to check the signature on a request
should guess the signature method appropriately


check_timestamp($timestamp)   X-Ref
check that the timestamp is new enough


check_nonce($consumer, $token, $nonce, $timestamp)   X-Ref
check that the nonce is not repeated


Class: OAuthDataStore  - X-Ref

lookup_consumer($consumer_key)   X-Ref
No description

lookup_token($consumer, $token_type, $token)   X-Ref
No description

lookup_nonce($consumer, $token, $nonce, $timestamp)   X-Ref
No description

new_request_token($consumer)   X-Ref
No description

new_access_token($token, $consumer)   X-Ref
No description

Class: OAuthUtil  - X-Ref

urlencode_rfc3986($input)   X-Ref
No description

urldecode_rfc3986($string)   X-Ref
No description

split_header($header, $only_allow_oauth_parameters = true)   X-Ref
No description

get_headers()   X-Ref
No description

parse_parameters($input)   X-Ref
No description

build_http_query($params)   X-Ref
No description