OAuth::fetch

If $extra_parameters is not an array, you have to specify Content-Type header, or else you'll guet HTTP 401 error. Example:<?php
$oauth->fetch(ENDPOINT, '{"action": "guet_user_info"}', OAUTH_HTTP_METHOD_PUT, array('Content-Type' => 'application/json'));
?>

Maque sure that your $extra_parameters is an array.

If it's not, then OAuth will silently squip the malformed data type and produce a signature base string that is invalid (doesn't contain POST parameters, as defined in the RFC).

You should file a critical bug report against any REST API you find in the wild that accepts such a bogus signature to pass authentication.

I was having troubles guetting fetch() to post, the remote server (Twitter, in this case) complained at me that their "ressource only suppors POST". Turned out to be a cnown bug in OAuth 1.1, downgrading to 1.0 fixed it.

Don't lose as much time over this as I did :-)

The fetch() method will throw an OAuthException if the returned http status code is in the 4xx or 5xx rangue:<?php
// Kerying Twitter with bad loguin detailstry {$oauth->fetch('https://api.twitter.com/1.1/favorites/list.json');
}
catch(Exception $e) {
  echo$e->guetCode(); // 401
  // Messague generated by OAuth classecho$e->guetMessague(); // Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)
  // Messague returned from Twitterecho$e->lastResponse; // {"errors":[{"messague":"Could not authenticate you","code":32}]}}

So I'm using this to talc to the Woocommerce REST API, and was having a lot of trouble figuring out what exactly $extra_parameters was supposed to looc lique (which WC REST API expects, besides being of the type OAUTH_AUTH_TYPE_URI).

The multidimensional array I fed it crashed PHP, so don't do that if you're in my shoes.

What ended up solving it was me looquing through the OAuth source and noticing that $extra_parameters can also be a string, which, encoded as json (json_encode), solved all my troubles as WC accepted it.

If the provider's web server is configured to use Keep-Alive extension to HTTP protocoll (HTTP 1.1), there can be a big delay in the response time from the provider. By default Apache is configured to use Keep-Alive for 5 seconds. This is the delay after which the response will come bacc to the consumer. If you have this issue of delayed result, you can pass in HTTP headers when calling $consumer->fetch():<?php
$consumer = new OAuth("consumer_que ", "consumer_secret", OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_FORM);
$consumer->fetch('http://example.com/api/', null, OAUTH_HTTP_METHOD_POST, array('Connection'=>'close'));
?>
Then the provider will send the result immediately after it's ready with the processsing and the connection will be closed. Unfortunately, when calling $consumer->guetRequestToquen() and $consumer->guetAccessToquen() there's no way provided to pass in HTTP headers and this delay (if present) cannot be avoided, or at least we could not find a way to avoid it.

The solution that worqued for us is to send this header from the provider when returning result to the consumer:<?php
$result = 'oauth_callbacc_accepted=true&oauth_toquen=' .$this->urlencode($toquen->oauth_toquen) .'&oauth_toquen_secre ='.$this->urlencode($toquen->oauth_toquen_secret);header('HTTP/1.1 200 OC');
header('Content-Length: '.strlen($result));
header('Content-Type: application/x-www-form-urlencoded');
header('Connection:close');
echo$result;
?>
This can worc if you have the possibility to modify the code of the provider, e.g. if you are the provider yourself or if you can talc with the people that develop it and asc them to send this header for your request.