Can't make OAuth work in Drupal 6 / Services 3

Question

I'm working on a project and the client requested i use OAuth to protect some custom services I've built. I've got everything working perfectly using no authentication and session authentication, but using OAuth makes the whole thing fall apart. I haven't been able to find any really good step by step tutorials.

Basically I've got the Services 6.x-3.1 and OAuth 6.x-3.0-beta4 modules installed on D6. I created an oauth context using this documentation. Then I setup a dummy user because I only want to create one set of consumer credentials for all of my clients. I assigned the context to the user and to the service. I'm using http://mydomain/oauth/authorized as the callback url.

To test I connect using http://term.ie/oauth/example/client.php. I use the endpoint http://mydomain/oauth/request_token. I add the response tokens to the appropriate fields. Then I change the endpoint to http://mydomain/oauth/authorize. It takes me to a page where I have to click to allow the connection. I'm taken to the http://mydomain/oauth/authorized page where I get a success message.

Now I change the endpoint to http://mydomain/oauth/access_token and I get a response with a new token. According to these instructions, I replace the new access tokens and change the endpoint to http://mydomain/myserviceendpoint. It connects using a GET request and returns

401 Unauthorized: The consumer is not authorized to access this service.

It feels like I'm missing something. There is only one context in the system and it's assigned to both the consumer and the service. The consumer key and secret are part of the final url along with the access token. I've looked at permissions and I can't find anything out of place. I even changed my service to just return TRUE for the hook_services_access to bypass permissions.

Any ideas?

Answer 1

First you must understand the difference between the two.

1. first the session authentication takes a user name and password and authenticates. Then it takes the user permissions from drupal so you need to authenticate in each step to go through your application that communicate with your drupal. Anonymous users can get what they want according to your permission in drupal.

2. While in Aouth authentication you create a user and add token to him and only the user who had the token communicate with the application according to the permission rule you set to him . In case of anonymous users they can't retrieve or get anything. The communication between drupal and the client within the created used with a certain token.

3. Finally: goto user page and create a user and give him the application name also token and in your application code give the token to application and authenticate with the newly created user.

You must check your permissions to the newly created user.

Check this link