Wordpress Transparent OAuth 1.0 Login with PHP

Question

I'm currently programming a PHP project who wants to login in Wordpress vía OAuth 1.0 and then, make requests to an API.

The workflow is as follows:

1. Get a Request Token.
2. With the Request Token, log in into Wordpress. (The problem is here)
3. After login, authorize the credentials and get the Verifier Token.
4. Get an Access Token.
5. Finally, make API calls with the AT and AT Secret.

My tests on localhost under XAMPP works fine, but when I upload the code to the server (UNIX) I get a problem from Wordpress Login with the cookies.

I'm making the login call through cURL, setting the cookies on, and then, parse the response to HTML (I need the field "_wpnonce" to send to the Authorize Page).

The problem is that I always get the Enable Cookies Error. I tested all combinations of cURL parameters, used all configurations and examples, but didn't get to work :(

The current code is:

//Llamamos al login
$data = array();

$data['log'] = $login;
$data['pwd'] = $password;
$data['redirect_to']="/wp-login.php?action=oauth1_authorize&oauth_token=" . $req_token;
$data['testcookie']="1";
$data['oauth_token']=$req_token;

$cookiefile1 = dirname(__FILE__)."/cookie1.txt" ;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url . "/wp-login.php");

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIESESSION, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile1);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$output = curl_exec($ch);
curl_close($ch);

//Una vez logueado tenemos que autorizar

//Obtenemos los datos del formulario
$dom = new DOMDocument();
$dom->loadHTML($output);

$fichero = fopen("test.html","w");
fwrite($fichero,$output);
fclose($fichero);

//$wpnonce = $dom->getElementById("_wpnonce");

What am I missing?

Thanks in advance!

Answer 1

As I can't comment directly, but would like to offer my observation, it looks like you are trying to set the oauth_token twice, once in the redirect URL, and once again as a separate data key/value. Try either:

$data = array();

$data['log'] = $login;
$data['pwd'] = $password;
$data['redirect_to']="/wp-login.php?action=oauth1_authorize&oauth_token=" . $req_token;
$data['testcookie']="1";

or

$data = array();

$data['log'] = $login;
$data['pwd'] = $password;
$data['redirect_to']="/wp-login.php?action=oauth1_authorize";
$data['testcookie']="1";
$data['oauth_token']=$req_token;

But really you can't have both.