Alert: This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.
WC_REST_Authentication::perform_oauth_authentication()
Perform OAuth 1.0a “one-legged” (http://oauthbible.com/#oauth-10a-one-legged) authentication for non-SSL requests.
Description Description
This is required so API credentials cannot be sniffed or intercepted when making API requests over plain HTTP.
This follows the spec for simple OAuth 1.0a authentication (RFC 5849) as closely as possible, with two exceptions:
1) There is no token associated with request/responses, only consumer keys/secrets are used.
2) The OAuth parameters are included as part of the request query string instead of part of the Authorization header, This is because there is no cross-OS function within PHP to get the raw Authorization header.
Return Return
(int|bool)
Source Source
File: includes/class-wc-rest-authentication.php
private function perform_oauth_authentication() {
$this->auth_method = 'oauth1';
$params = $this->get_oauth_parameters();
if ( empty( $params ) ) {
return false;
}
// Fetch WP user by consumer key.
$this->user = $this->get_user_data_by_consumer_key( $params['oauth_consumer_key'] );
if ( empty( $this->user ) ) {
$this->set_error( new WP_Error( 'woocommerce_rest_authentication_error', __( 'Consumer key is invalid.', 'woocommerce' ), array( 'status' => 401 ) ) );
return false;
}
// Perform OAuth validation.
$signature = $this->check_oauth_signature( $this->user, $params );
if ( is_wp_error( $signature ) ) {
$this->set_error( $signature );
return false;
}
$timestamp_and_nonce = $this->check_oauth_timestamp_and_nonce( $this->user, $params['oauth_timestamp'], $params['oauth_nonce'] );
if ( is_wp_error( $timestamp_and_nonce ) ) {
$this->set_error( $timestamp_and_nonce );
return false;
}
return $this->user->user_id;
}