[bd] API

[bd] API 1.6.3

No permission to download
Please join in the discussion, there are a lot of API endpoints to cover so if we know which ones you depend on, we may prioritize them higher.

My setup is - I have an XF install and a separate site. The aim is to allow people on the second site to login with their XF accounts. It's been a while since I've worked on this but I believe the endpoints we use are authorize, token and redirect.

I may also want the ability to cross post to XF from the other website if the person makes a post there - so the 2nd app may require the post scope as well as read.
 
My setup is - I have an XF install and a separate site. The aim is to allow people on the second site to login with their XF accounts. It's been a while since I've worked on this but I believe the endpoints we use are authorize, token and redirect.

I may also want the ability to cross post to XF from the other website if the person makes a post there - so the 2nd app may require the post scope as well as read.
User and authorization is complete with version Alpha 2 so you should give it a go. Thread/post data, especially posting new post, is not done yet though.
 
User and authorization is complete with version Alpha 2 so you should give it a go. Thread/post data, especially posting new post, is not done yet though.

I'm still having trouble authorizing with the XenForo 2 Alpha 2 version. I have more details posted on your site
 
I'm also getting a similar error with the XenForoAuth plugin and [bd] API 1.6.1. I'll see if the plugin author has encountered this issue.

I looked in the logs for [bd] API and I see that the Wiki is making the request. When I run this GET in the browser, it gives me the same result.

Code:
GET /api/index.php?users/me

Request
array(0) {
}
Response (403)
array(1) {
  ["error"] => string(34) "You must be a logged-in, registered member of this site to perform this action. "
}

It says I'm not a logged-in user when I am in fact logged into my forums. How can I debug the API's connection to the forum?
 
My WordPress user are getting a "502 Bad Gateway" error when trying to login with a connected account. This happend after switching to php 7.2 and also https.

Do you know what causing the trouble?

EDIT: I got this from the NGINX Error.log

PHP message: _xfac_api_curl POST (https://www.XXX.de/api/index.php?oauth/token/admin, array (
'oauth_token' => '48b5adb8fb7a6e875e75eeeb81f922ff97ef14dc',
'user_id' => 71015,
)) -> 200
PHP message: | HTTP/1.1 200 OK
PHP message: | Server: nginx
PHP message: | Date: Tue, 10 Jul 2018 12:41:10 GMT
PHP message: | Content-Type: application/json; charset=UTF-8
PHP message: | Content-Length: 212
PHP message: | Connection: keep-alive
PHP message: | Expires: Thu, 19 Nov 1981 08:52:00 GMT
PHP message: | Cache-control: private, max-age=0
PHP message: | X-Frame-Options: SAMEORIGIN
PHP message: | X-Xss-Protection: 1
PHP message: | Last-Modified: Tue, 10 Jul 2018 12:41:10 GMT
PHP message: | Strict-Transport-Security: max-age=0
PHP message: |
PHP message: | {"access_token":"dc32791f98b0e49aab5d1e8cf3e687d2dde6421c","expires_in":"3600","token_type":"Bearer","scope":"read post conversate admincp usercp","user_id":71015,"system_info":{"visitor_id":2,"time":1531226470}}
PHP message: _xfac_api_curl GET (https://www.XXX.de/api/index.php?users/me/&oauth_token=dc32791f98b0e49aab5d1e8cf3e687d2dde6421c, NULL) -> 200
PHP message: | HTTP/1.1 200 OK
PHP mes
2018/07/10 14:41:11 [error] 17081#17081: *4809220 upstream sent too big header while reading response header from upstream, client: 79.207.234.161, server: blog.XXX.de, request: "POST /wp-admin/user-edit.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php7.2-fpm-blog.XXX.sock:", host: "blog.XXX.de", referrer: "https://blog.XXX.de/wp-admin/user-e...tion=-1&new_role&paged=1&action2=-1&new_role2"
2018/07/10 14:41:11 [error] 17081#17081: *4809220 upstream sent too big header while reading response header from upstream, client: 79.207.234.161, server: blog.xxx.de, request: "POST /wp-admin/user-edit.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php7.2-fpm-blog.xxx.de.sock:", host: "blog.xxx.de", referrer: "https://blog.xxx.de/wp-admin/user-e...tion=-1&new_role&paged=1&action2=-1&new_role2"
2018/07/10 14:41:26 [error] 17082#17082: *4809764 FastCGI sent in stderr: "PHP message: PHP Deprecated: Function create_function() is deprecated in /var/www/share/blog.xxx.de/htdocs/wp-content/plugins/xenforo-api-consumer/includes/widget/search.php on line 78
PHP message: PHP Deprecated: Function create_function() is deprecated in /var/www/share/blog.xxx.de/htdocs/wp-content/plugins/xenforo-api-consumer/includes/widget/threads.php on line 169
 
Last edited:
i'm actually trying to run oauth authentication from symfony hwi bundle, the issue is url /api/index.php?oauth/authorize is redirecting to /account/authorize, and url is not found 404 ... does anyone uses same bundle on sf4?
 
My WordPress user are getting a "502 Bad Gateway" error when trying to login with a connected account. This happend after switching to php 7.2 and also https.

Do you know what causing the trouble?

EDIT: I got this from the NGINX Error.log

PHP message: _xfac_api_curl POST (https://www.XXX.de/api/index.php?oauth/token/admin, array (
'oauth_token' => '48b5adb8fb7a6e875e75eeeb81f922ff97ef14dc',
'user_id' => 71015,
)) -> 200
PHP message: | HTTP/1.1 200 OK
PHP message: | Server: nginx
PHP message: | Date: Tue, 10 Jul 2018 12:41:10 GMT
PHP message: | Content-Type: application/json; charset=UTF-8
PHP message: | Content-Length: 212
PHP message: | Connection: keep-alive
PHP message: | Expires: Thu, 19 Nov 1981 08:52:00 GMT
PHP message: | Cache-control: private, max-age=0
PHP message: | X-Frame-Options: SAMEORIGIN
PHP message: | X-Xss-Protection: 1
PHP message: | Last-Modified: Tue, 10 Jul 2018 12:41:10 GMT
PHP message: | Strict-Transport-Security: max-age=0
PHP message: |
PHP message: | {"access_token":"dc32791f98b0e49aab5d1e8cf3e687d2dde6421c","expires_in":"3600","token_type":"Bearer","scope":"read post conversate admincp usercp","user_id":71015,"system_info":{"visitor_id":2,"time":1531226470}}
PHP message: _xfac_api_curl GET (https://www.XXX.de/api/index.php?users/me/&oauth_token=dc32791f98b0e49aab5d1e8cf3e687d2dde6421c, NULL) -> 200
PHP message: | HTTP/1.1 200 OK
PHP mes
2018/07/10 14:41:11 [error] 17081#17081: *4809220 upstream sent too big header while reading response header from upstream, client: 79.207.234.161, server: blog.XXX.de, request: "POST /wp-admin/user-edit.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php7.2-fpm-blog.XXX.sock:", host: "blog.XXX.de", referrer: "https://blog.XXX.de/wp-admin/user-edit.php?user_id=40&wp_http_referer=/wp-admin/users.php?s=fedora&action=-1&new_role&paged=1&action2=-1&new_role2"
2018/07/10 14:41:11 [error] 17081#17081: *4809220 upstream sent too big header while reading response header from upstream, client: 79.207.234.161, server: blog.xxx.de, request: "POST /wp-admin/user-edit.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php7.2-fpm-blog.xxx.de.sock:", host: "blog.xxx.de", referrer: "https://blog.xxx.de/wp-admin/user-edit.php?user_id=40&wp_http_referer=/wp-admin/users.php?s=fedora&action=-1&new_role&paged=1&action2=-1&new_role2"
2018/07/10 14:41:26 [error] 17082#17082: *4809764 FastCGI sent in stderr: "PHP message: PHP Deprecated: Function create_function() is deprecated in /var/www/share/blog.xxx.de/htdocs/wp-content/plugins/xenforo-api-consumer/includes/widget/search.php on line 78
PHP message: PHP Deprecated: Function create_function() is deprecated in /var/www/share/blog.xxx.de/htdocs/wp-content/plugins/xenforo-api-consumer/includes/widget/threads.php on line 169

you ever receive a reply for this?
 
I'm also getting a similar error with the XenForoAuth plugin and [bd] API 1.6.1. I'll see if the plugin author has encountered this issue.

Same issues here as well. It doesn't seem that 1.6.x behaves the same as 1.5.x. We recently upgraded to PHP 7.2, which forced an update to BD API 1.6.x, and we're a little sunk now. Our authentication bridge to our own MediaWiki is broken.
 
Can I ask what the reason for you guys updating to PHP 7.2 was? It's a bad idea to update your live environment without first simulating/testing it to make sure the software you're using is compatible with it.

Have any of you guys with issues resolved them since your last posts?

Would it not be easier to roll back your PHP update and [bd]API versions back to working ones?
 
Same issues here as well. It doesn't seem that 1.6.x behaves the same as 1.5.x. We recently upgraded to PHP 7.2, which forced an update to BD API 1.6.x, and we're a little sunk now. Our authentication bridge to our own MediaWiki is broken.
The underlying library has been upgrade due to PHP version so 1.6 works a bit different from 1.5 regarding OAuth param/header. Everything else should be the same though.
 
Hi guys. I made autorization via grant_type=password.
I have a stupid question. Is this safe to pass client_id and client_secret to request body and share client_id and client_secret to users?

LmkPdah.jpg
 
Hi guys. I made autorization via grant_type=password.
I have a stupid question. Is this safe to pass client_id and client_secret to request body and share client_id and client_secret to users?

It's okie but should avoid if possible. e.g. if you give away the secret, random people will be able to access your public data even with restrict mode turned on.
 
Top Bottom