[beta] SDK 2.0 with Namespaces and OAuth2 support!

[gouxim]

Nop, for now it's only per domain (www.blabla & blabla are different domains)

[gouxim]

Ok i'll redirect' *****.to http://www.*****

Bit for now i still have some problems, i get an error 400 when i try to retriev the player infos:
$player = $trackmania->getPlayer(); -> int(400) string(11) "Bad Request" string(0) ""
Did i made a mistake ?

Do you still have the error? If so, can you give me the time so I know "when" to check in the error logs?

[m4rcel]

I now tried myself to acces the private data of a user, and I only get an Error 400 Bad Request when calling Player->getPlayer(), after I allowed Access to my account's data. (Before allowing the access, this method returned false, as expected.)

When trying to call Player->getBuddies(), Player->getEmail() or Player->isOnline(), I always get 401 Not Authorized, although I allowed access to these data.

(Both features have been tested with a self written script, running on my localhost, using a normal WebBrowser (not in a ManiaLink))

Furthermore, I noticed, that the detailled error message is no longer placed into the Exception. With SDK 1.0, I got the message with $e->getMessage(), but this field seems to be always empty in SDK 2.0. (For example, I accidently called Players->getMultiplayerRankingForEnvironment with "island". In the old SDK, it said, that "island" is not known, the new SDK only throws the 400 Bad Request.)


Another thing, not directly related with the SDK but maybe with the problem, is that the ManiaPlanet-forum is redirecting to the TMF Playerpage when clicking this "TrackMania Link Account" button in the profile settings, and not to this Allow-Access-page as before. (So you have no chance to change the displayed information atm.)

[gouxim]

Thank you all for the reports, it helps debugging

I noticed, that the detailled error message is no longer placed into the Exception.

There was indeed a bug in the SDK. I fixed it and released 2.0 beta 2. You can download it at http://code.google.com/p/trackmania-ws- ... loads/list

I now tried myself to acces the private data of a user, and I only get an Error 400 Bad Request when calling Player->getPlayer()

Can you provide the error message now that the SDK is fixed?

When trying to call Player->getBuddies(), Player->getEmail() or Player->isOnline(), I always get 401 Not Authorized, although I allowed access to these data.

That's normal. You got a 400 when retrieving the OAuth2 Access Token, so every protected request you make after that will fail because you don't have the access token (hence the 401, just like when you try to access a protected page without giving username/password).

Another thing, not directly related with the SDK but maybe with the problem, is that the ManiaPlanet-forum is redirecting to the TMF Playerpage when clicking this "TrackMania Link Account" button in the profile settings, and not to this Allow-Access-page as before. (So you have no chance to change the displayed information atm.)

Yep it's been reported. It's not related, but I should probably fix that someday

[m4rcel]

I checked again the error, and now I get as message:

Invalid object property "amp;client_secret"

So there seems to be an htmlspecialchars() too much somewhere ^^

[gouxim]

So there seems to be an htmlspecialchars() too much somewhere ^^

It's indeed an encoding error. But there's not a single htmlspecialchars(). In the following file, on line 252, we create a POST body with the mime-type "application/x-www-form-urlencoded" (just like a URL query string) by using the http_build_query() function:

http://code.google.com/p/trackmania-ws- ... nt.php#252

Maybe you can try to add " var_dump($params);exit; " just after that (just before the // FIXME). In the output, are the "&" encoded as "&" or are they still "&" ?

You can also try to replace

Code: Select all

http_build_query(array(.......));

with

Code: Select all

http_build_query(array(.....), '', '&');

and see what happens.




The default value of the PHP directive "arg_separator.output" is "&" ; Maybe on your system it's "&", that would explain this behaviour.

[m4rcel]

Thank you for this information, there was indeed an "&" as arg_separator within the php.ini, not as arg_separator.input but as arg_separator.output. After I changed it to "&", and now I was able to get the private data

Nevertheless, I tried your suggestions (with the "&" in the php.ini). Printing the $params at the named place shows, that the "&" are already escaped to "&". Modifying the one line fixes the problem, even with the "&" in the php.ini.

I hope this information are helpful

[gouxim]

Indeed, I will update the SDK tomorow to force the usage of "&" as a separator whatver the value in the php.ini is.

Edit: I updated the code on the SVN (http://code.google.com/p/trackmania-ws- ... etail?r=26), but I won't make a release just for this.

[m4rcel]

So now I have a question of basic understanding, in how this OAuth works:

What I already implemented is a little script, with the Login-Link. Clicking on this will redirect the user to the Playerpage, let him login, and re-redirect him back to my script, giving a "code" and a "state" parameter. Right within this call of the script, I am able to request the Buddies, Online state etc. of this user.

But... How am I supposed to request these data in the future?
Let's say, I want to re-request the Online state of the user after 15 minutes to keep it up-to-date. How to do so, without having the user to login (as he already granted access to his account)?

[gouxim]

Here's how it works:

• You login with the player page
• You allow the application
• You are redirected to the Website with the "code" (Authorization Code in the OAuth2.0 spec) in the URL (the state parameter is optional, it's a protection against CSRF attacks)
• The SDK sees the Authorization Code and make a POST request on the TMWS to exchange this Authorization Code for an Access Token. In this request is included the API Username & password, so we are sure that it's the right application. The response of this request is an Access Token.
• The access token is saved in the session, so you can use the SDK to make calls later in that session.
• The access token lifetime is 3600 seconds. When it expires, you need to redirect the user to the Login URL in order to get a new access token.

Later, we may implement the Refresh Token: when you receive the Access Token, you can also receive a Refresh Token: it has a long lifetime and you can use it to get a new Access Token for that user, without having to redirect the user to the Login URL.

So for now you can make request on behalf of a user (ie. with an Access Token) only during the lifetime of the access token. When Refresh Tokens are available, you will also be able to make requests when the user is not logged in. I really don't have a release date for that feature, nor I am sure that we will actually implement it in TMF (there's way too much work to do at the moment with the release of TM2... )