[beta] SDK 2.0 with Namespaces and OAuth2 support!

Trackmania Forever public API and its open source PHP SDK.

Moderator: NADEO

User avatar
gouxim
Nadeo
Nadeo
Posts: 1188
Joined: 14 Jun 2010, 17:20

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by gouxim » 23 Jul 2011, 14:48

Nop, for now it's only per domain (www.blabla & blabla are different domains)
Please do not PM for support. Instead, create a thread so that everyone can contribute or benefit from the answer! 8-)

User avatar
gouxim
Nadeo
Nadeo
Posts: 1188
Joined: 14 Jun 2010, 17:20

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by gouxim » 25 Jul 2011, 10:09

calaagree wrote:Ok i'll redirect' *****.to http://www.*****

Bit for now i still have some problems, i get an error 400 when i try to retriev the player infos:
$player = $trackmania->getPlayer(); -> int(400) string(11) "Bad Request" string(0) ""
Did i made a mistake ?
Do you still have the error? If so, can you give me the time so I know "when" to check in the error logs?
Please do not PM for support. Instead, create a thread so that everyone can contribute or benefit from the answer! 8-)

User avatar
m4rcel
Posts: 653
Joined: 15 Jun 2010, 11:12
Contact:

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by m4rcel » 25 Jul 2011, 12:51

I now tried myself to acces the private data of a user, and I only get an Error 400 Bad Request when calling Player->getPlayer(), after I allowed Access to my account's data. (Before allowing the access, this method returned false, as expected.)

When trying to call Player->getBuddies(), Player->getEmail() or Player->isOnline(), I always get 401 Not Authorized, although I allowed access to these data.

(Both features have been tested with a self written script, running on my localhost, using a normal WebBrowser (not in a ManiaLink))

Furthermore, I noticed, that the detailled error message is no longer placed into the Exception. With SDK 1.0, I got the message with $e->getMessage(), but this field seems to be always empty in SDK 2.0. (For example, I accidently called Players->getMultiplayerRankingForEnvironment with "island". In the old SDK, it said, that "island" is not known, the new SDK only throws the 400 Bad Request.)


Another thing, not directly related with the SDK but maybe with the problem, is that the ManiaPlanet-forum is redirecting to the TMF Playerpage when clicking this "TrackMania Link Account" button in the profile settings, and not to this Allow-Access-page as before. (So you have no chance to change the displayed information atm.)
ImageImage
Image

User avatar
gouxim
Nadeo
Nadeo
Posts: 1188
Joined: 14 Jun 2010, 17:20

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by gouxim » 25 Jul 2011, 16:56

Thank you all for the reports, it helps debugging ;)
m4rcel wrote:I noticed, that the detailled error message is no longer placed into the Exception.
There was indeed a bug in the SDK. I fixed it and released 2.0 beta 2. You can download it at http://code.google.com/p/trackmania-ws- ... loads/list
m4rcel wrote:I now tried myself to acces the private data of a user, and I only get an Error 400 Bad Request when calling Player->getPlayer()
Can you provide the error message now that the SDK is fixed?
m4rcel wrote:When trying to call Player->getBuddies(), Player->getEmail() or Player->isOnline(), I always get 401 Not Authorized, although I allowed access to these data.
That's normal. You got a 400 when retrieving the OAuth2 Access Token, so every protected request you make after that will fail because you don't have the access token (hence the 401, just like when you try to access a protected page without giving username/password).
m4rcel wrote:Another thing, not directly related with the SDK but maybe with the problem, is that the ManiaPlanet-forum is redirecting to the TMF Playerpage when clicking this "TrackMania Link Account" button in the profile settings, and not to this Allow-Access-page as before. (So you have no chance to change the displayed information atm.)
Yep it's been reported. It's not related, but I should probably fix that someday :roll:
Please do not PM for support. Instead, create a thread so that everyone can contribute or benefit from the answer! 8-)

User avatar
m4rcel
Posts: 653
Joined: 15 Jun 2010, 11:12
Contact:

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by m4rcel » 25 Jul 2011, 17:01

I checked again the error, and now I get as message:
400 Bad Request wrote:Invalid object property "amp;client_secret"
So there seems to be an htmlspecialchars() too much somewhere ^^
ImageImage
Image

User avatar
gouxim
Nadeo
Nadeo
Posts: 1188
Joined: 14 Jun 2010, 17:20

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by gouxim » 25 Jul 2011, 18:19

m4rcel wrote:So there seems to be an htmlspecialchars() too much somewhere ^^
It's indeed an encoding error. But there's not a single htmlspecialchars(). In the following file, on line 252, we create a POST body with the mime-type "application/x-www-form-urlencoded" (just like a URL query string) by using the http_build_query() function:

http://code.google.com/p/trackmania-ws- ... nt.php#252

Maybe you can try to add " var_dump($params);exit; " just after that (just before the // FIXME). In the output, are the "&" encoded as "&" or are they still "&" ?

You can also try to replace

Code: Select all

http_build_query(array(.......));
with

Code: Select all

http_build_query(array(.....), '', '&');
and see what happens.




The default value of the PHP directive "arg_separator.output" is "&" ; Maybe on your system it's "&", that would explain this behaviour.
Please do not PM for support. Instead, create a thread so that everyone can contribute or benefit from the answer! 8-)

User avatar
m4rcel
Posts: 653
Joined: 15 Jun 2010, 11:12
Contact:

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by m4rcel » 25 Jul 2011, 18:54

Thank you for this information, there was indeed an "&" as arg_separator within the php.ini, not as arg_separator.input but as arg_separator.output. After I changed it to "&", and now I was able to get the private data :)

Nevertheless, I tried your suggestions (with the "&" in the php.ini). Printing the $params at the named place shows, that the "&" are already escaped to "&". Modifying the one line fixes the problem, even with the "&" in the php.ini.

I hope this information are helpful ;)
ImageImage
Image

User avatar
gouxim
Nadeo
Nadeo
Posts: 1188
Joined: 14 Jun 2010, 17:20

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by gouxim » 25 Jul 2011, 21:51

Indeed, I will update the SDK tomorow to force the usage of "&" as a separator whatver the value in the php.ini is.

Edit: I updated the code on the SVN (http://code.google.com/p/trackmania-ws- ... etail?r=26), but I won't make a release just for this.
Please do not PM for support. Instead, create a thread so that everyone can contribute or benefit from the answer! 8-)

User avatar
m4rcel
Posts: 653
Joined: 15 Jun 2010, 11:12
Contact:

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by m4rcel » 27 Jul 2011, 10:05

So now I have a question of basic understanding, in how this OAuth works:

What I already implemented is a little script, with the Login-Link. Clicking on this will redirect the user to the Playerpage, let him login, and re-redirect him back to my script, giving a "code" and a "state" parameter. Right within this call of the script, I am able to request the Buddies, Online state etc. of this user.

But... How am I supposed to request these data in the future?
Let's say, I want to re-request the Online state of the user after 15 minutes to keep it up-to-date. How to do so, without having the user to login (as he already granted access to his account)?
ImageImage
Image

User avatar
gouxim
Nadeo
Nadeo
Posts: 1188
Joined: 14 Jun 2010, 17:20

Re: [beta] SDK 2.0 with Namespaces and OAuth2 support!

Post by gouxim » 27 Jul 2011, 14:10

Here's how it works:
  • You login with the player page
  • You allow the application
  • You are redirected to the Website with the "code" (Authorization Code in the OAuth2.0 spec) in the URL (the state parameter is optional, it's a protection against CSRF attacks)
  • The SDK sees the Authorization Code and make a POST request on the TMWS to exchange this Authorization Code for an Access Token. In this request is included the API Username & password, so we are sure that it's the right application. The response of this request is an Access Token.
  • The access token is saved in the session, so you can use the SDK to make calls later in that session.
  • The access token lifetime is 3600 seconds. When it expires, you need to redirect the user to the Login URL in order to get a new access token.
Later, we may implement the Refresh Token: when you receive the Access Token, you can also receive a Refresh Token: it has a long lifetime and you can use it to get a new Access Token for that user, without having to redirect the user to the Login URL.

So for now you can make request on behalf of a user (ie. with an Access Token) only during the lifetime of the access token. When Refresh Tokens are available, you will also be able to make requests when the user is not logged in. I really don't have a release date for that feature, nor I am sure that we will actually implement it in TMF (there's way too much work to do at the moment with the release of TM2... :) )
Please do not PM for support. Instead, create a thread so that everyone can contribute or benefit from the answer! 8-)

Post Reply

Return to “Trackmania Forever Web Services”

Who is online

Users browsing this forum: No registered users and 4 guests