I have an app that uses a 2 leg oAuth on our PHP server. We parse the php://input stream curently to get the signature params and raw post data. However according to php.net you can't use input stream with multipart form data so when I try to send an image from the iPhone to server the php://input stream is empty.
Here's my question being new to Oath rules and what not.
Is it required that you use the input stream vs reading from $POST super global? Can I send the signature and image in the same call like
NSString *boundary = @"---------------------------14737809831466499882746641449";
NSString *contentType = [NSString stringWithFormat:@"multipart/form-data; boundary=%@",boundary];
[postData appendData:[[NSString stringWithFormat:@"\r\n--%@\r\n", boundary] dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[[NSString stringWithFormat:@"Content-Disposition: form-data; name=\"%@\"\r\n\r\n", @"signature"] dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[postVars dataUsingEncoding:NSUTF8StringEncoding allowLossyConversion:YES]];
[postData appendData:[[NSString stringWithFormat:@"\r\n--%@--\r\n", boundary] dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[[NSString stringWithFormat:@"\r\n--%@\r\n",boundary] dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[[NSString stringWithFormat:@"Content-Disposition: form-data; name=\"uploadedfile\"; filename=\"tester.png\"\r\n"] dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"Content-Type: application/octet-stream\r\n\r\n" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[NSData dataWithData:imageData]];
[postData appendData:[[NSString stringWithFormat:@"\r\n--%@--\r\n",boundary] dataUsingEncoding:NSUTF8StringEncoding]];
I've seen some suggestions to set the Authorization header with the signature params. Is it correct to send signature in the post body or set the authorization headers? Also Am I way off in how to upload and image using oAuth? Does it need to be 2 calls or can I do signature and image in same calls?
Thanks for the help. We are using this to send data from iPhone to our server so we wrote both sides but want to follow oAuth best practices.
Oauth prefers the oauth params set in the authorization header (see here). Everything that the provider expects should be in that header, including a signature that's formed by signing the verb, the url, post parameters, various oauth params, etc., lexically ordered.
The rest of the request can be whatever you want, like an image post, multipart or not.