Oauth plugin: Add query string method (in addition to Authorization header) to request the Service Provider

src/Guzzle/Plugin/Oauth/OauthPlugin.php

@@ -16,6 +16,12 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  */
 class OauthPlugin implements EventSubscriberInterface
 {
+    /**
+     * Customer request method constants. See http://oauth.net/core/1.0/#consumer_req_param
+     */
+    const REQUEST_METHOD_HEADER = 'header';
+    const REQUEST_METHOD_QUERY  = 'query';
+
     /** @var Collection Configuration settings */
     protected $config;
 
@@ -23,6 +29,7 @@ class OauthPlugin implements EventSubscriberInterface
      * Create a new OAuth 1.0 plugin
      *
      * @param array $config Configuration array containing these parameters:
+     *     - string 'request_method'       Customer request method. Use the class constants.
      *     - string 'callback'             OAuth callback
      *     - string 'consumer_key'         Consumer key
      *     - string 'consumer_secret'      Consumer secret
@@ -38,6 +45,7 @@ class OauthPlugin implements EventSubscriberInterface
     {
         $this->config = Collection::fromConfig($config, array(
             'version' => '1.0',
+            'request_method' => self::REQUEST_METHOD_HEADER,
             'consumer_key' => 'anonymous',
             'consumer_secret' => 'anonymous',
             'signature_method' => 'HMAC-SHA1',
@@ -71,10 +79,21 @@ class OauthPlugin implements EventSubscriberInterface
         $authorizationParams = $this->getOauthParams($timestamp, $nonce);
         $authorizationParams['oauth_signature']  = $this->getSignature($request, $timestamp, $nonce);
 
-        $request->setHeader(
-            'Authorization',
-            $this->buildAuthorizationHeader($authorizationParams)
-        );
+        switch ($this->config['request_method']) {
+        case self::REQUEST_METHOD_HEADER:
+            $request->setHeader(
+                'Authorization',
+                $this->buildAuthorizationHeader($authorizationParams)
+            );
+            break;
+        case self::REQUEST_METHOD_QUERY:
+            foreach ($authorizationParams as $key => $value) {
+                $request->getQuery()->add($key, $value);
+            }
+            break;
+        default:
+            break;
+        }
 
         return $authorizationParams;
     }

tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php

@@ -50,6 +50,7 @@ class OauthPluginTest extends \Guzzle\Tests\GuzzleTestCase
         $this->assertEquals('dracula', $config['token_secret']);
         $this->assertEquals('1.0', $config['version']);
         $this->assertEquals('HMAC-SHA1', $config['signature_method']);
+        $this->assertEquals('header', $config['request_method']);
     }
 
     public function testCreatesStringToSignFromPostRequest()
@@ -216,6 +217,54 @@ class OauthPluginTest extends \Guzzle\Tests\GuzzleTestCase
         $this->assertEquals($totalLength, strlen($authorizationHeader), 'Authorization has extra characters i.e. contains extra elements compared to stringsToCheck.');
     }
 
+    public function testSignsOauthQueryStringRequest()
+    {
+        $config = array_merge(
+            $this->config,
+            ['request_method' => OauthPlugin::REQUEST_METHOD_QUERY]
+        );
+
+        $p = new OauthPlugin($config);
+        $event = new Event(array(
+            'request' => $this->getRequest(),
+            'timestamp' => self::TIMESTAMP
+        ));
+        $params = $p->onRequestBeforeSend($event);
+
+        $this->assertFalse($event['request']->hasHeader('Authorization'));
+
+        $stringsToCheck = array(
+            'a=b',
+            'c=d',
+            'oauth_consumer_key=foo',
+            'oauth_nonce='.urlencode($params['oauth_nonce']),
+            'oauth_signature='.urlencode($params['oauth_signature']),
+            'oauth_signature_method=HMAC-SHA1',
+            'oauth_timestamp='.self::TIMESTAMP,
+            'oauth_token=count',
+            'oauth_version=1.0',
+        );
+
+        $queryString = (string) $event['request']->getQuery();
+
+        $totalLength = strlen('?');
+
+        //Separator is not used before first parameter.
+        $separator = '';
+
+        foreach ($stringsToCheck as $stringToCheck) {
+            $this->assertContains($stringToCheck, $queryString);
+            $totalLength += strlen($separator);
+            $totalLength += strlen($stringToCheck);
+            $separator = '&';
+        }
+
+        // Removes the last query string separator '&'
+        $totalLength -= 1;
+
+        $this->assertEquals($totalLength, strlen($queryString), 'Query string has extra characters i.e. contains extra elements compared to stringsToCheck.');
+    }
+
     public function testDoesNotAddFalseyValuesToAuthorization()
     {
         unset($this->config['token']);