From f856a5a7028751595b9346c2ccd5ccd15497c352 Mon Sep 17 00:00:00 2001
From: Jeroen Vermeulen <info@jeroenvermeulen.eu>
Date: Tue, 5 Sep 2023 23:33:10 +0200
Subject: [PATCH 1/4] Implemented HMAC-SHA256 signature support to OAuth1.

Example usage:
```php
class OauthClient extends \OAuth\OAuth1\Service\AbstractService
{
    public function __construct(
        Credentials $credentials,
        ClientInterface $httpClient = null,
        TokenStorageInterface $storage = null,
        SignatureInterface $signature = null,
        UriInterface $baseApiUri = null
    ) {
        $this->setSignatureMethod('HMAC-SHA256');  // <== THIS
        parent::__construct($credentials, $httpClient, $storage, $signature, $baseApiUri);
    }
}
```
---
 src/OAuth/OAuth1/Service/AbstractService.php | 14 +++++++++-----
 src/OAuth/OAuth1/Signature/Signature.php     |  2 ++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/OAuth/OAuth1/Service/AbstractService.php b/src/OAuth/OAuth1/Service/AbstractService.php
index b9442a6c..add017ad 100644
--- a/src/OAuth/OAuth1/Service/AbstractService.php
+++ b/src/OAuth/OAuth1/Service/AbstractService.php
@@ -23,6 +23,9 @@ abstract class AbstractService extends BaseAbstractService implements ServiceInt
     /** @var null|UriInterface */
     protected $baseApiUri;
 
+    /** @var string */
+    protected $signatureMethod = 'HMAC-SHA1';
+
     /**
      * {@inheritdoc}
      */
@@ -274,17 +277,18 @@ protected function generateNonce($length = 32)
      */
     protected function getSignatureMethod()
     {
-        return 'HMAC-SHA1';
+        return $this->signatureMethod;
     }
 
     /**
-     * This returns the version used in the authorization header of the requests.
+     * Set the signature method.
+     * Currently supported: 'HMAC-SHA1' and 'HMAC-SHA256'
      *
-     * @return string
+     * @param string $method
      */
-    protected function getVersion()
+    protected function setSignatureMethod($method)
     {
-        return '1.0';
+        $this->signatureMethod = (string) $method;
     }
 
     /**
diff --git a/src/OAuth/OAuth1/Signature/Signature.php b/src/OAuth/OAuth1/Signature/Signature.php
index 23711d31..74463647 100644
--- a/src/OAuth/OAuth1/Signature/Signature.php
+++ b/src/OAuth/OAuth1/Signature/Signature.php
@@ -114,6 +114,8 @@ protected function hash($data)
         switch (strtoupper($this->algorithm)) {
             case 'HMAC-SHA1':
                 return hash_hmac('sha1', $data, $this->getSigningKey(), true);
+            case 'HMAC-SHA256':
+                return hash_hmac('sha256', $data, $this->getSigningKey(), true);
             default:
                 throw new UnsupportedHashAlgorithmException(
                     'Unsupported hashing algorithm (' . $this->algorithm . ') used.'

From ddefb9699d4a49428f6511c0d0506b5cbe24f76a Mon Sep 17 00:00:00 2001
From: Jeroen Vermeulen <info@jeroenvermeulen.eu>
Date: Tue, 5 Sep 2023 23:40:23 +0200
Subject: [PATCH 2/4] Update composer.json

---
 composer.json | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/composer.json b/composer.json
index 0f0506f5..cb395f18 100644
--- a/composer.json
+++ b/composer.json
@@ -1,5 +1,5 @@
 {
-    "name": "lusitanian/oauth",
+    "name": "jeroenvermeulen/oauth",
     "description": "PHP 7.2 oAuth 1/2 Library",
     "keywords": ["oauth", "authentication", "authorization", "security"],
     "license": "MIT",
@@ -15,7 +15,11 @@
         {
             "name": "Elliot Chance",
             "email": "elliotchance@gmail.com"
-        }
+        },
+        {
+            "name": "Jeroen Vermeulen",
+            "email": "info@jeroenvermeulen.eu"
+        }        
     ],
     "scripts" : {
         "tests" : [

From c959e196a058637748a980f9e37138af21dffe0e Mon Sep 17 00:00:00 2001
From: Jeroen Vermeulen <info@jeroenvermeulen.eu>
Date: Wed, 6 Sep 2023 00:25:28 +0200
Subject: [PATCH 3/4] Fixed missing getVersion() bug

---
 src/OAuth/OAuth1/Service/AbstractService.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OAuth/OAuth1/Service/AbstractService.php b/src/OAuth/OAuth1/Service/AbstractService.php
index add017ad..ca7d2c8b 100644
--- a/src/OAuth/OAuth1/Service/AbstractService.php
+++ b/src/OAuth/OAuth1/Service/AbstractService.php
@@ -246,7 +246,7 @@ protected function getBasicAuthorizationHeaderInfo()
             'oauth_nonce' => $this->generateNonce(),
             'oauth_signature_method' => $this->getSignatureMethod(),
             'oauth_timestamp' => $dateTime->format('U'),
-            'oauth_version' => $this->getVersion(),
+            'oauth_version' => '1.0',
         ];
 
         return $headerParameters;

From 49fb6baa0d742e1d527f36306848f61e4c492e7c Mon Sep 17 00:00:00 2001
From: Jeroen Vermeulen <info@jeroenvermeulen.eu>
Date: Wed, 6 Sep 2023 01:39:19 +0200
Subject: [PATCH 4/4] After quite some debugging I found out the __sleep
 function in OAuth\Common\Token\AbstractToken breaks the signature in Oauth1.

---
 src/OAuth/Common/Token/AbstractToken.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/OAuth/Common/Token/AbstractToken.php b/src/OAuth/Common/Token/AbstractToken.php
index 2ebdc023..8313245e 100644
--- a/src/OAuth/Common/Token/AbstractToken.php
+++ b/src/OAuth/Common/Token/AbstractToken.php
@@ -122,9 +122,4 @@ public function isExpired()
         && $this->getEndOfLife() !== TokenInterface::EOL_UNKNOWN
         && time() > $this->getEndOfLife();
     }
-
-    public function __sleep()
-    {
-        return ['accessToken'];
-    }
 }