I'm registring a user using the class Accounts and it's method register.
The registration works, but the data of the key profile is being ignored.

I read https://developers.gigya.com/display/GD/accounts.register+REST and https://developers.gigya.com/display/GD/Profile+REST and don't see the error in my approach.

$registration = [
    'email' => $registrationRequest->getEmail(),
    'password' => $registrationRequest->getPassword(),
    'regToken' => $registrationRequest->getRegToken(),
    'finalizeRegistration' => true,
    'siteUID' => $registrationRequest->getUid(),
    'profile' => [
        'email' => $registrationRequest->getEmail(),
        'firstName' => $registrationRequest->getFirstName(),
        'lastName' => $registrationRequest->getLastName(),
        'gender' => $registrationRequest->getGender(),
        'UID' => $registrationRequest->getUid(),
        'isSiteUID' => true,
    ],
];

Question: How do I have to pass the profile data?

Thanks a lot!

Hi, I'm trying to install this library.

I followed steps, so I made composer require graze/gigya-client, and my script:

require_once 'vendor/autoload.php';

use Graze\Gigya\Response\ErrorCode;
use Graze\Gigya\Gigya;

$key = '[my key]';
$secret = '[my secret]';
$uid = '[an existing uid]';

$gigya = new Gigya($key, $secret);

$response = $gigya->accounts()->getAccountInfo(['uid' => $uid]);
if ($response->getErrorCode() === ErrorCode::OK) {
    $account = $response->getData();
    var_dump($account);
} else {
    var_dump('FAILED', $response);
}

I expected to get the user account info that match the uid.

Instead, when I run it, I get an error like:

{
    "statusReason": "Forbidden",
    "errorMessage": "Invalid Secret"
}

But I know that my secret is valid because it works in another project.

So I debug the sent request by guzzle, and I get this host and parameters:

string(54) "https://accounts.eu1.gigya.com/accounts.getAccountInfo"
array(3) {
  ["verify"]=>
  string(66) "/.../vendor/graze/gigya-client/src/cacert.pem"
  ["auth"]=>
  string(5) "gigya"
  ["query"]=>
  array(1) {
    ["uid"]=>
    string(36) "[an existing uid]"
  }
}

I can't find where the api key and the secret is sent. In my other project, I send it here, in the request parameters.

Also it works with curl and the same parameters:

curl -X POST \
    https://accounts.eu1.gigya.com/accounts.getAccountInfo \
    -H 'content-type: application/x-www-form-urlencoded' \
    --data-urlencode "apiKey=[my api key]" \
    --data-urlencode "secret=[secret]" \
    --data-urlencode "UID=[an existing uid]"

Problem 1:

Gigya returns the time property of a response as being "represented in ISO 8601 format. i.e., yyyy.mm.dd.Thh.MM.ss.SSSZ". Note the microseconds (SSS).

But for other time attributes, like registered, they say they return "in ISO 8601 format, e.g. '1997-07-16T19:20:30Z'"; so no microseconds. But from my research, they do actually return with microseconds. This is a documentation fault on their part and they should be notified about it.

Every time-related attribute coming from Gigya has the yyyy.mm.dd.Thh.MM.ss.SSSZ format, from what I could gather.

The difference between returning with microseconds and without them, unfortunately, is important, because:

Problem 2:

DateTime(Immutable)::createFromFormat() doesn't correctly parse date strings in the yyyy.mm.dd.Thh.MM.ss.SSSZ format, what is this, I don't even...

PHP.net comment: http://php.net/manual/en/class.datetime.php#108970

So $this->time is always false:

$ php -v
PHP 5.6.12 (cli) (built: Aug  7 2015 11:29:31)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies
    with Xdebug v2.3.3, Copyright (c) 2002-2015, by Derick Rethans

php > var_dump(DateTimeImmutable::createFromFormat(DateTime::ATOM, '2015-10-04T10:46:24.311Z'));
bool(false)

php > var_dump(DateTimeImmutable::createFromFormat(DateTime::ATOM, '2015-10-04T10:46:24Z'));
class DateTimeImmutable#1 (3) {
  public $date =>
  string(26) "2015-10-04 10:46:24.000000"
  public $timezone_type =>
  int(2)
  public $timezone =>
  string(1) "Z"
}

Note that it fails when the date string contains microseconds - '2015-10-04T10:46:24.311Z' vs 2015-10-04T10:46:24Z.

I think we'd better use our own custom format instead of directly using ATOM. Haven't tried it yet, though.
I leave the decision to you, as I don't see us using that time attribute any time soon.

Is there a reason you do not use the ValidGigyaResponseMiddleware?

there is no need for everything to be get requests.

also post will make sure the key/secret does not get exposed.

Both files extend a non-existent class (Mockery\Exception) so they'll fail when thrown:

• https://github.com/graze/gigya-client/blob/297cec85ca00aa4120d1343355bfc34cdaf489ea/src/Exceptions/InvalidFriendUidSignatureException.php
• https://github.com/graze/gigya-client/blob/297cec85ca00aa4120d1343355bfc34cdaf489ea/src/Exceptions/InvalidUidSignatureException.php

@sjparkinson @wpillar If you have a chance, can you look through with the goal of opening it up and allowing session to use it as well

Todo

• Code Review
• Packagist
• Travis indicator
• CHANGELOG
• CONTRIBUTING
• Coverage indicator
• Code Quality indicator
• Linting
• How should it handle guzzle exceptions for 1xx,2xx,3xx,4xx,5xx etc ?

Support for bug fixes for Laravel 5.8 ended on August 26, 2019. Security issues are still being maintained until February 26, 2020.

Some parts of Gigya require using OAuth2 (social, etc).

To handle this a different Authentication method is required.

I am thinking:

interface GrantInterface {
    public function getToken(); // AccessToken
}
class AccessToken {
    public function getToken(); // string
    public function getExpires(); // DateTimeInterface|null
    public function isExpired(); // bool
}
class GigyaGrant implements GrantInterface {
    public function getToken() {
        if (!$this->token) {
            $this->token = $gigya->socialize->getToken();
        }
        return $this->token;
    }
}
class ManualGrant implements GrantInterface {
    public function setToken(AccessToken $token);
    public function getToken();
}
class GigyaOAuth2 implements SubscriberInterface {
    public function __construct(GrantInterface $grant);
    public function getEvents(); // sign/error
    public function sign(BeforeEvent $event) {
        $token = $this->grant->getToken();
        $event->request->addHeader('Authorization', 'OAuth ' . $token->getToken());
    }
    public function error(ErrorEvent $event) {
        if ($event->response->code == 401 && $event->request->retried == false) {
            if ($this->grant->getToken()) {
                // retry reqest
            }
        }
    }
}          

GuzzleHttp\Exception\ConnectException: cURL error 35: Unknown SSL protocol error in connection to accounts.eu1.gigya.com:443

We get this error fairly frequently and it seems like a problem that this library should be handling. From a quick google it looks like explicitly setting CURLOPT_SSLVERSION: guzzle/guzzle#1349

cc @h-bragg

• What's the difference between Client and NamespaceClient? Two clients?
• What's the difference between Accounts and AccountsTfa?
• What's the difference between getNamespace() and getMethodNamespace()?
• Why Model rather than Response?