Me again ;-p

Could you please publish a new release? v1.0.1 maybe?

Does the new version have any compatibility issues with the signplz ?

The CHANGELOG lists the latest version as 5.1.0, as it introduced the new feature of being able to specify a prefix, though the currently tagged version is 5.0.1

It'd be great to have them lined up with each other 😄

Please see my fork for fixes,
During slow connection timestamps did not match as guest timestamp was compared against host timestamps when host timestamp was generated locally and used in signature generation while it should only be generated and used to compare timedifference between guest and local timestamps as allowed difference is set in in Guard/CheckTimestamp $grace.

Just thought I'd gauge your opinion on this one before I go and make a pull request.

Seems to me like Request::payload() and Request::signature() methods should both be private or (or protected). The example in the docs is something like:

$request = new Request('GET', 'users');
$request->sign(new Token('foo', 'bar'));

Since payload and signature methods aren't referenced here, they seem to be internal implementation details that the end-user of Signature shouldn't need to know about.

The "real" public API is the constructor, and the sign method.

Making these internal functions public will simplify testing and means fewer BC breaks since there'll be fewer public methods, thus allowing for greater freedom during refactoring.

Obviously this'll be another (sorry) BC break, if I turn this into a PR, bumping the release to 5.0.0. If you're on board, I'm happy to make a pull request for it. 👍

Travis shows the latest build as failing: https://travis-ci.org/philipbrown/signature-php/jobs/60657483

Looks like this was an issue in HHVM/PHPUnit, which is now fixed. I think all you'll have to do is manually hit "Restart Build" in Travis, and it should pull down the latest version of PHPUnit and pass.

Can you give it a shot for me? 😄

What is this parameter for? The lack of documentation is making the use of the library hell. No offense.

Hi all,

Thanks for this package. I was wandering how to mannage the storing of the user key/secret. Plain text seems to be a bad idea. How do you mannage this part of the signature-php implementation in you api ?

Best regards.

in this line right here you are setting all keys to be lower case https://github.com/philipbrown/signature-php/blob/master/src/Request.php#L79. Is this part of the HMAC spec or any reason it was done this way? Ran into some issues when generating a signature in another language and tracked the issue down to a param called "aThing".

In function:

private function payload(array $auth, array $params)
{
$payload = array_merge($auth, $params);
array_change_key_case($payload, CASE_LOWER);
ksort($payload);
return $payload;
}

array_change_key_case is doing nothing, because this function don't update the array inplace, returns a copy: http://php.net/manual/en/function.array-change-key-case.php