I need to make an authorized API request to download a .zip file from a CDN which requires a client\_id and client\_secret for the request to be made. The call is successful, but the values for client\_id and client\_secret are hardcoded into the codebase which we want to avoid for security reasons and making the API more dynamic so it can work for a number of different client\_id’s and client\_secrets.
**My question:** I have gotten this to work with hardcoded values for client\_id and client\_secret, but when I try to store those values in class variables ($this->client\_id= $client\_id;$this->client\_secret = $client\_secret;) they are weirdly becoming invalid even though before I add them as headers I do an equality check to ensure they are the same values as the hard-coded values, which is really confusing me because the values are valid, but for some reason when they get added as headers they become invalid.
​
I just wanted to see if anything in my implementation sticks out to anyone that could be causing that behavior? At one point I thought wp\_remote\_get() didn’t like variables for values, but I did a test where I created new variables $id and $secret that stored the hard-coded values and those worked, so that is not the issue which makes it even more confusing to me why the class variables that are equal to the hard-coded values do not work, I dont understand why that is an issue, just wanted to share what I have figured out from trying to resolve this
​
**Code:**
function instantiateUpdateChecker($plugin_slug, $current_plugin_version, $cache_key, $client_id, $client_secret){
require_once(ABSPATH . ‘wp-admin/includes/file.php’);
// Ensures ABSPATH is defined, ensures this only executes in the context of WordPress
defined( ‘ABSPATH’ ) || exit;
if( ! class_exists( ‘helloUpdateChecker’ ) ) {
/**
* Class contains the logic for checking for an update
*/
class helloUpdateChecker{
public $plugin_slug;
public $version;
public $cache_key;
public $cache_allowed;
public $client_id;
public $client_secret;
public function __construct($current_plugin_slug, $current_plugin_version, $cache_key, $client_id, $client_secret) {
//$this->plugin_slug = plugin_basename( __DIR__ ); // Sets plugin slug to plugin name: hello-update-plugin
$this->plugin_slug = $current_plugin_slug; // Sets plugin slug to plugin name: hello-update-plugin
//$this->version = ‘1.0’; // Current version of plugin
$this->version = $current_plugin_version; // Current version of plugin
// $this->cache_key = ‘hello_custom_upd’;
$this->cache_key = $cache_key;
$this->cache_allowed = false; // Prevents caching
$this->client_id= $client_id; // Prevents caching
$this->client_secret = $client_secret; // Prevents caching
// Hooking class functions into WP hooks as callback functions
add_filter( ‘plugins_api’, array( $this, ‘info’ ), 20, 3 ); // Invoke info() function with priority 20 and 3 expected arguments
add_filter( ‘site_transient_update_plugins’, array( $this, ‘update’ )); // Invoke update() function
add_action( ‘upgrader_process_complete’, array( $this, ‘purge’ ), 10, 2 ); // Invoke purge() function with priority 10 and 2 expected arguments
}
/**
* Makes request to collect info.json file data
* @return $remote object, contains response from requesting info.json file
*/
public function request(){
$id = ‘id_value’;
$secret = ‘secret_value’;
// get_transient retrieves the value of a transient from the database
$remote = get_transient( $this->cache_key );
// If the transient doesn’t exist or has expired, lets make a new request to retrieve info.json
if( false === $remote || ! $this->cache_allowed ) { // NOTE: Since ! $this->cache_allowed always resolves to true this prevents caching (?)
if($this->client_id === $id){
echo ‘id true’ . “<br>”;
}else {
echo ‘id false’ . “<br>”;
}
if($this->client_secret === $secret){
echo ‘secret true’ . “<br>”;
}else {
echo ‘secret false’ . “<br>”;
}
echo ‘Debug: $id=’ . $id . “<br>”;
echo ‘Debug: $secret=’ . $secret . “<br>”;
// Make GET request to retrieve the response from info.json and store that response in $remote
$remote = wp_remote_get(
‘https://cdn.com/internal/plugin/info.json’,
array(
‘timeout’ => 10, // If server doesn’t respond in 10 seconds, the request times out
‘headers’ => array(
// NOTE: This is where we will add the CloudFlare headers
‘Accept’ => ‘application/json’,
//’CF-Access-Client-Id’ => ‘id_value’,
‘CF-Access-Client-Id’ => $id,
//’CF-Access-Client-Secret’ => ‘secret_value’
‘CF-Access-Client-Secret’ => $secret
)
)
);
$response_code = wp_remote_retrieve_response_code($remote);
$response_message = wp_remote_retrieve_response_message($remote);
echo “Response Code: ” . $response_code . “<br>”;
echo “Response Message: ” . $response_message . “<br>”;
// Conditional checks to prevent updating the transient value
if(
is_wp_error( $remote ) // Do not update if $remote is a WP error
|| 200 !== wp_remote_retrieve_response_code( $remote ) // Do not update if response is anything but a 200
|| empty( wp_remote_retrieve_body( $remote ) ) // Do not update if response body is empty
) {
return false;
}
// Since our response was successful, lets set the transient
set_transient( $this->cache_key, $remote, DAY_IN_SECONDS ); // Last param indicates time until expiration, good for 1 day
}
// Set $remote to JSON value of response body
$remote = json_decode( wp_remote_retrieve_body( $remote ) );
return $remote;
}
}
// Instantiate class object
new helloUpdateChecker($plugin_slug, $current_plugin_version, $cache_key, $client_id, $client_secret);
}
}
​
[ad_2]
Have you checked that there are any actual values, when they’re invalid?