Integration not being activated

Question

I want to create an integration with my own external application via OAuth 1.0. I have added an integration in System > Extensions > Integrations.

Callback URL: <my-external-application-url>/oauth/callback

Identity Link URL: <my-external-application-url>/oauth

When saving, it generates a Consumer Key and Consumer Secret. When I click Activate, the login screen that I created opens and everything is processed as explained on http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-oauth.html.

I get no messages or exceptions in any of the logs in Magento (debug.log, system.log, exception.log) or in any of my external application's log. After the login screen automatically closes (as it should after processing), the Access Token and Access Token Secret fields in Magento are still empty. The integration status also still says Inactive.

I can't figure out for the life of me why the integration does not get activated as I'm not seeing any error messages. I do receive the oauth_token and oauth_token_secret from Magento, which should indicate the activation was successful.

---

I am using Guzzle to handle OAuth process.

use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;
use GuzzleHttp\Subscriber\Oauth\Oauth1;

Callback function located at Callback URL

public function callback() {
    // This function is called by Magento before the user is sent to the OAuthForm.

    $oauthConsumerKey = $_POST['oauth_consumer_key'];
    $oauthConsumerSecret = $_POST['oauth_consumer_secret'];
    $storeBaseUrl = $_POST['store_base_url'];
    $oauthVerifier = $_POST['oauth_verifier'];

    /** @var \Drupal\Core\Config\Config $config */
    $config = \Drupal::service('config.factory')->getEditable('mage_ninja.settings');

    $config->set('oauth_consumer_key', $oauthConsumerKey)->save();
    $config->set('oauth_consumer_secret', $oauthConsumerSecret)->save();
    $config->set('oauth_verifier', $oauthVerifier)->save();
    $config->set('store_base_url', $storeBaseUrl)->save();

    return new Response();
  }

Submit the login form located at the Identity Link URL

public function submitForm(array &$form, FormStateInterface $form_state) {
    /** @var \Drupal\Core\Config\ImmutableConfig $config */
    $config = $this->config('mage_ninja.settings');

    /** @var string $consumerKey */
    $consumerKey = $_GET['oauth_consumer_key'];

    /** @var string $consumerCallback */
    $consumerCallback = $_GET['success_call_back'];

    /** @var string $integrationKey */
    $integrationKey = $form_state->getValue('integration_key');

    /** @var string $integrationSecret */
    $integrationSecret = $form_state->getValue('integration_secret');

    // Make sure the consumerKey sent in the request is the same as the one received from Magento
    if($config->get('oauth_consumer_key') === $consumerKey) {
      $handlerStack = HandlerStack::create();

      $middleware = new Oauth1([
        'consumer_key' => $config->get('oauth_consumer_key'),
        'consumer_secret' => $config->get('oauth_consumer_secret'),
        'verifier' => $config->get('oauth_verifier'),
        'token_secret' => '' // Must be '' for 2-legged authorization
      ]);
      $handlerStack->push($middleware);

      $client = new Client([
        'base_uri' => $config->get('store_base_url'),
        'handler' => $handlerStack,
        'auth' => 'oauth'
      ]);

      $response = $client->post('/oauth/token/request');
      $body = (string)$response->getBody();

      // Format $body into usable variables.
      // $body = 'oauth_token=hp0blt5hlel4qfq02utc03a98xkgnv7b&oauth_token_secret=0e14acixb3l5nl6io0mj4x8ek0147c83'
      $bodyArray = explode('&', $body);
      $oauthToken = explode('=', $bodyArray[0])[1];
      $oauthTokenSecret = explode('=', $bodyArray[1])[1];

      /** @var \Drupal\Core\Config\Config $config */
      $config = \Drupal::service('config.factory')->getEditable('mage_ninja.settings');

      $config->set('oauth_token', $oauthToken)->save();
      $config->set('oauth_token_secret', $oauthTokenSecret)->save();

      $form_state->setResponse(new TrustedRedirectResponse($consumerCallback));
    } else {
      throw new \Exception('Consumer key is invalid.');
    }
  }

---

Database after completing activate process (table oauth_token)

Answer 1

Figured it out myself, was a really silly mistake.

I was only getting the Request token before returning from the function, but I should've used the Request token to get an Access token and save that one.