PHP CURL unable to get Authorization Code "Error: Invalid Request"
2,131 views
Skip to first unread message
Brent Leavitt
Aug 6, 2012, 11:15:22 AM8/6/12
to oauth...@googlegroups.com
Greetings,
Greetings I'm using the OAuth 2.0 log-in module to allow users to login to my website and so I can get some basic information (name, email, locality). I'm using the Web Server approach to processing the authorization request. Perhaps I'm making this all too complicated but here's where I'm at, and why I'm doing it this way:
First, I've tried to implement the "Google APIs Client Library for PHP" to use the pre-built class first, but came to impasse because of the apiClient::setDeveloperKey(); property. At least, I think that's where the hangup was, because I read in the help documentation that:
If I'm total reading this wrong, I'd be open to exploring this option again, but have abandoned it for the moment.
Here's how I've chosen to proceed. I am able to successfully receive the Authorization Code back from the OAuth framework. However, I'm having trouble forming the POST request to get the authorization token. Right now, I am getting this response back from the OAuth server:
I'm suspecting the issue is with the way that I've assembled the CURL request (as this is new to me), but not sure.
Here's the string that I'm sending:
Here's how I'm assembling the CURL request (not sure about all these settings):
There only other thing that I can think of that might be relevant at this point is that I'm processing all this over an unsecured connection on my end (no SSL cert yet). Any help is appreciated.
Thanks,
Brent
Greetings I'm using the OAuth 2.0 log-in module to allow users to login to my website and so I can get some basic information (name, email, locality). I'm using the Web Server approach to processing the authorization request. Perhaps I'm making this all too complicated but here's where I'm at, and why I'm doing it this way:
First, I've tried to implement the "Google APIs Client Library for PHP" to use the pre-built class first, but came to impasse because of the apiClient::setDeveloperKey(); property. At least, I think that's where the hangup was, because I read in the help documentation that:
"However, if your application already uses an OAuth 2.0 access token, then there is no need to generate an API key as well. In fact, Google ignores passed API keys if an OAuth 2.0 access token is already associated with the corresponding project."
If I'm total reading this wrong, I'd be open to exploring this option again, but have abandoned it for the moment.
Here's how I've chosen to proceed. I am able to successfully receive the Authorization Code back from the OAuth framework. However, I'm having trouble forming the POST request to get the authorization token. Right now, I am getting this response back from the OAuth server:
string(387) "HTTP/1.1 400 Bad Request
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Mon, 06 Aug 2012 14:35:32 GMT
Content-Type: application/json
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Transfer-Encoding: chunked
{
"error" : "invalid_request"
}"I'm suspecting the issue is with the way that I've assembled the CURL request (as this is new to me), but not sure.
Here's the string that I'm sending:
?code=4/jCjsHJScBDkGMikD-BHJntaW5Q8t.wpfikJZY_yoVuJJVnL49Cc_UHL34cQI&client_id=316688784512.apps.googleusercontent.com&client_secret=**********************&redirect_uri=http://example.com/alpha/patron/check-in/google/auth&grant_type=authorization_code
Here's how I'm assembling the CURL request (not sure about all these settings):
$cg = curl_init('https://accounts.google.com/o/oauth2/token');
curl_setopt($cg, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cg, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($cg, CURLOPT_FAILONERROR, false);
curl_setopt($cg, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($cg, CURLOPT_HEADER, true);
curl_setopt($cg, CURLOPT_POST, true);
curl_setopt($cg, CURLOPT_POSTFIELDS, $cg_fields);
//curl_setopt($cg, CURLOPT_);
//curl_setopt($cg, CURLOPT_RETURNTRANSFER, true);
$curlResult = curl_exec($cg);
There only other thing that I can think of that might be relevant at this point is that I'm processing all this over an unsecured connection on my end (no SSL cert yet). Any help is appreciated.
Thanks,
Brent
Brent Leavitt
Aug 6, 2012, 12:58:06 PM8/6/12
to oauth...@googlegroups.com
Just to build on what I had previously posted:
I've realized that I needed to URL Encode parts of the input string. Yet still, I am getting the same message. Here's how the outbound headers look:
(I've obviously modified the redirect_uri and the client secret.) It's all running on a SSL secure connection now as well, but still it returns the same error message. Any help?
Thanks,
Brent
I've realized that I needed to URL Encode parts of the input string. Yet still, I am getting the same message. Here's how the outbound headers look:
CURL INFO DUMP:array(21) {
["url"]=>
string(42) "https://accounts.google.com/o/oauth2/token"
["content_type"]=>
string(16) "application/json"
["http_code"]=>
int(400)
["header_size"]=>
int(354)
["request_size"]=>
int(416)
["filetime"]=>
int(-1)
["ssl_verify_result"]=>
int(0)
["redirect_count"]=>
int(0)
["total_time"]=>
float(0.081428)
["namelookup_time"]=>
float(0.00212)
["connect_time"]=>
float(0.011229)
["pretransfer_time"]=>
float(0.047346)
["size_upload"]=>
float(0)
["size_download"]=>
float(33)
["speed_download"]=>
float(405)
["speed_upload"]=>
float(0)
["download_content_length"]=>
float(0)
["upload_content_length"]=>
float(0)
["starttransfer_time"]=>
float(0.081413)
["redirect_time"]=>
float(0)
["request_header"]=>
string(416) "POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Accept: */*
Content-Length: 273
Content-Type: application/x-www-form-urlencoded
?code=4%2FPI4zoHM3HAr3jtr6WPyKT3bKnGW0.YsXBjHp14fMXuJJVnL49Cc_W37T5cQI&client_id=316688784512.apps.googleusercontent.com&client_secret=**********************&redirect_uri=https%3A%2F%2Fexample.com%2Falpha%2Fpatron%2Fcheck-in%2Fgoogle%2Fauth&grant_type=authorization_code"
}(I've obviously modified the redirect_uri and the client secret.) It's all running on a SSL secure connection now as well, but still it returns the same error message. Any help?
Thanks,
Brent
Chirag Shah
Aug 6, 2012, 3:44:12 PM8/6/12
to oauth...@googlegroups.com
Hey Brent,
On Monday, August 6, 2012 8:15:22 AM UTC-7, Brent Leavitt wrote:
The setDeveloperKey method is indeed optional in the Google APIs Client Library for PHP.
You'll also want to look at the userinfo sample app since it demonstrates how to use the userinfo API to fetch basic information about the user.
It is bundled with the SDK under examples/userinfo/index.php
On Monday, August 6, 2012 8:15:22 AM UTC-7, Brent Leavitt wrote:
Brent Leavitt
Aug 7, 2012, 11:43:09 AM8/7/12
to oauth...@googlegroups.com
Thanks Chirag,
As suggested, I setup the UserInfo sample, and that was working just fine. Now I'm trying to incorporate this into my app's workflow, and it's getting stuck on the authenticate method for the Client class. I get this error message:
I'm taking a break for a couple of hours to run to a meeting, so I'm not done debugging this, but this is about as far as I had gotten before. I'm not sure what causes the "invalid grant" error.
Thanks,
Brent
As suggested, I setup the UserInfo sample, and that was working just fine. Now I'm trying to incorporate this into my app's workflow, and it's getting stuck on the authenticate method for the Client class. I get this error message:
Error fetching OAuth2 access token, message: 'invalid_grant''
I'm taking a break for a couple of hours to run to a meeting, so I'm not done debugging this, but this is about as far as I had gotten before. I'm not sure what causes the "invalid grant" error.
Thanks,
Brent
Chirag Shah
Aug 7, 2012, 12:31:31 PM8/7/12
to oauth...@googlegroups.com
This error usually happens if you try to exchange the same authorization code for an access token more than once. You might have a lingering authorization code in the "code" query parameter.
--To view this discussion on the web visit https://groups.google.com/d/msg/oauth2-dev/-/6pP5W3rLEk0J.
You received this message because you are subscribed to the Google Groups "oauth2-dev" group.
To post to this group, send email to oauth...@googlegroups.com.
To unsubscribe from this group, send email to oauth2-dev+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/oauth2-dev?hl=en.
Brent Leavitt
Aug 7, 2012, 1:18:41 PM8/7/12
to oauth...@googlegroups.com
Perfect!
Taking a break allowed the session to reset itself and with your lead here, I was able to make sense of what was going on. I'm able to process the request now with a token being sent back and all the additional information and am moving forward.
Thank you Chirag for your suggestions! That's all I needed.
Regards,
Brent
On Tuesday, August 7, 2012 9:31:31 AM UTC-7, Chirag Shah wrote:
Taking a break allowed the session to reset itself and with your lead here, I was able to make sense of what was going on. I'm able to process the request now with a token being sent back and all the additional information and am moving forward.
Thank you Chirag for your suggestions! That's all I needed.
Regards,
Brent
On Tuesday, August 7, 2012 9:31:31 AM UTC-7, Chirag Shah wrote:
This error usually happens if you try to exchange the same authorization code for an access token more than once. You might have a lingering authorization code in the "code" query parameter.
Rajat
Nov 23, 2012, 1:14:41 AM11/23/12
to oauth...@googlegroups.com
Hey Chirag,
Can you please tell me how do I get rid of this error of exchanging the same code for an access token more than once. I have been Googling for quite sometime now, but no luck!!
Thanks,
Rajat
Can you please tell me how do I get rid of this error of exchanging the same code for an access token more than once. I have been Googling for quite sometime now, but no luck!!
Thanks,
Rajat
Reply all
Reply to author
Forward
0 new messages