I've been trying to implement a "Login with Yahoo" option in my PHP site. I was able to do the first step which is to get the access token, as described here: https://developer.yahoo.com/oauth2/guide/flows_authcode/
But I'm struggling to get the user data. To me their directions are not completely clear: https://developer.yahoo.com/oauth2/guide/get-user-inf/Get-User-Info-API.html
I've tried doing a call to https://api.login.yahoo.com/openid/v1/userinfo and passing the access token in a header like so: Authorization: Bearer <access_token> , I also tried passing the access token as a parameter in the url, and also as a post parameter.
Whatever i do i just get an empty string as a response. Has anyone dealt with Yahoo's user api endpoint?
This is my code (after getting access token):
$access_token = $res->access_token;
$token_type = $res->token_type;
$expires_in = $res->expires_in;
$refresh_token = $res->refresh_token;
$id_token = $res->id_token;
$host = urlencode("api.login.yahoo.com");
$userbody = "access_token=$access_token&Host=$host";
$userch = curl_init();
curl_setopt($userch, CURLOPT_URL, "https://api.login.yahoo.com/openid/v1/userinfo/");
curl_setopt($userch, CURLINFO_HEADER_OUT, true);
curl_setopt($userch, CURLINFO_HEADER, true);
curl_setopt($userch, CURLOPT_HTTPHEADER, array("GET /openid/v1/userinfo HTTP/1.1",
"Host: api.login.yahoo.com",
"Authorization: Bearer $access_token"));
curl_setopt($userch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($userch,CURLOPT_AUTOREFERER, true);
$user = curl_exec($userch);
curl_close($userch);
var_dump($user);
** EDIT **
After using postman I got the right request, you're suppossed to pass id_token as a parameter in the url (they DON'T specify this in their guide), like so:
https://api.login.yahoo.com/openid/v1/userinfo?id_token=<id_token>
And the only header needed (at least in postman) is:
Authorization: Bearer <access_token>
However, even though i get the user data in postman, i still get only an empty string in my php script. Any idea why this might be happening?
After using postman I got the right request, you're suppossed to pass id_token as a parameter in the url (they DON'T specify this in their guide), like so:
https://api.login.yahoo.com/openid/v1/userinfo?id_token=<id_token>
And the only header needed (at least in postman) is:
Authorization: Bearer <access_token>
I've noticed that this situation occurs with old Yahoo apps. I had one created 4+ years ago.
Just create a new Yahoo app , and update the credentials.
Related
I need to retrieve order information from an API. This API needs to be authenticated to get a session token, which is used in all other API requests. Im not sure how to construct this request to include both an authentication and the request I want to make. Below is from the documentation:
The authenticate API returns a session token that is required to
access any of the other APIs. APIs require an HTTP header of
Authorization and a value of Bearer {session-token}
Sample Authenticate Request: https://api.whatever.com/api/v5/authenticate?apiKey=my-API-key Which returns:
{
"sessionToken":"UniqueSessionTokenHere"
}
Sample request I need to make: https://api.whatever.com/api/v5/inventory?itemNumber=ABC12345
Which should return inventory information but is just returning this message:
Authorization has been denied for this request.
How can I combine these to allow me to make the inventory request I need to make? I assume I would use cURL, but I cant quite figure it out.
You can use curl_setopt() with CURLOPT_HTTPHEADER to set custom headers.
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "http://www.google.co.in");
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'sessionToken:UniqueSessionTokenHere'
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($curl);
curl_close($curl);
Previously I have been able to access the Facebook OAuth services through cURL in PHP. However, I am now getting a 2500 error (In this case An active access token must be used to query information about the current user.). I can access the information by using the URL straight through my web browser, however when I try to access it with cURL in PHP it doesnt work. I am using Facebook API v1.0, and the token is being generated with the Graph API Explorer.
What I have tried
I have tried creating a new access token, as well as tried using Facebook API v2.0 and the unversioned API. As I said above, I have tried using the exact same URLs in my browser, which works. I have also tried clearing cookies and trying again, as well as trying a whole different browser.
I have seen some of the other questions on SO which relate to this question but none of the answers work for me.
The code
The URL I am using is simply a call to the /me/home edge.
https://graph.facebook.com/v1.0/me/home/?since=1402913078&until=1402913213&access_token=<access token here>
Where <access token here> is the access token
The PHP cURL code looks like the following:
$url = "<the url here>";
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($ch);
// get the response here...
It turns out that the actual URL being requested by cURL was different to the one that should have been being requested (the GET parameters were missing). This was caused by another location in the code.
To verify that the URL that is being requested is the same as the one passed to cURL, use the following code:
$requested_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
I'm trying to create an application on LinkedIn that's using OAuth2 for authentication and am running into some errors. The client runs on an iOS device and uses an oAuth library to make a call to LinkedIn's servers. My iOS client successfully gets the authorization_code. The client application then passes that authorization_code to my server, which attempts to connect to linkedIN again and get the access_token. This step consistently fails, I get the following error from LinkedIn: {"error":"invalid_request","error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : client_id"}
My POST method to LInkedIN does contain the client_id, it only contains it once, and I've triple checked the values for all the parameters, they are correct. I've also reset the access multiple times from https://www.linkedin.com/secure/settings and I've even created additional applications on LinkedIn, I keep getting the same result.
I've checked other responses, such as this one: unable to retrieve access token linkedin api and tried the suggestions: revoke keys, request new keys etc, nothing seems to be working.
Here is my server code:
$tokenURL = 'https://www.linkedin.com/uas/oauth2/accessToken';
$redirectURL = 'https://staging.textsuggestions.com';
$clientId = '75a4ezqh741sup';
$clientSecret = 'XXXXXXXX';
$tokenArguments = array("grant_type" => "authorization_code",
"code" => $code,
"redirect_uri" => $redirectURL,
"client_secret" => $clientSecret,
"client_id" => $clientId);
// send the request to the server getting data
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $tokenURL);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $tokenArguments);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = json_decode(curl_exec($ch), true);
curl_close($ch);
if (!empty($response["error"])) {
error_log("Error is: " . $response["error"]);
exit (0);
} else {
// no error, get the access_token and do stuff with it
$timeout = $response["expires_in"];
$access_token = $response["access_token"];
}
Ok I realized what I was doing wrong, the client application library that I was using was generating the full access token (not the auth code). So I was trying to pass in the access token in the place of the auth code. The error that I was getting from Linked In was certainly misleading and I should have checked the client library I was using more carefully.
Have you tried to check your code against this code sample?
https://developer.linkedin.com/documents/code-samples
Check that the POST headers include "Content-Type": "application/x-www-form-urlencoded".
Following this guide, I'm trying to retrieve a Youtube user's subscriptions. I am able to get the user's authentication token, however I don't know HOW to actually send it with my cURL request. The docs just say this:
To request a feed of the currently logged-in user's subscriptions,
send a GET request to the following URL. Note: For this request, you
must provide an authorization token, which enables YouTube to verify
that the user authorized access to the resource.
https://gdata.youtube.com/feeds/api/users/default/subscriptions?v=2
When I send the request without the token I get the 401 user authentication required error. I can't find any information on how to send the token. Here's my current code:
$ch_subs = curl_init();
curl_setopt($ch_subs, CURLOPT_URL, 'https://gdata.youtube.com/feeds/api/users/default/subscriptions?v=2');
curl_setopt($ch_subs, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch_subs, CURLOPT_SSL_VERIFYPEER, false);
$subs_return = curl_exec($ch_subs);
curl_close($ch_subs);
Thanks in advance for any help.
Look to this guide:
https://developers.google.com/youtube/2.0/developers_guide_protocol#OAuth2_Calling_a_Google_API
You need to add a header containing: Authorization: Bearer ACCESS_TOKEN
$headers = array('Authorization: Bearer ' . $access_token);
curl_setopt($ch_subs, CURLOPT_HTTPHEADER, $headers);
You can also pass the token as part of the Get request:
curl_setopt($ch_subs, CURLOPT_URL, 'https://gdata.youtube.com/feeds/api/users/default/subscriptions?v=2&access_token=' . $access_token);
I'm experimenting with some basic AuthSub authorization to test out the Google Data API (I'm interested in using the Picasa API). I'm having trouble getting my head around the steps involved in going from requesting the authorization token, to getting the URL with the token, to actually making requests to the server using the token.
Can someone please give me an idea of how I would take the token and then make a request to the server using PHP? Will there have to be Javascript involved?
Also, on a super basic level, when the Google example spells out the following, what language is it, and where would it actually appear like this in code?
GET https://www.google.com/accounts/accounts/AuthSubSessionToken
Authorization: AuthSub token="yourAuthToken"
Thanks for the help, and I'm happy to clarify since I understand these are broad questions.
GET https://www.google.com/accounts/accounts/AuthSubSessionToken
Authorization: AuthSub token="yourAuthToken"
This is the HTTP request that you should be making, and the example above means that you should include the Authorization field in the headers of an HTTP GET request that you will be making, independent of the language.
You can use PHP's cURL to make this request,
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/accounts/accounts/AuthSubSessionToken");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); # return output as string instead of printing it out
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: AuthSub token="yourAuthToken"');
$response = curl_exec($ch);
Where is the code that you are using so far?