I made the change suggested and am still receiving a similar error:
{"error":"invalid_request","error_description":"invalid grant type"}
This error is likely to happen if the url-encoding is not set properly. The updated code is below
Any help would be greatly appreciated!
<?php
$client_id = '...';
$redirect_uri = 'http://website.com/foursquare2.php';
$client_secret = '...';
$code = $_REQUEST['code'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_URL, "https://id.shoeboxed.com/oauth/token");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'grant_type' => 'authorization_code',
'code' => $code,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri
));
$response = curl_exec($ch);
$err = curl_error($ch);
curl_close($ch);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
?>
your code is sending the data in multipart/form-data format. when you give CURLOPT_POST an array, curl will automatically encode the data in that array in the multipart/form-data format. then you tell the server, with your header, that this data is in application/x-www-form-urlencoded format, and the server will try to parse it as such, and fail, thus your received error.
first off, get rid of curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded')); altogether. if you're using application/x-www-form-urlencoded, php/curl will automatically add that header for you, and unlike you, php/curl won't make any typos (the devs got automated test suits to make sure this stuff is correct before every release), likewise, if you're using multipart/form-data format, php/curl will add that header for you, so don't add those 2 specific headers manually.
if you want to use the multipart/form-data format, just get rid of the header saying otherwise. but if you want to use application/x-www-form-urlencoded format, PHP has a built-in function to encode to this format, called http_build_query, so do
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'grant_type' => 'authorization_code',
'code' => $code,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri
)));
(and also get rid of the content-type header, it will be added automatically.)
Related
I am trying to create a login page, but with discord oauth2, so users will log in using discord, The problem is that i get this error:
Notice: Trying to get property 'access_token' of non-object
Here is the part of the code with the error:
if(get('code')) {
// Exchange the auth code for a token
$token = apiRequest($tokenURL, array(
"grant_type" => "authorization_code",
'client_id' => OAUTH2_CLIENT_ID,
'client_secret' => OAUTH2_CLIENT_SECRET,
'redirect_uri' => 'https://site.website/login.php', //The url is changed by me as i do not want people going in the website
'code' => get('code')
));
$logout_token = $token->access_token;
$_SESSION['access_token'] = $token->access_token;
}
And here is the function that sends the request
function apiRequest($url, $post=FALSE, $headers=array()) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$response = curl_exec($ch);
if($post)
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
$headers[] = 'Accept: application/json';
if(session('access_token'))
$headers[] = 'Authorization: Bearer ' . session('access_token');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
return json_decode($response);
}
I would like to say that I do not know much about php, as I am still learning
the json_decode function returns false if the response is not a correctly JSON formatted string, there is nothing apparently wrong with your curl but maybe the response you are gettiing from the site is a simple string as an Error and not an error formatted as a json string
I am using the following code to request a token from a IdentityServer, which uses OpenID protocol:
$curl = curl_init( 'https://remoteserver.com/connect/token' );
curl_setopt( $curl, CURLOPT_POST, true );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1);
$code = $_GET['code']; // The code from the previous request
$redirect_uri = 'http://mycalldomain.com/test.php';
curl_setopt( $curl, CURLOPT_POSTFIELDS, array(
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code'
) );
curl_setopt( $curl, CURLOPT_USERPWD,
"MYCLIENTID" . ":" .
"MYCLIENTSECRET");
$auth = curl_exec( $curl );
print '$auth = ';print_r($auth); // to see the error
$secret = json_decode($auth);
$access_key = $secret->access_token;
Is outputing the following error:
$auth = {"ErrorMessage":"Unsupported Mediatype"}
Can someone guide on this please?
You should provide a Content-Type HTTP header that the resource you're POSTing things accepts, by adding something like this:
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
That will make it JSON (as an example!), and your output data (CURLOPT_POSTFIELDS) must correspond to the Content-Type you choose.
Currently, the Content-Type is "multipart/form-data", as per the PHP documentation:
If value is an array, the Content-Type header will be set to multipart/form-data.
If you want to use the Content-Type "application/x-www-form-urlencoded", then in addition to setting that as the Content-Type, you have to give CURLOPT_POSTFIELDS in that format too. Being a web development language, PHP has a built-in function http_build_query for encoding arrays in that format:
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query(array(
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code'
)));
everyone, i am requesting data from some other website but I am unable to request through curl it shows error 500 but when I do the same request through chrome RESTED extension it shows me output
$url = "XXXXXXXXXXX";
// what post fields?
$fields = array(
'roll_number' => '123456',
'full_name' => 'aaaaaa',
'mother_name' => 'bbbbbbb',
'_token' => 'xxxxxxxxxxxxxxxx'
);
// build the urlencoded data
$postvars = http_build_query($fields);
// open connection
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$postvars);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
Request should be by post method and data should be JSON encoded or URL encoded I have tried both but none of them worked
Not sure if this is the cause, but shouldn't your HTTPHEADER be application/json? Also, you're not encoding the data as JSON - you might need to change $postvars = http_build_query($fields); to $postvars = json_encode($fields);
I'd also take a look at https://lornajane.net/posts/2011/posting-json-data-with-php-curl
I hope someone can help me here:
I have an application which should use the Spotify API. But after request the authorization itself, I am stuck at requesting a token. Related code follows:
function post($content, $url,$clientId,$clientSecret)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $content);
curl_setopt($ch, CURLOPT_HTTPHEADER,
array(
'Content-Type: application/x-www-form-urlencoded',
'Authorization: Basic '.base64_encode($clientId).':'.base64_encode($clientSecret)));
return curl_exec($ch);
}
$clientId="4df42e27a76d41f9961b0952102fexxx";
$clientSecret="3088a8b6132b40dc980540880cf5bxxx";
$content=array(
'grant_type' => 'authorization_code',
'code' => $_GET["code"],
'redirect_uri' => 'http%3A%2F%2Fhome.xxx.de%2Ftoken.php',
);
echo post($content,"https://accounts.spotify.com/api/token",$clientId,$clientSecret);
Unfortunatly, the result is {"error":"invalid_client"} and i have no idea why...
Authorization
Required.
Base 64 encoded string that contains the client ID and client secret key. The field must have the format:
Authorization: Basic <base64 encoded client_id:client_secret>
I read this as base64_encode($clientId.':'.$clientSecret)
I'm following this guide to make a server side Youtube web app in PHP. I can't get past step 4. Everything up to that is good, it redirects to my script and I can obtain the authorization code no problem. However, when I try to exchange that code for an authorization token (as demonstrated in step 4), absolutely NOTHING happens. I can't find any errors, just nothing happens on my browser. My PHP script is this (private info removed):
<?php
$data = array(
'code' => $_GET['code'],
'client_id' => '[REMOVED]',
'client_secret' => '[REMOVED]',
'redirect_uri' => '[REMOVED]',
'grant_type' => 'authorization_code');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://accounts.google.com/o/oauth2/token');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$return = curl_exec($ch);
curl_close($ch);
echo $return;
?>
Maybe I'm just way over my head here, but can anyone tell me why it's not working?
try adding,
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
after CURLOPT_RETURNTRANSFER