<?php
$client_id = "XXXXXXXXX1";
$client_secret = "XXXXXXXXXX2";
$redirect_URI = "XXXXXXXXX3";
$auth_code = htmlspecialchars($_GET["code"]);
$post_field_array = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'grant_type' => 'authorization_code',
'code' => $auth_code,
'redirect_uri' => $redirect_uri,
'scope' => 'basic genomes');
$post_fields = '';
foreach ($post_field_array as $key => $value)
$post_fields .= "$key=" . urlencode($value) . '&';
$post_fields = rtrim($post_fields, '&');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.23andme.com/token/');
curl_setopt($ch, CURLOPT_POST, count($post_field_array));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$encoded_json = curl_exec($ch);
$response = json_decode($encoded_json, true);
$access_token = $response['access_token'];
print $access_token;
?>
This script is run from the same URL as $redirect_URI, per the specifications of the 23andMe API (https://api.23andme.com/docs/authentication/). However, no matter what I try, the script simply outputs nothing. What am I doing wrong here?
I do not know why it doesn't work but I would suggest you to do some debugging. Start with
print_r($encoded_json)
(or use var_dump) and see what the output of that might be. Does curl_exec fail?
Try setting the verbose flag to curl and see if that will throw any errors(warnings) that can push you towards the issue
curl_setopt($ch, CURLOPT_VERBOSE, true);
First up, I get these 3 notices,
code doesn't exist unless I pass it on the querystring, redirect_uri has different case in both uses, access_token probably doesn't exist, because an error authenticating occurred
Notice: Undefined index: code in test.php on line 6
Notice: Undefined variable: redirect_uri in test.php on line 13
Notice: Undefined index: access_token in test.php on line 29
<?php
$client_id = "XXXXXXXXX1";
$client_secret = "XXXXXXXXXX2";
$redirect_uri = "XXXXXXXXX3"; // FIXED VARIABLE NAMING HERE
$auth_code = htmlspecialchars($_GET["code"]);
$post_field_array = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'grant_type' => 'authorization_code',
'code' => $auth_code,
'redirect_uri' => $redirect_uri,
'scope' => 'basic genomes');
$post_fields = '';
foreach ($post_field_array as $key => $value)
$post_fields .= "$key=" . urlencode($value) . '&';
$post_fields = rtrim($post_fields, '&');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.23andme.com/token/');
curl_setopt($ch, CURLOPT_POST, count($post_field_array));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$encoded_json = curl_exec($ch);
$response = json_decode($encoded_json, true);
// DUMP RESPONSE IF ERROR OCCURS, ACCESS WON'T EXIST
var_dump($response);
$access_token = $response['access_token'];
print $access_token;
Related
I have a very strange problem, here is my code :
function myFunction($id, $name, $secret) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.myurl.com/api');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query(
array(
'Client_id' => $id,
'Client_secret' => $secret, // $secret = Ve6UZ0cox=ry?2F9>qegmB:NCh?EQS?]cKmkjeHjS=3t1=E<RJ
'Client_name' => $name
)));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$results = curl_exec($ch);
$results = json_decode($results, true);
print_r($results);
curl_close ($ch);
// curl_close($curl);
return $results['Token_type'].' '.$results['Access_token'];
}
The code above doesn't work, probably due to special chars in $secret.
But, when I directly write the $secret value, it works!
curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query(
array(
'Client_id' => $id,
// Now, it works!
'Client_secret' => 'Ve6UZ0cox=ry?2F9>qegmB:NCh?EQS?]cKmkjeHjS=3t1=E<RJ'
'Client_name' => $name
)));
Conclusion:
'Client_secret' => $secret // Doesn't work
'Client_secret' => 'Ve6UZ0cox=ry?2F9>qegmB:NCh?EQS?]cKmkjeHjS=3t1=E<RJ' // Work!
And yes, I tried this: die($secret);, which displays Ve6UZ0cox=ry?2F9>qegmB:NCh?EQS?]cKmkjeHjS=3t1=E<RJ as well.
What can you do please? Thank you for helping. ;-)
Cheers,
Seb
Once the Uber user authenticates and authorizes my app, i am receiving an authorization code but i am unable to exchange authorization code for an access_token.
I am trying to fetch current trip info using :
https://developer.uber.com/docs/trip-experiences/references/api/v1-requests-current-get
// uber.php
echo $_GET['code']."<br>";
$token = curl_init();
$param = array(
'client_secret' => 'xxxxxxxxxxxxxx',
'client_id' => '_xxxxxxxxxxxxxxxxxxxxxx',
'grant_type' => 'authorization_code',
'redirect_uri' => 'http://localhost/uber/uber.php', // (the same as in app settings)
'code' => "{$_GET['code']}"
);
$postData = '';
foreach($param as $k => $v)
{
$postData .= $k . '='.urlencode($v).'&';
}
$postData = rtrim($postData, '&');
curl_setopt($token, CURLOPT_URL, 'https://login.uber.com/oauth/v2/token');
curl_setopt($token, CURLOPT_HEADER, true);
curl_setopt($token, CURLOPT_RETURNTRANSFER, true);
curl_setopt($token, CURLOPT_POST, true);
curl_setopt($token, CURLOPT_POSTFIELDS, $postData);
$returned_token = curl_exec($token);
curl_close($token);
echo "<hr>";
echo $returned_token;
echo "<hr>";
I am getting a blank output.
addded this :
curl_setopt($token, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
and the problem was solved... :-)
I need to get my access_token and refresh_token for OAuth 2.0 to Access Google APIs, the php script below should return a json with access_token, refresh_token like this:
{
"access_token" : "####",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "####"
}
but, the php script return me only this error message:
{
"error" : "invalid_request",
"error_description" : "Client must specify either client_id or client_assertion, not both"
}
I tried to remove client_secret/client_id and use only client_id/client_secret, but still get the same error.
PHP script
$client_id = '###.apps.googleusercontent.com';
$redirect_uri = 'http://localhost/phpConnectToDB/csv/refreshFusionTable.php';
$client_secret = '###';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/token");
$code = $_REQUEST['code'];
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'code' => $code,
'client_id' => $clientID,
'client_secret' => $clientSecret,
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code'
));
$data = curl_exec($ch);
var_dump($data);
Although curl in cmd works and returns me access and refresh token without any errors.
curl --data "code=###&client_id=###.apps.googleusercontent.com&client_secret=###&redirect_uri=http://localhost/phpConnectToDB/csv/refreshFusionTable.php&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token
I don't understand why I get the missing scheme error, although the .php script exists and it's located on the given path. Could you help me please ?
EDIT Problem with "Invalid parameter value for redirect_uri: Missing scheme" solved, I just replaced 'redirect_uri' => urlencode($redirect_uri), with this 'redirect_uri' => $redirect_uri, in CURLOPT_POSTFIELDS.
Wow, stupid mistake, I should have a rest.
The variables names don't match.
I defined:
$client_id = '###.apps.googleusercontent.com';
$client_secret = '###';
But here I used an non-existing clientID and clientSecret :
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'code' => $code,
'client_id' => $clientID,
'client_secret' => $clientSecret,
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code'
));
Fixed and working PHP script
$client_id = '###.apps.googleusercontent.com';
$redirect_uri = 'http://localhost/phpConnectToDB/csv/refreshFusionTable.php';
$client_secret = '###';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/token");
curl_setopt($ch, CURLOPT_POST, TRUE);
$code = $_REQUEST['code'];
// This option is set to TRUE so that the response
// doesnot get printed and is stored directly in
// the variable
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'code' => $code,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code'
));
$data = curl_exec($ch);
var_dump($data);
But I have to say that google provides a little misleading error message here, because I hadn't defined client_id nor client_secret and the error message was:
{
"error" : "invalid_request",
"error_description" : "Client must specify either client_id or client_assertion, not both"
}
I want to create a webhook url for pitifuller form by id here is my code i don't know what is my mistake
define('CLIENT_ID', 'client_id');
define('CLIENT_SECRET', 'client_secret');
define('REDIRECT_URL', 'redirect url'); // for testing, use the URL to this PHP file.
define('AUTHORIZE_URL', 'https://www.formstack.com/api/v2/oauth2/authorize');
define('TOKEN_URL', 'https://www.formstack.com/api/v2/oauth2/token');
$ch = curl_init(TOKEN_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'grant_type' => 'authorization_code',
'client_id' => CLIENT_ID,
'redirect_uri' => REDIRECT_URL,
'client_secret' => CLIENT_SECRET,
'id' => 'id', // here is my id
'url' => 'web_hook_url' // here is my webhook url which i want to create
)));
// oauth2 contains the the access_token.
$oauth2 = json_decode(curl_exec($ch));
You did mistake in your CURL call, currently you are pass post data in GET form and you need to pass Like this(POST form/:id/webhook), and you can do this:
$ch = curl_init('https://www.formstack.com/api/v2/form/your-form-id/webhook');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: Bearer ' . $oauth2->access_token
));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'id' => $_POST['id'],
'url' => 'http://www.getbravo.com/formstack/index.php',
'append_data' => '1'
)));
and you get response like this
$forms = json_decode(curl_exec($ch));
print '<pre>';
print_r($forms);
print '</pre>';
I keep getting this error when I try to use OAuth with Disqus:
{"error_description":"Invalid parameter: redirect_uri","error":"invalid_grant"}
My Code looks like this- Example 1:
$oauth2token_url = 'https://disqus.com/api/oauth/2.0/access_token/';
$redirect_uri = 'http://www.example.com/';
$clienttoken_post = array(
"grant_type" => 'authorization_code',
"client_id" => PVConfiguration::getConfiguration('disqus') -> public_key,
"client_secret" => PVConfiguration::getConfiguration('disqus') -> private_key,
"redirect_uri" => $redirect_uri,
"code" => $this -> registry -> get['code']
);
$curl = curl_init($oauth2token_url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
print_r($json_response);
Or this - Example 2:
$url = 'https://disqus.com/api/oauth/2.0/access_token/';
$fields = array(
'grant_type' => 'authorization_code',
'client_id' => PVConfiguration::getConfiguration('disqus') -> public_key,
'client_secret' => PVConfiguration::getConfiguration('disqus') -> private_key,
'redirect_uri' => 'http://www.example.com/',
//'scope' => 'read,write,email',
'code' => $this -> registry -> get['code'],
);
$fields_string = '';
//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
print_r($result);
exit();
Can anyone provide any direction?
Figured it out. Documentation is here:
https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
But the problem stems from bad api error message. The redirect uri to get the code must be the exact same uri when requesting authorization.