I've built an app that connects to Quickbooks using OAuth 2 with the official Quickbooks PHP SDK.
I get two tokens:
Access token (Expiring after 60 minutes)
Refresh token (Expiring after 100 days)
The Refresh token is used to get a new Access token.
However, by requesting a new access token I also receive a new refresh token that I save in the database.
The previous refresh token will be forced to expire. But the new refresh token is invalid already.
I have built a CRON job that request a new refresh token every 15 minutes. I do get a new refresh token but this one is invalid (Error : "invalid_grant"). (See the code below)
What am I doing wrong here ?
$dataService->setMinorVersion("9");
$OAuth2LoginHelper = $dataService->getOAuth2LoginHelper();
$accessToken = $OAuth2LoginHelper->refreshToken();
$dataService->updateOAuth2Token($accessToken);
$token->previous_token = $token->last_token;
$token->last_token = $accessToken->getRefreshToken();
if($token->last_token != $token->previous_token){
if($token->save()){
mail('mymail', 'New token !', "Token updated!!!!");
}
}
Related
As per sdk documentation.
https://intuit.github.io/QuickBooks-V3-PHP-SDK/authorization.html
"That is what refresh token used for. It is used to request a new access token after access token expired, so you can still access to the QBO company after an hour. Just remember, whenever you make a refreshToken API call, always STORE THE LATEST REFRESH TOKEN value in your session or database"
This is the case: So my access token is expired I need to get a new one I'll run the code below.
$loginHelper = new OAuth2LoginHelper($this->clientID, $this->clientSecret);
$token = $loginHelper->refreshAccessTokenWithRefreshToken($this->refreshToken);
Then the token variable in code above will give me the new access token using this code.
$token->getAccessToken();
It was successful I have the new access token now.
However, seems refresh token is not changing quickbooks said "STORE THE LATEST REFRESH TOKEN" but the $token obj returns are the same.
My refresh token use to request new access token is:
string(50) "Q011532218006WxAY7UnIdulGDJAcgnaoTi7pIkHVaaQld9Me3"
then the return of my request:
QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken Object
(
[accessTokenKey:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] => eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..llxj6kOGCzFiqBShGPUtbg.rNbEdMvhD0iER3z4IwB-azYbbk9givKxtaiDh7Uch8HbmZLkF7-xckpgiMDk8V5lYwYOCfP1EaPFa0iJlpbNPZdT7RBfPIkEqotTVfP0UNPwC13a37PpYHOvg_Sxbp_5GuOvdIa1RVskn4tY_FIOaCVnTaxuDF4MWNKOxsitHEoYxzVVcdqigTWri9yfIA6ZqO2vTAc92iTsa30L9jYcFeEdaNVaPt7zyM-y_FzY2W72uq8fyYjpv-fmvWMwv94pCJ6VoV82rM7OmLh5sOWORKfcZJ0xDLMrKddUPnA0GVl3mb3E6D-JyQ2-N2AYNW553nryI9f9iuoAqv7f6bXhzmaO-ByN0xtDEt9E48CFN-tyA_qShtwmEUajhsq0XFrUZgR0rtEq2kSvj79v3-sX1P7qCjPPrGK2q12VQ24DbVWnDYDZslYh9nyJGtiZgXu-GWFNKhfaXI76U_ASC2yefrcWu6ioIdDrn8j75B9AZgg3GpBqkT7H2qHWGqieeuJmcuFVoYIJUiztZNrDWYvmCJv_w2KlG911GHqLO7K7AznzpiSdIWwGXVBSxYRBbCVQTFJge1SYkXYOWj1OP9aFttpxRNX_ctiAiqV5IA9JBs_T3H4w6mGYRt4NpXZCMn3Yguwc1LekmCn0r83taHjvOT0_l78c1zv2nWC_ADKgdd1lPLMzQHiNWnHCDIBrRYm0.h0WaCjevbfdig0G-zQM9eA
[tokenType:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] => bearer
[refresh_token:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] => Q011532218006WxAY7UnIdulGDJAcgnaoTi7pIkHVaaQld9Me3
[accessTokenExpiresAt:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] => 1523499723
[refreshTokenExpiresAt:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] => 1532218006
[accessTokenValidationPeriod:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] => 3600
[refreshTokenValidationPeriod:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] => 8721883
[clientID:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] => Q032lsDMTnotxhcOudLOpyfYuDXfB9xEMWpMRpvFIwW1VV1eyQ
[clientSecret:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] => Ml3Id7ZgeVNzAbxecHwwwzrBmuKeQXw7kljlwT84
[realmID:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] =>
[baseURL:QuickBooksOnline\API\Core\OAuth\OAuth2\OAuth2AccessToken:private] =>
)
As per quickbooks developer, "The previous refresh token expires after 24 hours after you create a new one. So you would get the same refresh token from the time you refresh untill the next 24 hours."
Read more: Click Here
I got a refresh token using OAuth playground, but I am not sure what to do with it. Using the php sample code to upload a video, I added this line of code
$client->refreshToken($refreshToken);
Is this all I need to do?
Few more steps are required once you have the OAuth2 refresh token:
Define the path to credentials file obtain from Google's dev console (also called "client-secret") and set it for $client:
$credentialsFilePath = "client_secret_file.json";
$client->setAuthConfig($credentialsFilePath);
Add the required scope (see here) which should match the scope defined when you received the refresh token (after first user's consent), this is a scope example for Gmail:
$client->addScope('https://mail.google.com/');
Set your refresh token (gets a new token and sets it to the $client):
$refreshToken = "1/Je...................";
$client->refreshToken($refreshToken);
Get your access token (which I like to store in session):
$_SESSION['access_token'] = $client->getAccessToken();
Start calling the API:
if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
// API calls
}
Full code for Gmail requests using OAuth2 with a refresh token:
https://eval.in/776863
In my website i have an upload button for upload files to google drive via api.
Here is my code:
$auth_code = GOOGLEDRIVE_AUTH_CODE;
$access_token = GOOGLEDRIVE_ACCESS_TOKEN;
$refresh_token = GOOGLEDRIVE_REFRESH_TOKEN;
$client_id = 'Google_App_Client_ID';
$client_secret = 'Google_App_Client_Secret';
$redirect_uri = 'Redirct_Url';
$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setRedirectUri($redirect_uri);
$client->setAccessType('offline');
$client->setApprovalPrompt('force');
$client->addScope("https://www.googleapis.com/auth/drive");
$service = new Google_Service_Drive($client);
if (isset($access_token) && $access_token) {
$client->setAccessToken($access_token);
if ($client->isAccessTokenExpired()) {
$refresh_token = $client->getRefreshToken();
$client->refreshToken($refresh_token);
$access_token = $client->getAccessToken();
$co->save('GDRIVE_ACCESS_TOKEN',$access_token);
$co->save('GDRIVE_REFRESH_TOKEN',$refresh_token);
}
} else {
$authUrl = $client->createAuthUrl();
}
this line throws an error
$client->refreshToken($refresh_token);
"Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }'"
Reading up on the error message it sounds like the token refresh isn’t working all of a sudden. Like I said, this upload tool has been working fine for months.
Any Idea ?
Thanks,
Midhun
Invalid_grant
Your server’s clock is not in sync with NTP. (Solution: check the server time if its incorrect fix it. )
If its not that then there is no fix besides asking the user to authenticate again. Possible causes for the refresh token to have expired.
The user has revoked your access.
the refresh token hasn't been used in six months to request a new access token.
The refresh token limit has been exceeded. Applications can request multiple refresh tokens. For example, this is useful in situations where a user wants to install an application on multiple machines. In this case, two refresh tokens are required, one for each installation. When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned. The limit for each unique pair of OAuth 2.0 client and is 25 refresh tokens (note that this limit is subject to change). If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid. The 27th requested refresh token would invalidate the 2nd previously issued token and so on.
I am using Google Drive API and authenticating using OAuth token using PHP program. For my test program I went to OAuth url manually and created a token. Then, I used it in the program and saved it to the file. From next time onwards the token is loaded from file and the program is able to access Google Drive. However, since the token would only be valid for 1 hr, after that I get the error since the token it retrieves from the file won't be valid anymore. I am not clear on how I can refresh the token so that its not required to manually obtain a new token.
Following is my code -
$client = new Google_Client();
$client->setClientId( CLIENT_ID );
$client->setClientSecret( CLIENT_SECRET );
$client->setRedirectUri( REDIRECT_URIS );
$client->setScopes($SCOPES);
$client->setAccessType('offline');
$client->setAuthConfigFile(CLIENT_SECRET_PATH);
If the cred file exist, I pull the token from that file else I would be fetching it. For now, the first time token I am setting manually -
if (file_exists(CREDENTIALS_PATH)) {
$accessToken = file_get_contents(CREDENTIALS_PATH);
} else {
$authCode = 'My Auth Code';
$accessToken = $client->authenticate($authCode);
}
file_put_contents(CREDENTIALS_PATH, $accessToken);
$client->setAccessToken($accessToken);
Now, if the token is expired I need to refresh the token automatically.
if ($client->isAccessTokenExpired()) {
//This is where I am running in trouble.
}
How do I achieve it? The target is to perform OAuth authentication and execute Google Drive API without any manual intervention.
Thank you for the help!
Looks like I found the answer.
I used the OAuth url for the first time access to include the parameter prompt=consent. So this generated the refresh-token that was saved in the file. After that, following addition to code did the trick -
if ($client->isAccessTokenExpired()) {
$client->refreshToken($client->getRefreshToken());
file_put_contents(CREDENTIALS_PATH, $client->getAccessToken());
}
After this the token is no longer expiring after an hour.
I want to build a script that will check a Authenticated User's Google Calendar via the Google Calendar PHP Client. I was able to build a simple page that lets a user Auth and give permission to the Calendar Events. I receive a token and then grab a 15 upcoming events via:
$googleCal = new Google_Service_Calendar($googleClient);
$results = $googleCal->events->listEvents($calendarId, $optParams);
But what I'm struggling with is how to save this so I can have a script check this everyday to see if there were new events added. I think what I have is close just struggling to get over the finish line.
Thanks!
--
Update, I'm trying to use the refresh token, here is my code:
public function checkRedirectCode()
{
if(isset($_GET['code']))
{
$this->client->authenticate($_GET['code']);
// $this->setToken($this->client->getRefreshToken());
$this->setToken($this->client->getAccessToken());
$this->storeUser($this->getPayload());
return true;
}
return false;
}
public function setToken($token)
{
$_SESSION['access_token'] = $token;
$this->client->setAccessToken($token);
}
I have been able to echo the refresh token so I know I'm getting a proper refresh token but I'm getting errors whenever I use the commented out string. Any ideas?
To enable your script to be called beyond the lifetime of the original access token (which only last an hour), you will need to retrieve and store the refresh token during the initial authorisation, and then use this to generate a new access token each time your script runs.
Access tokens have limited lifetimes. If your application needs access
to a Google API beyond the lifetime of a single access token, it can
obtain a refresh token. A refresh token allows your application to
obtain new access tokens.
https://developers.google.com/identity/protocols/OAuth2#basicsteps (4. Refresh the access token, if necessary.)
After the user has authenticated your app, they are returned to your redirect URI with the code query-string.
The following is an example of authenticating and getting the refresh token (this uses Analytics, but should be the same for other services):
$client = new Google_Client();
$client->setClientId('xxx');
$client->setClientSecret('xxx');
$client->setRedirectUri('xxx');
//authenticate with the code returned from google
$authenticate = $client->authenticate($_GET['code']);
//get the refresh token
$refreshToken = $client->getRefreshToken();
//store refresh token in database...
Then, when you run your daily script, use the refresh token (retrieved from your database) to generate a new access token:
$client = new Google_Client();
$client->setClientId('xxx');
$client->setClientSecret('yyy');
$client->addScope(Google_Service_Analytics::ANALYTICS_READONLY);
$client->refreshToken($user->refresh_token);
$newToken = $client->getAccessToken();
$client->setAccessToken($newToken);