According to the implementation guide and common sense, I'd like to verify the JWT token issued to an user who has logged in to my site through the Google Identity Toolkit, to prevent forgery and.. just in case.
A POST request through cURL (code below) to https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo containing the idToken (string), localId (list) and email (list) should suffice. My application uses as a local id the tokenId issued by the IDSP.
However, this is what I get:
Error: call to URL https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=MyAPIKey failed with status 500, response { "error": { "code": 500, "message": null } } , curl_error , curl_errno 0
And frankly, I'm at utter loss: my Google-fu only turned up logging out and back in, but unsurprisingly it hasn't solved the issue.
Of further concern is the necessity of fetching the user display name and image, through the same relyingparty.
Code
function verifytoken($data){
$url = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=MyAPIKey";
var_dump($data);
$content = json_encode($data);
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER,
array("Content-type: application/json"));
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $content);
$json_response = curl_exec($curl);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ( $status != 201 ) {
die("Error: call to URL $url failed with status $status, response $json_response, curl_error " . curl_error($curl) . ", curl_errno " . curl_errno($curl));
}
curl_close($curl);
$response = json_decode($json_response, true);
var_dump($response);
}
$tok=array('idToken'=>$gitkitUser->getUserId(),'localId'=>array($gitkitUser->getUserId()),'email'=>array($gitkitUser->getEmail()));
verifytoken($tok);
To verify the Google Identity Toolkit JWT token, you do not need to make any HTTP request. It is recommended to use one of the Google Identity Toolkit libraries (Java/Python/Php/Ruby/Go/Nodejs) to do that locally. The token already includes the email/name/photo_url of the user.
Related
I am getting 400 bad request with DocuSign demo account while accessing access token. I am using these values while making call.
$url = "https://account-d.docusign.com/oauth/token";
$integrator_and_secret_key = "Basic " . base64_encode("integration key:secret key");
$headers = [
"Authorization" => $integrator_and_secret_key,
"Content-Type" => "application/x-www-form-urlencoded",
];
$postData = [
"grant_type" => "authorization_code",
"code" => $_GET['code'],
];
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&code=authcode");
curl_setopt($curl, CURLOPT_HTTPHEADER,$headers
);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_VERBOSE, true);
$json_response = curl_exec($curl);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ( $status != 201 ) {
echo "error calling webservice, status is:" . $status . "\nerror text is --> ";
print_r($json_response); echo "\n";
exit(-1);
}
echo "<pre>"; print_r($json_response); exit;
$response = json_decode($json_response, true);
// if(isset($response["envelopeId"])){
// echo json_encode(array('output'=>'success'));
// }
// else{
// echo json_encode(array('status'=>False,'output'=>'Fail'));exit;
// }
exit;
There was an error calling "web service" after I called above, status: 400 error text -> error "error": "invalid_grant", "error_description": "unauthorized_client"} "
It looks like you're attempting to use the oauth authorization code grant flow.
The code that your q shows is the second major step where your app exchanges the authorization code it received from DocuSign for an access token that will be used to call the API.
Your code appears to be using the static string authcode as the authorization code:
curl_setopt($curl, CURLOPT_POSTFIELDS,
"grant_type=authorization_code&code=authcode");
This is a bug. The code body parameter must be set to the value of the authorization code that was previously received from DocuSign.
Eg
curl_setopt($curl, CURLOPT_POSTFIELDS,
"grant_type=authorization_code&code=$authcode");
Recommendation
Instead of hand-coding the authorization code grant, it is better to use a library. For PHP, the open source league/oauth2-client can be used. Docs
The DocuSign code example shows how to use it. See the Auth directory and its callers.
I need to get the data from the leads and contacts from Salesforce through the REST API. As I read the UNION is not supported by Salesforce and we need to use a SOSL to get data.
For this I am using a below code
$url = $instance_url. '/services/data/v37.0/search/?q= FIND {rohit} IN ALL FIELDS RETURNING Lead(email), Contact(email)';
$urlcurl = curl_init($url);
curl_setopt($urlcurl, CURLOPT_HEADER, false);
curl_setopt($urlcurl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($urlcurl, CURLOPT_HTTPGET, 1);
curl_setopt($urlcurl, CURLOPT_HTTPHEADER,
array("Authorization: OAuth $access_token"));
curl_setopt($urlcurl, CURLOPT_SSL_VERIFYPEER, false);
$urljson_response = curl_exec($urlcurl);
$status = curl_getinfo($urlcurl, CURLINFO_HTTP_CODE);
if ( $status != 200 ) {
die("Error: call to URL failed with status $status, response $urljson_response, curl_error " . curl_error($urlcurl) . ", curl_errno " . curl_errno($urlcurl));
}
curl_close($urlcurl);
return json_decode($urljson_response);
but it is returning a response like
Error: call to URL failed with status 400, response , curl_error , curl_errno 0
How can I achieve this?
I am trying to connect to the Marketo.com REST API using curl.
I can't get a response from the identity service. I only get an error message
"[curl] 6: Couldn't resolve host 'MY_CLIENT_ENDPOINT.mktorest.com'
,
but I can print the constructed url and paste it into a browser address bar and this will provide the expected response with the access_token element.
I can use curl in php and in a terminal to access my gmail account so curl is able to access an https service.
I have tried sending the parameters in the curl url as a get request and also by declaring them with curl's -F option as a post request
My application uses dchesterton/marketo-rest-api available on github, but I have also tried a simple php curl request just to get the access token.
private function getToken() {
$url = "$this->client_url/identity/oauth/token?grant_type=client_credentials&client_id=$this->client_id&client_secret=$this->client_secret";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
$errors = curl_error($ch);
curl_close($ch);
file_put_contents($this->logDir . 'access_token_response' . date('Y-m-d') . '.txt', $url . "\n" . $response . "\n", FILE_APPEND);
if ($errors) {
file_put_contents($this->logDir . 'access_token_errors' . date('Y-m-d') . '.txt', $errors . "\n", FILE_APPEND);
}
return $response['access_token'];
}
Again, this fails with the same error but produces a perfectly formed url that I can paste into the browser and get a valid response.
I have also tried this using post instead of get as I have for every other test mentioned, and these have been tried on my localhost and on a test server.
Can anyone explain to me why this would fail?
Does Marketo block curl on a per account basis?
I was trying to implement something similar but my code wasn't working. I'm not sure exactly what is failing but I tried your code and it seems to work perfectly after some slight modifications:
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($request_data));
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
$response = curl_exec($curl);
$errors = curl_error($curl);
curl_close($curl);
I hope this helps.
I need to make one API request to AWS Route53 to create a reusable delegation set. You can't do this through the console web interface, it has to be through the API.
Here is the documentation for making this API request: http://docs.aws.amazon.com/Route53/latest/APIReference/api-create-reusable-delegation-set.html
<?php
$baseurl = "route53.amazonaws.com/2013-04-01/delegationset";
$body = '<?xml version="1.0" encoding="UTF-8"?>
<CreateReusableDelegationSetRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/">
<CallerReference>whitelabel DNS</CallerReference>
</CreateReusableDelegationSetRequest>';
$ch = curl_init();
// Set query data here with the URL
curl_setopt($ch, CURLOPT_URL, $baseurl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS, $body );
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: route53.amazonaws.com','X-Amzn-Authorization: '));
curl_setopt($ch, CURLOPT_TIMEOUT, '3');
$rest = curl_exec($ch);
if ($rest === false)
{
// throw new Exception('Curl error: ' . curl_error($crl));
print_r('Curl error: ' . curl_error($ch));
}
curl_close($ch);
print_r($rest);
?>
I know the request isn't signed/authenticated, but I'm not even able to connect to the server. I would at least like to get an error message that says I'm not authenticated before I continue. Instead all I get is "connection refused".
I'm sure I'm doing something completely wrong here. But Google has been of no use.
scrowler was right. I changed:
$baseurl = "route53.amazonaws.com/2013-04-01/delegationset";
to
$baseurl = "https://route53.amazonaws.com/2013-04-01/delegationset";
I got the error message I was expecting and now I can work on the next step.
I am trying to make an API call to Localbitcoins API using Curl, but I am having difficulty getting the response to return properly. I have looked at my Curl request and nothing looks out of place.
Here is the API call I am trying to get:
Base URL: https://localbitcoins.com/oauth2/access_token/
Required arguments: client_id, client_secret, username, password, grant_type=password
Optional arguments: None
If successful, JSON like so will be returned immediately:
{
"access_token": the access token,
"scope": "read",
"expires_in": seconds to expiry,
"refresh_token": a refresh token
}
and here is the function I have written to try and retrieve the access_token:
function authenticate($parameters) {
$url = 'https://localbitcoins.com/oauth2/access_token/';
$parameters['client_id'] = 'redacted';
$parameters['client_secret'] = 'redacted';
$data = http_build_query($parameters);
// Initialize the PHP curl agent
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, "curl");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
// curl_setopt($ch, CURLOPT_VERBOSE, true);
$result = curl_exec($ch);
if ($result === false)
throw new Exception ("curl Error: " . curl_error($ch));
$http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_status != 200)
throw new Exception("Request Failed. http status: " . $http_status);
curl_close($ch);
// Trim any whitespace from the front and end of the string and decode it
$result = json_decode(trim($result));
if (($error = get_json_error()) !== false) {
throw new Exception("json_decode failed: " . $error);
}
// Verify that we got a valid response
if (!isset($result->status))
{
throw new Exception("API response did not contain 'status'");
exit;
}
if ($result->status == 'error')
{
throw new Exception("API call failed: " . $result->message);
exit;
}
// The API call succeeded, return the requested data
return $result->data;
}
and calling the function:
authenticate(array(
'grant_type' => 'password',
'username' => 'redacted',
'password' => 'redacted'));
All this returns is FATAL ERROR and a 400 ERROR for BAD REQUEST. Any help would be greatly appreciated!
I don't think it's worth your time to develop for the current Localbitcoins API. It's very poorly documented with a lot of broken features. If you look at the Developer forum, it's not well maintained and its riddled with complaints:
https://localbitcoins.com/forums/#!/dev/developers-and-affiliates
I personally inquired on the status of the API with one of the Localbitcoin developers, and he told me that they are pushing out an updated API within the next two weeks.
As per your question specifically, it seems like the issue has existed since October 2013:
https://localbitcoins.com/forums/#!/dev/developers-and-affiliates#problems-with-grant-typepa
Doesn't look like anyone from the Localbitcoins team has resolved it either. I think you are better off holding off for their new API.
Cheers!
can you try this...
$result = curl_exec($ch);
echo nl2br($result);
curl_close($ch);