Here is my php script RefreshToken.php
<?php
$url = 'https://accounts.google.com/o/oauth2/token';
$post_data = array(
'code' => 'xxxxxxxx',
'client_id' => 'xxxxxxxxxxx',
'client_secret' => 'xxxxxxxxxxxxx',
'redirect_uri' => 'http://localhost/googleapi/AuthenticationCode.php',
'grant_type' => 'authorization_code',
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$token = json_decode($result);
echo $token->refresh_token . "\n";
?>
Run PHP CLI
php -q RefreshToken.php
PHP Notice: Undefined property: stdClass::$refresh_token in /var/www/googleapi/RefreshToken.php on line 20
The refresh_token is not returned by default in Google OAuth2.
The request for an authorization code requires an extra parameter (access_type): then refresh token will be returned with access_token.
Other unusual behaviour: the refresh_token is returned only one time for a user. If, for some reason, refresh_token is lost for that user, then user will need to open Google Account Security Settings page and drop access for your app. And this is not enough: your app will need to pass more one params (approval_prompt equals true) to indicate we're forcing the request for a new refresh_token.
More info: https://developers.google.com/accounts/docs/OAuth2WebServer#offline)
Related
im trying to upload to my imgur Account's album, however, the upload works, but it looks like its gonna uploaded as anonym/public?
here's my code:
<?php
$client_id = "465xxx8c44294";
$image = file_get_contents("../images/d4487317c3xxx93210b293c2e.jpg");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.imgur.com/3/image.json');
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Client-ID ' . $client_id));
//curl_setopt($ch, CURLOPT_POSTFIELDS, array('image' => base64_encode($image)));
curl_setopt($ch, CURLOPT_POSTFIELDS, array('image' => base64_encode($image), 'album' => 'nqxxxGE'));
$reply = curl_exec($ch);
curl_close($ch);
$reply = json_decode($reply);
printf('<img height="180" src="%s" >', $reply->data->link);
any advice?
If you want to add image to album, according doc, you need to pass album id. Make sure you've generated token that has access to secret albums.
Here you can find some tips about tokens.
curl_setopt($ch, CURLOPT_POSTFIELDS,
array(
'image' => base64_encode($image),
'album' => '5' // 5 - your album id
)
);
You can check you albums id using this api.
To refresh token:
If a user has authorized their account but you no longer have a valid access_token for them, then a new one can be generated by using the refresh_token.
To obtain a new access token, your application performs a POST to https://api.imgur.com/oauth2/token. The request must include the following parameters to use a refresh token:
refresh_token: The refresh token returned from the authorization code exchange
client_id: The client_id obtained during application registration
client_secret: The client secret obtained during application registration.
grant_type: As defined in the OAuth2 specification, this field must contain a value of: refresh_token.
As long as the user has not revoked the access granted to your application, the response includes a new access token. A response from such a request is shown below:
{
"access_token":"5c3118ebb73fbb275945ab340be60b610a3216d6",
"refresh_token":"d36b474c95bb9ee54b992c7c34fffc2cc343d0a7",
"expires_in":3600,
"token_type":"Bearer",
"account_username":"saponifi3d"
}
Add the refresh part at the start of your script. Something like:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.imgur.com/oauth2/token');
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
'refresh_token' => $refreshToken, // Your refresh_token
'client_id' => $client_id,
'client_secret' => $clientSecret, //Your client_secret
'grant_type' => 'refresh_token'
]);
//Keep in mind that refreshToken and clientSecret are obtained during registration.
$reply = curl_exec($ch);
curl_close($ch);
$reply = json_decode($reply);
$accessToken = $reply->access_token;
This question already has answers here:
MailChimp oauth2 in ASP.NET keeps returning invalid_grant
(3 answers)
Closed 5 years ago.
Got a code and I tried to get access token for it. I made a Curl request and executed it but only got error response as {"error":"invalid_grant"}. Here is my code:
$url = 'https://login.mailchimp.com/oauth2/token';
$grant_type = 'authorization_code';
$client_id = 'MY CLIENT ID';
$client_secret = 'SECRET KEY';
$redirect_url = urlencode('REDIREDT_URL');
$code = $_GET['code'];;
$post_field = array(
'grant_type' => 'authorization_code',
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_url,
'code' => $code,
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_ENCODING, '');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POST, true);
$value = http_build_query($post_field);
//echo $value; exit;
curl_setopt($ch, CURLOPT_POSTFIELDS, $value);
//echo $post_field;
$result = curl_exec($ch);
curl_close( $ch );
print_r($result); exit;
[From the documentation:][1]
invalid_grant
The provided authorization grant (e.g., authorization
code, resource owner credentials) or refresh token is
invalid, expired, revoked, does not match the redirection
URI used in the authorization request, or was issued to
another client.
I would obtain a new authorization token.
[1]: https://www.rfc-editor.org/rfc/rfc6749#section-5.2
I seen answers for this in other posts but they are quite outdated and I know IG has updated their api since.
I followed their developer documentation but can not seem to make a request from my localhost.
$fields = array(
'client_id' => 'a2xxxxxxxxxxxxxxxxxxxxxxxxxxxxed',
'client_secret' => '3bxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8f',
'grant_type' => 'authorization_code',
'redirect_uri' => 'http://localhost:8000/',
'code' => 'code'
);
$url = 'https://api.instagram.com/oauth/access_token';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
curl_setopt($ch, CURLOPT_POST,true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
$result = curl_exec($ch);
curl_close($ch);
print $result; //your token
The above code is how I am making my request but I get the following error.
{"code": 400, "error_type": "OAuthException", "error_message": "Matching code was not found or was already used."}
I have disabled implicit oAuth, the app set up is pretty basic, with all the settings going to my personal site for the time being as the app is in sandbox mode anyway.
redirect_uri should be pointing to a public URL address, not localhost.
Turns out, I just had to logout of my Instagram account each time I wanted to request a new token.
I have already get the access token of user via Oauth2, so after authenticate user to my Project and ask them to manage their Youtube data i am storing access token to the DB
Now i want to get the detail or list of the video that uploaded by that authenticated user, so How can I use user's access token to get their Youtube video data?
Below is my code
I generate the Authentication Url like
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
"response_type" => "code",
"client_id" => "XXXXXXX",
"redirect_uri" => "http://youtube-get.dev/oauth2callback.php",
"scope" => "https://gdata.youtube.com",
"access_type" => "offline"
);
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
And by calling curl in oauth2callback.php I get the Access Token
$client_id="XXXXXXX";
$client_secret="XXXXXX";
$redirect_uri="http://youtube-get.dev/oauth2callback.php";
$oauth2token_url = "https://accounts.google.com/o/oauth2/token";
$clienttoken_post = array(
"code" => $code,
"client_id" => $client_id,
"client_secret" => $client_secret,
"redirect_uri" => $redirect_uri,
"grant_type" => "authorization_code"
);
$curl = curl_init($oauth2token_url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
if (isset($authObj->refresh_token)){
//refresh token only granted on first authorization for offline access
//save to db for future use (db saving not included in example)
global $refreshToken;
$refreshToken = $authObj->refresh_token;
}
$accessToken = $authObj->access_token;
After getting this Access token how can i use it to get authenticated user's video list?
All the help will be appreciated, already wasted much time for it.
after authentication use below url to get authenticate users video
https://www.googleapis.com/youtube/v3/search?part=snippet&forMine=true&maxResults=25&q={your searchparameter}&type=video&key={your App Key}
UPDATE
If I perform a curl_error() this gets returned
Protocol https not supported or disabled in libcurl
if I send a curl request via the command line I get an access token fine:
curl --data "code=removed&client_id=removed&client_secret=removed&redirect_uri=https://group.cs.cf.ac.uk/group3/oAuth2redirect.php&scope=https://www.googleapis.com/auth/calendar&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token
However when I try and do this via php curl just returns nothing
$code = $_GET['code'];
$client_id = "removed";
$client_secret = "removed";
$redirectUri = "https://group.cs.cf.ac.uk/group3/oAuth2redirect.php";
$scope = "https://www.googleapis.com/auth/calendar";
$grant_type = "authorization_code";
$url = "https://accounts.google.com/o/oauth2/token/";
$params = array(
'code' => $code,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirectUri,
'scope' => $scope,
'grant_type' => $grant_type
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
$response = curl_exec($ch);
curl_close($ch);
print_r($response);
does anyone know why this is happerning, I think it may to do with headers however I really can't work this out.
any help would be awesome
edit
using Google's library for oauth2 is not an option
I've solved the problem now. It turns out curl was not set to be able do to ssl requests (as evident as curl_error() was returning Protocol https not supported or disabled in libcurl.
I think ssl creating problem. Google is https, so it need set_opt("CURLOPT_SSL_VERIFYPEER",val) also, for more details visit, http://www.php.net/manual/en/function.curl-setopt-array.php beside other things, this may be problem.