I am creating a web application that requires Google OAuth authentication.
I have successfully recieved the refresh and access token, however, I cannot seem to get the refresh token again.
I understand that I need to revoke access from my account in order to get the refresh token again. However this does not seem to work on the multiple accounts that I have tested this on.
login.php
<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
"response_type" => "code",
"client_id" => "xxxx.apps.googleusercontent.com",
"redirect_uri" => "http://xxxx.net/auth/callback",
"scope" => "https://www.googleapis.com/auth/plus.me"
);
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
?>
callback.php
<?php
$url = "https://accounts.google.com/o/oauth2/auth";
$client_id = xxxx.apps.googleusercontent.com";
$client_secret = "xxxx";
$redirect_uri = "http://xxxx.net/auth/callback";
$access_type = "offline";
$approval_prompt = "force";
$grant_type = "authorization_code";
$scope = "https://www.googleapis.com/auth/plus.me";
$params_request = array(
"response_type" => "code",
"client_id" => "$client_id",
"redirect_uri" => "$redirect_uri",
"access_type" => "$access_type",
"approval_prompt" => "$approval_prompt",
"scope" => "$scope"
);
$request_to = $url . '?' . http_build_query($params_request);
if(isset($_GET['code'])) {
// try to get an access token
$code = $_GET['code'];
$url = 'https://accounts.google.com/o/oauth2/token';
$params = array(
"code" => $code,
"client_id" => "$client_id",
"client_secret" => "$client_secret",
"redirect_uri" => "$redirect_uri",
"grant_type" => "$grant_type"
);
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
echo "Refresh token: " . $authObj->refresh_token;
echo "Access token: " . $authObj->access_token;
exit("Done.");
}
header("Location: " . $request_to);
?>
Within callback.php, I have attempted to modify the $params_request array to include the arrival_prompt="force" configuration, which is supposed to require user authentication and return the refresh token. However this does not work for me either.
I have even went as far as to regenerate the client ID, revoke access from my account, clear my cache, and reattempt connection, yet still only recieve the access token! What is wrong? Could someone please provide me with a solution and a way to consistently get back the refresh token.
Thank you in advance for your help and time.
To get a new refresh token for your client you first need to revoke the existing/old refresh token by revoking access for your client in the Account Permissions tab for your Google account and then ask for access_type=offline again. Revoking access for clients is done here: https://security.google.com/settings/security/permissions?pli=1
Related
This question already has answers here:
MailChimp oauth2 in ASP.NET keeps returning invalid_grant
(3 answers)
Closed 5 years ago.
Got a code and I tried to get access token for it. I made a Curl request and executed it but only got error response as {"error":"invalid_grant"}. Here is my code:
$url = 'https://login.mailchimp.com/oauth2/token';
$grant_type = 'authorization_code';
$client_id = 'MY CLIENT ID';
$client_secret = 'SECRET KEY';
$redirect_url = urlencode('REDIREDT_URL');
$code = $_GET['code'];;
$post_field = array(
'grant_type' => 'authorization_code',
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_url,
'code' => $code,
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_ENCODING, '');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POST, true);
$value = http_build_query($post_field);
//echo $value; exit;
curl_setopt($ch, CURLOPT_POSTFIELDS, $value);
//echo $post_field;
$result = curl_exec($ch);
curl_close( $ch );
print_r($result); exit;
[From the documentation:][1]
invalid_grant
The provided authorization grant (e.g., authorization
code, resource owner credentials) or refresh token is
invalid, expired, revoked, does not match the redirection
URI used in the authorization request, or was issued to
another client.
I would obtain a new authorization token.
[1]: https://www.rfc-editor.org/rfc/rfc6749#section-5.2
I have already get the access token of user via Oauth2, so after authenticate user to my Project and ask them to manage their Youtube data i am storing access token to the DB
Now i want to get the detail or list of the video that uploaded by that authenticated user, so How can I use user's access token to get their Youtube video data?
Below is my code
I generate the Authentication Url like
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
"response_type" => "code",
"client_id" => "XXXXXXX",
"redirect_uri" => "http://youtube-get.dev/oauth2callback.php",
"scope" => "https://gdata.youtube.com",
"access_type" => "offline"
);
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
And by calling curl in oauth2callback.php I get the Access Token
$client_id="XXXXXXX";
$client_secret="XXXXXX";
$redirect_uri="http://youtube-get.dev/oauth2callback.php";
$oauth2token_url = "https://accounts.google.com/o/oauth2/token";
$clienttoken_post = array(
"code" => $code,
"client_id" => $client_id,
"client_secret" => $client_secret,
"redirect_uri" => $redirect_uri,
"grant_type" => "authorization_code"
);
$curl = curl_init($oauth2token_url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
if (isset($authObj->refresh_token)){
//refresh token only granted on first authorization for offline access
//save to db for future use (db saving not included in example)
global $refreshToken;
$refreshToken = $authObj->refresh_token;
}
$accessToken = $authObj->access_token;
After getting this Access token how can i use it to get authenticated user's video list?
All the help will be appreciated, already wasted much time for it.
after authentication use below url to get authenticate users video
https://www.googleapis.com/youtube/v3/search?part=snippet&forMine=true&maxResults=25&q={your searchparameter}&type=video&key={your App Key}
Here is my php script RefreshToken.php
<?php
$url = 'https://accounts.google.com/o/oauth2/token';
$post_data = array(
'code' => 'xxxxxxxx',
'client_id' => 'xxxxxxxxxxx',
'client_secret' => 'xxxxxxxxxxxxx',
'redirect_uri' => 'http://localhost/googleapi/AuthenticationCode.php',
'grant_type' => 'authorization_code',
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$token = json_decode($result);
echo $token->refresh_token . "\n";
?>
Run PHP CLI
php -q RefreshToken.php
PHP Notice: Undefined property: stdClass::$refresh_token in /var/www/googleapi/RefreshToken.php on line 20
The refresh_token is not returned by default in Google OAuth2.
The request for an authorization code requires an extra parameter (access_type): then refresh token will be returned with access_token.
Other unusual behaviour: the refresh_token is returned only one time for a user. If, for some reason, refresh_token is lost for that user, then user will need to open Google Account Security Settings page and drop access for your app. And this is not enough: your app will need to pass more one params (approval_prompt equals true) to indicate we're forcing the request for a new refresh_token.
More info: https://developers.google.com/accounts/docs/OAuth2WebServer#offline)
I'm creating a small YouTube Analytics API script and i'm stuck trying to exchange a user authorization code for an access token.
I've managed to get to the point of obtaining the authorization token, but I don't know how to "Submit a POST request to Google".
What i think will work:
if (isset($_GET['code'])) {
// Send Post Request To Exchange Access Code
}
But i don't know what to put between the condition to actually swap the code.
When i visit the location
https://accounts.google.com/o/oauth2/code={CODE}&client_id={ID}&client_secret={SECRET}&redirect_uri={REDIRECTURL}&grant_type=authorization_code
I get an unknown URL.
You need to use cURL (or a similar library), as that's the way your server talks directly to Google to exchange the access code. Your users won't see your secret, as cURL does the request from your end. cURL will then let you take the response that comes back and extract and extract the access token, which you'll then send in the header of every request to the Analytics API (or, if you had access_type set to offline, you'll be able to extract a refresh token). Code might look something like this (tailor for your particular needs):
function get_oauth2_token($code) {
global $client_id;
global $client_secret;
global $redirect_uri;
$oauth2token_url = "https://accounts.google.com/o/oauth2/token";
$clienttoken_post = array(
"code" => $code,
"client_id" => $client_id,
"client_secret" => $client_secret,
"redirect_uri" => $redirect_uri,
"grant_type" => "authorization_code"
);
$curl = curl_init($oauth2token_url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
if (isset($authObj->refresh_token)){
//refresh token only granted on first authorization for offline access
//save to db for future use (db saving not included in example)
global $refreshToken;
$refreshToken = $authObj->refresh_token;
}
$accessToken = $authObj->access_token;
return $accessToken;
}
With that access token returned, you can then make your API calls.
I found this function that supposedly gets the accessToken, but I get nothing.
I do have the $_REQUEST['code'], and the other information needed in this function.
Any ideas what is wrong here?
Thanks.
//Oauth 2.0: exchange token for session token so multiple calls can be made to api
if(isset($_REQUEST['code'])){
$_SESSION['accessToken'] = get_oauth2_token($_REQUEST['code']);
}
//returns session token for calls to API using oauth 2.0
function get_oauth2_token($code) {
global $client_id;
global $client_secret;
global $redirect_uri;
$oauth2token_url = "https://accounts.google.com/o/oauth2/token";
$clienttoken_post = array(
"code" => $code,
"client_id" => $client_id,
"client_secret" => $client_secret,
"redirect_uri" => $redirect_uri,
"grant_type" => "authorization_code"
);
$curl = curl_init($oauth2token_url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$json_response = curl_exec($curl);
curl_close($curl);
$authObj = json_decode($json_response);
if (isset($authObj->refresh_token)){
//refresh token only granted on first authorization for offline access
//save to db for future use (db saving not included in example)
global $refreshToken;
$refreshToken = $authObj->refresh_token;
}
$accessToken = $authObj->access_token;
return $accessToken;
}
This is what I did to get my access token and refresh token.
Create a file that contains the following code :
<?php
if (isset($_GET['code'])) {
// try to get an access token
$code = $_GET['code'];
$url = 'https://accounts.google.com/o/oauth2/token';
$params = array(
"code" => $code,
"client_id" => YOUR_CLIENT_ID,
"client_secret" => YOUR_CLIENT_SECRET,
"redirect_uri" => 'http://' . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"],
"grant_type" => "authorization_code"
);
$ch = curl_init();
curl_setopt($ch, constant("CURLOPT_" . 'URL'), $url);
curl_setopt($ch, constant("CURLOPT_" . 'POST'), true);
curl_setopt($ch, constant("CURLOPT_" . 'POSTFIELDS'), $params);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
if ($info['http_code'] === 200) {
header('Content-Type: ' . $info['content_type']);
return $output;
} else {
return 'An error happened';
}
} else {
$url = "https://accounts.google.com/o/oauth2/auth";
$params = array(
"response_type" => "code",
"client_id" => YOUR_CLIENT_ID,
"redirect_uri" => 'http://' . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"],
"scope" => "https://www.googleapis.com/auth/plus.me"
);
$request_to = $url . '?' . http_build_query($params);
header("Location: " . $request_to);
}
Now, replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with your client ID and client secret.
Make sure your scope is correct. For example, it should be https://www.googleapis.com/auth/analytics if you want to get access to Analytics.
If you run the file, you should get an OAuth2 approval screen.
If you now press Accept, you should get a result that looks like this:
{
"access_token" : YOUR_ACCESS_TOKEN,
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : YOUR_REFRESH_TOKEN
}
The result may contain additional fields, depending on which scope you're applying for.
I don't see anything wrong with your code, but you may want to try refreshing the client secret and see if that helps. Additionally, I would suggest you see exactly what the response is coming back from your curl command, I suspect it's "invalid_grant".
A much better way to do this is to use google's php api client:
https://code.google.com/p/google-api-php-client/
which handles most of the communication for you. The examples there are very easy to use. It mostly depends on which google service you are trying to access.
that code looks familiar - I'm using roughly the same code - there are two things you can try.
Use echo to echo the response to the Browser
echo $json_response;
Get hold of Fiddler and use the following line before the call to curl_exec
curl_setopt($curl, CURLOPT_PROXY, '127.0.0.1:8888');
'fraid I've not got it working either - the response I am getting is
{
"error" : "invalid_request"
}
Now if anyone knows how what is wrong with this ;)
From section 4.4.2 of "The OAuth 2.0 Authorization Protocol draft-ietf-oauth-v2-20"
The client makes a request to the token endpoint by adding the
following parameters using the "application/x-www-form-urlencoded"
format in the HTTP request entity-body:
So the POSTed parameters should be submitted in the form of a string, not an array. This is mentioned in the PHP manual for curl_setopt too.
So instead of posting $clienttoken_post, you might want to post http_build_query($clienttoken_post,'','&').
This might not solve all your problems, but it's probably a step in the right direction.
I had the same error, and I found that adding
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
to allow the request follow a redirect solved it quickly. I hope that helps someone else!