I'm trying to create an application on LinkedIn that's using OAuth2 for authentication and am running into some errors. The client runs on an iOS device and uses an oAuth library to make a call to LinkedIn's servers. My iOS client successfully gets the authorization_code. The client application then passes that authorization_code to my server, which attempts to connect to linkedIN again and get the access_token. This step consistently fails, I get the following error from LinkedIn: {"error":"invalid_request","error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : client_id"}
My POST method to LInkedIN does contain the client_id, it only contains it once, and I've triple checked the values for all the parameters, they are correct. I've also reset the access multiple times from https://www.linkedin.com/secure/settings and I've even created additional applications on LinkedIn, I keep getting the same result.
I've checked other responses, such as this one: unable to retrieve access token linkedin api and tried the suggestions: revoke keys, request new keys etc, nothing seems to be working.
Here is my server code:
$tokenURL = 'https://www.linkedin.com/uas/oauth2/accessToken';
$redirectURL = 'https://staging.textsuggestions.com';
$clientId = '75a4ezqh741sup';
$clientSecret = 'XXXXXXXX';
$tokenArguments = array("grant_type" => "authorization_code",
"code" => $code,
"redirect_uri" => $redirectURL,
"client_secret" => $clientSecret,
"client_id" => $clientId);
// send the request to the server getting data
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $tokenURL);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $tokenArguments);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = json_decode(curl_exec($ch), true);
curl_close($ch);
if (!empty($response["error"])) {
error_log("Error is: " . $response["error"]);
exit (0);
} else {
// no error, get the access_token and do stuff with it
$timeout = $response["expires_in"];
$access_token = $response["access_token"];
}
Ok I realized what I was doing wrong, the client application library that I was using was generating the full access token (not the auth code). So I was trying to pass in the access token in the place of the auth code. The error that I was getting from Linked In was certainly misleading and I should have checked the client library I was using more carefully.
Have you tried to check your code against this code sample?
https://developer.linkedin.com/documents/code-samples
Check that the POST headers include "Content-Type": "application/x-www-form-urlencoded".
Related
Currently I am trying to get reviews from https://play.google.com/store/apps/details?id=com.rosterelf.android.phone&hl=en by following https://developers.google.com/android-publisher/api-ref/rest/v3/reviews/list documentation.
I am using the PHP (cURL) method but I am keep getting an error saying --- Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential.
Below are my steps what I have done / tried so far.
Created one Api KEY, OAuth 2.0 Client ID and Service Account in Google Developer Console.
Enabled the Google Play Android Developer API and Google Play Custom App Publishing API too.
Going at my browser https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&redirect_uri=REDIRECT-URI&client_id=CLIENT-ID
It gives me the code in response and then to be able to get access_token, I am using below PHP cURL code which is also working fine.
<?php
$client_id = 'CLIENT-ID';
$redirect_uri = 'REDIRECT-URL';
$client_secret = 'CLIENT-SECRET';
$code = 'CODE';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/token");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'code' => $code,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code'
));
$data = curl_exec($ch);
var_dump($data);
exit;
And in response, I am successfully able to get the access_token.
Now I am trying to go directly to this page in browser https://www.googleapis.com/androidpublisher/v3/applications/com.rosterelf.android.phone/reviews?access_token=ACCESS-TOKEN but it keeps saying me...
Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project
-> I have checked the roles and permissions and it has owner as a permission in service account.
-> My REDIRECT-URI also the same URL throughout this process.
I event tried this URL to fetch the reviews https://androidpublisher.googleapis.com/androidpublisher/v3/applications/com.rosterelf.android.phone/reviews/review?access_token=ACCESS-TOKEN but having the same error.
Can someone please guide me what am I missing from here and why I am getting here and what exactly I should do from here on to get the reviews ?
Any help or suggestions will be highly appreciated.
Thanks in advance.
This is an example for that API using the official client library. I believe this code is for service account authentication. The service account will need to be properly configured see using_a_service_account How to create service account credetinals just remember to enable the proper library.
<?php
require_once 'google-api-php-client-2.2.2\vendor\autoload.php';
putenv('GOOGLE_APPLICATION_CREDENTIALS=client_secret.json');
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
$client->addScope(Google_Service_AndroidPublisher::ANDROIDPUBLISHER);
$android_publisher = new Google_Service_AndroidPublisher($client);
$response = $android_publisher->reviews->listReviews('appname');
echo "<pre>";
var_dump($response);
I am learning to build a Login via Google button on my Joomla website, and I am following instruction on https://developers.google.com/identity/protocols/oauth2/web-server.
A little background:
I am using a third party extension to handle social login. Its facebook login works well, but its google login is outdated, still trying to connect to Google Plus endpoints. Clicking the login button on my page does lead to Google's account choice screen, after I choose an account and grant permission, there is a simple error message on the callback page. The author has stopped updating the extension, so for learning purpose, I've decided to fix it myself.
What I've achieved:
Currently I was able to get the access token from Google.
.......
$postdata = array(
'grant_type' =>'authorization_code',
'client_id' => $this->params->get('goappid'),
'client_secret' => $this->params->get('gosecret'),
'redirect_uri' => $this->getRedirectURL().'&task=gologin',
'code' => $_GET['code']);
curl_setopt($curl, CURLOPT_URL, 'https://oauth2.googleapis.com/token');
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-type: application/x-www-form-urlencoded'));
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postdata));
$oauth = json_decode(curl_exec($curl));
// Above code seems to be fine, getting $oauth response as follows
// "access_token": "token string",
// "expires_in": 3599,
// "scope": "https://www.googleapis.com/auth/userinfo.profile",
// "token_type": "Bearer",
// "id_token":"token string"
if (isset($oauth->access_token)) {
curl_setopt($curl, CURLOPT_POST, false);
curl_setopt($curl, CURLOPT_URL, 'https://www.googleapis.com/plus/v1/people/me?access_token='.$oauth->access_token); //Apparently outdated endpoint
$user = json_decode(curl_exec($curl));
if (empty($user->error)) {
curl_setopt($curl, CURLOPT_URL, 'https://www.googleapis.com/plus/v1/people/me/activities/public?access_token='.$oauth->access_token);//Apparently outdated endpoint
My question: At this point, I don't know what to do. The instruction says After your application obtains an access token, you can use the token to make calls to a Google API on behalf of a given user account, but how do I "make calls to a Google API"? To make a simple login via Google button, which API should I call? And to what endpoint should I make the request? I can't find this information from the instruction page. Above code is making request to https://www.googleapis.com/plus/v1/people/me?access_token, which is obviously outdated but how should I change this? This should have been provided by the instruction but I couldn't find it. And if I want to access other Google APIs, how do I "make calls" to them? a.k.a where do I find endpoints for each API?
I've also read https://developers.google.com/identity/protocols/oauth2/openid-connect, is what I am trying to do considered OIDC? Should I proceed according to this document?
I still think that access_token in the query path works in some Google apis. until June 2021
GET https://www.googleapis.com/plus/v1/people/me?access_token=[token]
I recommend switching to using an authorization header
GET https://people.googleapis.com/v1/%5BRESOURCENAME%5D HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
Main Aim: To get access_token so I may display my Instagram feed on the website.
Currently, to get an access token, we go to this url and click on Authorize to get the code, further exchanged for access_token.
https://api.instagram.com/oauth/authorize
?client_id={app-id}
&redirect_uri={redirect-uri}
&scope=user_profile,user_media
&response_type=code
Now, if I am writing a PHP-curl script to send this access_token and get my posts, how will I get an access token each time, I can not really click on authorize every time my API requests data, further, clicking authorize every 60 days is also not a long term solution for me.
So I was hoping if there was a way ( that I could call this URL, and get authorization code directly? )
So far my script:
$authURL = "https://api.instagram.com/oauth/authorize
?client_id=$client_id
&redirect_uri=$redirect_uri
&scope=user_profile,user_media
&response_type=code";
//STEP 1, GET THE AUTHORIZATION CODE (i am stuck here, how to get code from only PHP,
//without external clicks..)
//https://www.redirecturl.com?code=AQgw#_
$authorization_code = '48FduaX0g.....VZIj';
//STEP 2 GIVE THE CODE FOR TOKEN
$url = 'https://api.instagram.com/oauth/access_token';
$myjson = "
{'client_id': $client_id,
'client_secret': $client_secret,
'grant_type':'authorization_code',
'redirect_uri':$redirect_uri,
'code': $authorization_code
}";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $myjson);
$result = curl_exec($ch);
curl_close($ch);
$insta_details = json_decode($result);
echo $insta_details['access_token'];
curl -X GET \
'https://graph.instagram.com/17841405793187218/media?access_token=IGQVJ...'
The authorization step requires human interaction to login with a username / password. So there is no way to do that via only PHP.
But if you just need to display a feed on a website using PHP, you can use this package: https://packagist.org/packages/espresso-dev/instagram-basic-display-php
Grab the code in the callback after auth:
$code = $_GET['code'];
And then use this following methods:
getOAuthToken() to het the initial token
getLongLivedToken() to get the long-lived token valid for 60 days
Store the long-lived token so that can be used to retrieve the posts and just call the refreshToken() method every 50 days or so to refresh the token in the background and update the token you're using.
I'm sitting here working on making a post request in a rest api in php using curl. For this purpose I have the api key and an auth key, which I am currently including as post values in the request. But I keep getting HTML back in my response instead of JSON data (which its supposed to be) giving me a 401 unauthorized error.
I've noticed often you need to make custom headers to authorize yourself in these cases (I'm guessing I need to use my auth key for that, in the header somehow).
This is my code:
$post = [
'apikey' => $apiKey,
'authkey' => $authKey,
'name' => $reknr,
'description' => $opgave,
'clientId' => $clientId,
'orderTypeId' => $typeId,
'contactAddressId' => $addressId,
'theirref' => $ref,
'reqno' => $reknr
];
// Set api link
$ch = curl_init('https://app.minuba.dk/api/1/Order');
// Set return value to true
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Configure header
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'Authorization: Basic '.$authKey,
'Content-Type: application/json')
);
// Add post fields
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
// execute!
$response = curl_exec($ch);
// close the connection, release resources used
curl_close($ch);
The API docs doesn't say anything about how you authorize yourself when making post request, during get requests its fairly easy you just include the apikey and authkey as normal parameters and it works fine.
My question is, how do I know how to configure my header so the API authorizes me? The docs say nothing about it or offers any explanation as to how except mentioning you need both the apikey and authkey to gain access.
I admit my understand of the http headers are limited, but how do I know how to configure it for this particular api?
UPDATE:
Found out the header response gives me this line:
WWW-Authenticate: Basic realm="Minuba REST API"
This tells me that the method I'm using to authenticate should be correct right? So why am I still getting a 401?
We are trying to post from PHP to a Facebook, we are using HybridAuth but the question is not related to it.
What works:
-posting to user profile, works fine,including when using picture and link
-posting to page works including image(but not with link)
What does not work
-posting to page when we set a link(the url is not the issue since it works posting it to user profile )
The error is a generic error, that is not helping at all,thank you Facebook developers for giving us the trouble of guessing what is wrong
{"error":{"message":"An unknown error has occurred.","type":"OAuthException","code":1}}
I also made a simple script using curl to test this without involving the HybridAuth code and I get same error
<?
$access_token = "xxxxxx";
$page_id="352300454896456";
$msg = "test message ".time();
$title = "test title";
$uri = "http://www.example.com";
$desc = "test description";
//$pic = "http://ploscariu.com/simion/programming/kudani/kudani.png";
$attachment = array(
'access_token' => $access_token,
'message' => $msg,
'name' => $title,
'link' => $uri,
'description' => $desc//,
//'picture'=>$pic,
//'actions' => json_encode(array('name' => $action_name,'link' => $action_link))
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://graph.facebook.com/'.$page_id.'/feed');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $attachment);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //to suppress the curl output
$result = curl_exec($ch);
print_r($result);
curl_close($ch);
?>
My question is, what is special about this "link" parameter and page posting? do we need some undocumented permission ? or is just some graph API bug I am wondering if we need sme different token for posting links ,but usually permission issue get back a good error message
in the image is the debug tool results on the access_token I get from the HybridAuth call, I tested using a short access token I get using JS API and posting with that works, but short access token are not a solution
Is the information in the image, about the token that it never expires true? How can I get such a token using the http API and curl(no SDKs)
I found the issue, it was the access_token, I know it makes no sense that it worked without the link parameter but with the link parameter did not worked, but this is the truth. So you need to make sure you get the page access_token, you get that from me/accounts or with your SDK.
The conclusion is that the Facebook developers are doing a bad job, wrong error messages, and allowing to post with wrong token.