I am currently trying to work with the Buffer API but I cannot even get CURL to return a error message.
I tried print_r on $resp but still just a blank page.
P.S I have checked with phpinfo that I do in fact currently have curl enabled which it is and it is version 7.30.0
if(isset($_GET['code'])){
$code = "REMOVED";
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => 'http://api.bufferapp.com/1/oauth2/token.json',
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => array(
'client_id' => 'REMOVED',
'client_secret' => 'REMOVED',
'redirect_uri' => 'http://localhost/example',
'code' => 'REMOVED',
'grant_type' => 'authorization_code'
)
));
$resp = curl_exec($curl);
curl_close($curl);
}
Edit:
I added the following lines of code before closing the curl
echo curl_errno($curl);
echo curl_error($curl);
And this was returned
60SSL certificate problem: unable to get local issuer certificate
As you are directly passing an array to the CURLOPT_POSTFIELDS, its assume this as multipart form posting request. Use the function http_build_query over your array.
CURLOPT_POSTFIELDS => http_build_query( array(
'client_id' => 'REMOVED',
'client_secret' => 'REMOVED',
'redirect_uri' => 'http://localhost/example',
'code' => 'REMOVED',
'grant_type' => 'authorization_code'
))
Related
I'm performing a POST request to a REST Service that requires an OAuth 2.0 authorization.
In Postman everything works perfectly fine since enabling the "Follow Authorization header" option so the auth header will be retained after a redirection.
However I dont know the equivalent to that attribute for a CURL request in PHP. So therefore I still get the following error: "Session expired or invalid".
Does anyone know how to successfully keep the auth header after a redirection in PHP cURL?
This is my php code:
$token = $this->getToken();
$url = "XXX";
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => json_encode($data),
CURLOPT_HTTPHEADER => array(
'Authorization: Bearer ' . $token,
'Content-Type: application/json'
,
curl_setopt($curl, CURLOPT_POSTFIELDS, array(
'client_id' => 'XXX',
'client_secret' => 'XXX',
'username' => 'XXX',
'password' => 'XXX',
'grant_type' => 'password',
'redirect_uri' => 'XXX'
)))
));
$response = curl_exec($curl);
var_dump('TOKEN: ' . $token);
var_dump($url);
var_dump(curl_getinfo($curl));
if (curl_errno($curl)) {
var_dump('Error:' . curl_error($curl));
} else {
var_dump("SUCCESS! ");
var_dump($response);
}
You cannot do this:
curl_setopt($curl, CURLOPT_POSTFIELDS, array(
'client_id' => 'XXX',
'client_secret' => 'XXX',
'username' => 'XXX',
'password' => 'XXX',
'grant_type' => 'password',
'redirect_uri' => 'XXX'
You already did this: URLOPT_POSTFIELDS => json_encode($data),
And you cannot use an array if you want to keep the Content-Type: application/json.
When you use an array for POSTFIELDS, curl will override the content type with Content-Type: application/x-www-form-urlencoded
I sometimes use file_get_content() with a context.
This is an easy way (without SSL) to get the headers and post data right.
Keeping mind that file_get_content() has some of the same idiosyncrasies as curl. The context has file_get_content() which populates the Body.
<?php
header("Content-Type: text/plain,UTF-8");
$jsn = file_get_contents('json.jsn');
$postdata = http_build_query(
array(
'json' => $jsn,
)
);
$opts = array('http' =>
array(
'method' => 'PUT',
'header' => 'Content-type: application/json',
'content' => $jsn //useing JSON rather than $postdata
)
);
$context = stream_context_create($opts);
$result = file_get_contents($url, false, $context);
echo $result;
I am trying to request an access token from Instagram's Basic Display API but it is giving me this error:
{"error_type": "OAuthException", "code": 400, "error_message": "Missing required field client_id"}
This is odd because I am providing a client_id. Here is my code:
$client_id = 'xxx';
$client_secret = 'xxx';
$redirect_uri = 'xxx';
if (isset($_GET['code'])) {
$code = $_GET['code'];
echo $code;
$url = 'https://api.instagram.com/oauth/access_token';
$data = array([
'client_id' => $client_id,
'client_secret' => $client_secret,
'grant_type' => 'authorization_code',
'redirect_uri' => $redirect_uri,
'code' => $code
]);
$curl = curl_init($url);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,$data);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); // to stop cURL from verifying the peer's certificate.
$result = curl_exec($curl);
curl_close($curl);
echo $result;
}else{
echo 'connect your instagram';
}
Edit:
When I run this test in Postman, I get the same error if I put the data in the params but if I put it in body / x-www-form-urlencoded it works. This is a definite clue to why it isn't working...
What am I doing wrong?
Change:
$data = array([
'client_id' => $client_id,
'client_secret' => $client_secret,
'grant_type' => 'authorization_code',
'redirect_uri' => $redirect_uri,
'code' => $code
]);
To:
$data = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'grant_type' => 'authorization_code',
'redirect_uri' => $redirect_uri,
'code' => $code
);
And it will work.
I'm trying to send a HTTP POST request through curl in php to the new Grandstream API and I'm getting the same error each time. I have to say I'm currently able to do GET requests successfully but the problems start when a body has to be send in POST.
$gdms_domain = "eu.gdms.cloud";
$timestamp = round(microtime(true)*1000);
$params_data = array(
'access_token' => '*********',
'client_id' => '*****',
'client_secret' => '************',
'timestamp' => $timestamp
);
$body_data = array(
'pageSize' => "",
'pageNum' => "",
'order' => "",
'type' => "",
'orgId' => ""
);
$params = http_build_query($params_data);
$body = json_encode($body_data);
$signature = hash("sha256","&".$params."&");
$payload_data = array(
'access_token' => $token,
'signature' => $signature,
'timestamp' => $timestamp
);
$payload = http_build_query($payload_data);
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $body,
CURLOPT_URL => 'https://'.$gdms_domain.'/oapi/v1.0.0/device/list'."?".$payload,
CURLOPT_HTTPHEADER => array(
"Content_type: application/json"
)
);
curl_setopt_array($ch, $options);
$response = curl_exec($ch);
if(curl_error($ch)){
echo 'Request Error:'.curl_error($ch);
}else{
$response = json_decode($response);
print_r($response);
return $response;
}
curl_close($ch);
The error that is returned is:
(
[data] =>
[msg] => bad signature
[retCode] => 40003
)
The API documentation is in here GDMS API. I tried to build the signature in both possible ways according to the docs and send the body in different ways.
Thank you
You should add the hashed body to the signature.
$body_signature = hash("sha256",$body);
Then final signature should be
$signature = hash("sha256","&".$params."&".$body_signature."&");
$ret = file_get_contents('https://oauth2.googleapis.com/token', false, stream_context_create([
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'protocol_version' => 1.1,
'content' => http_build_query([
'client_id' => $client_id,
'client_secret' => $client_secret,
'refresh_token' => $refresh_token,
'grant_type' => $refresh_token
])
]
]));
After running the script, I see a 400 Bad Request error. What did I do wrong?
From: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400
The HyperText Transfer Protocol (HTTP) 400 Bad Request response status
code indicates that the server cannot or will not process the request
due to something that is perceived to be a client error (e.g.,
malformed request syntax, invalid request message framing, or
deceptive request routing).
That means that most likely, something is wrong with the parameters you are sending in the request. That may not be it, but try removing the \r\n in your header parameter, they seem odd to me.
$ret = file_get_contents('https://oauth2.googleapis.com/token', false, stream_context_create([
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded",
'method' => 'POST',
'protocol_version' => 1.1,
'content' => http_build_query([
'client_id' => $client_id,
'client_secret' => $client_secret,
'refresh_token' => $refresh_token,
'grant_type' => $refresh_token
])
]
]));
The solution is very simple:
'content' => http_build_query([
client_id' => $client_id,
'client_secret' => $client_secret,
'refresh_token' => $refresh_token,
'grant_type' => 'refresh_token'
])
When trying to revoke the oauth access_token for Box, I get the error : Client id was not found in the headers or body
This is the curl-command (which works fine) :
curl https://api.box.com/oauth2/revoke -d 'client_id=CLIENT_ID&client_secret=CLIENT_SECRET&token=access_token' -X POST
When trying the same with php curl, I get the error.
<?php
$revokeurl="https://api.box.com/oauth2/revoke";
$dataq = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'token' => $access_token
);
$dataqjson= json_encode($dataq);
$headers=array(
"Content-Type: application/json"
);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $revokeurl,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => $dataqjson,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_SSL_VERIFYHOST => FALSE
));
$response = curl_exec($curl);
$json_response = json_decode( $response, TRUE );
curl_close($curl);
?>
Why is my POST with json body not correct ?
Data should be set as application/x-www-form-urlencoded rather than JSON-encoded. Example:
<?php
$revokeurl = "https://api.box.com/oauth2/revoke";
$dataq = array(
'client_id' => 'client_id',
'client_secret' => 'client_secret',
'token' => 'access_token',
);
$curl = curl_init();
curl_setopt_array(
$curl,
array(
CURLOPT_URL => $revokeurl,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => http_build_query($dataq),
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false
)
);
$response = curl_exec($curl);
$json_response = json_decode($response, false);
print_r($json_response);
curl_close($curl);