I'm try to google plus api for third party log in on my web site.
I use class Google_Client method createAuthUrl to generate URI for user log in,
and the page will redirect to my web site page to complete the authorization,
but when I use method Google_Client.authenticate to check the result,I got following error,
Error fetching OAuth2 access token, message: 'invalid_request
so,how can I check where does the error from? maybe in session or somewhere
I encountered this problem myself. As it turns out, I wasn't consistent in de construction of the client. Make sure that your redirect uri does not include the returned query string containing the authentication code!
For example this will not work:
$client->setRedirectUri('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
REQUEST_URI will be different when the user returns from Google.
Related
I'm implementing OpenId Connect into my Yii2 app using the yii2-authclient library. I can login and exchange the code for a token with no problems. I've followed most of the code examples on the web and set a successCallback function that gets called once a user successfully logs in. It looks like this:
public function successCallback(ClientInterface $client)
{
$attributes = $client->getUserAttributes();
}
This code gets called, but calling getUserAttributes() results in the following error:
Exception – yii\authclient\InvalidResponseException
Request failed with code: 400, message:
{"error":"invalid_request","error_description":"Token not provided"}
The logs on the id server show a blank client and user, with an error of invalid_token.
I took a close look at the request I make and I see an access_token element. Any ideas what the problem might be? I can provide more information if necessary.
I figured it out. The problem was that the yii2-authclient library was sending the token as a GET parameter and the ID server was expecting it as a POST param. I upgraded the yii2-authclient library and that solved the problem since a recent change sends the parameter as POST instead of GET.
I am trying make a registration with FB option for my PHP based website. My callback url for the website is
http://subdomain.mydomain.com/user/fblogincb/
I have added that in the Valid OAuth redirect URIs in my Apps Facebook Login settings. The login button of my website correctly invoke the callback url, but when I try to use the access token in my call back page using the follwing code:
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
}
it return the exception:
Graph returned an error: Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
The redirected URL from FB is:
http://subdomain.mydomain.com/user/fblogincb/?code=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
However, turning off the Strict URLs mode does not have this issue. What am I doing wrong here for the Strict URLs mode. Any help will be appreciated.
Try and pass the exact redirect URL that was used in the login dialog call, as parameter to the getAccessToken method:
$accessToken = $helper->getAccessToken('http://subdomain.mydomain.com/user/fblogincb/');
The exact same redirect_uri parameter value must be passed in both calling the login dialog, and in the subsequent API call that exchanges the code for a token. The SDK has its own "URL detection handler" on board (or you can supply your own, in environments where custom routing logic might require that) for the purpose of determining the current URL - which usually does the job fine, but depending on the exact setup, it can fail sometimes.
I am a bit surprised by the error message, I remember seeing a different one in such cases that explicitly mentioned the redirect_uri mismatch ... but maybe while implementing strict mode something changed internally, dunno.
Do not forget to update Facebook PHP SDK to latest v5.6.2, strips code param from Facebook redirect_uri callback
Facebook SDK for PHP - changelog
5.6.2 (2018-02-15)
Strip 'code' param (#913)
I am trying to retrieve the contents of my calendar using the Outlook REST API, but I am getting weird error responses.
The code is based on the example code supplied by Microsoft in https://github.com/microsoftgraph/php-connect-rest-sample
I have created an application and specified it want access to calendar.read and changed the scope in the testcode, Constants::SCOPE, to include this scope.
After succesfully retrieving a token I can verify that the application requests and sets the correct privileges. After that I try to retrieve the events in my calendar as described at the documentation: https://msdn.microsoft.com/en-us/office/office365/api/calendar-rest-operations#get-series-master-and-single-events-rest
I use the Advanced REST client add-on for Chrome to create a GET request with the following specs:
Url: https://outlook.office.com/api/v2.0/me/events
Headers:
Authorization: Bearer [token]
Prefer: outlook.timezone=Europe/Berlin
The response I get is a 401 status code with the following content for the X-Ms-Diagnostics header:
2000010;reason="ErrorCode: 'PP_E_RPS_CERT_NOT_FOUND'. Message: 'Certificate cannot be found. Certificate required for the operation cannot be found.%0d%0a Internal error: spRPSTicket->ProcessToken failed. Failed to call CRPSDataCryptImpl::UnpackData:Certificate cannot be found. Certificate required for the operation cannot be found.%0d%0a Internal error: Failed to decrypt data. :Failed to get session key. RecipientId=293577. spCache->GetCacheItem returns error.:Cert Name: (null). SKI: d6c3dacffd2b3fba2fb3d6c2b0fcd78680a3acd1...'";error_category="invalid_msa_ticket"
The Www-Authenticate header specifies 'error="invalid_token"' while the token was just received.
Any idea what I am doing wrong?
I think another thing you might be able to check out is the scope when you request the v2 endpoint. for V2 endpoint, the scope is different between Graph API and outlook api. you need to specify scope as "https://outlook.office.com/calendars.read" instead of Graph scope.
I hope it will help.
Basically, the message means that the token you're trying to use is not valid for the operation.
I went through this. This is how I've solved:
I use the suggested scopes here (I was creating an event): https://msdn.microsoft.com/office/office365/APi/calendar-rest-operations#create-events
To get the authorization code I used this URL schema:
https://login.live.com/oauth20_authorize.srf?client_id=[YourClientID]&scope=[ScopeYouNeed]&response_type=code&redirect_uri=[YourRedirectURI]
Then I get the refresh & the access token. And now it's working!
You need to just change the URL from https://outlook.office.com/api/v2.0/me/events to https://graph.microsoft.com/v1.0/me/events
I'm using PHPoAuthLib in order to connect to the QuickBooks API per their example
When I follow their example, the first request that I make to the API works perfectly:
$result = json_decode($quickbooksService->request($url));
echo 'result: <pre>' . print_r($result, true) . '</pre>';
However in their example they use $_GET['oauth_token'] and $_GET['oauth_verifier'] to request an access token, and these values are only available on the $_GET server variable during the single callback from QuickBooks Online immediately after my app has been authorized.
For future requests there are no such examples on PHPoAuthLib's docs, so I tried a quick homebrew solution:
Save the response from QBO somewhere
if (!empty($_GET['oauth_token']) {
file_put_contents("token.txt", json_encode([
'oauth_token' => $_GET['oauth_token'],
'oauth_verifier' => $_GET['oauth_verifier'],
'realm_id' => $_GET['realmId']
]));
}
Use that response again later
$token = json_decode(file_get_contents("token.txt"));
$quickbooksService->requestAccessToken(
$token->oauth_token,
$token->oauth_verifier
// $token->getRequestTokenSecret() is not necessary - it will be automatically populated
);
// At this point my app crashes and return a 500 error
// Further code does not run
The error I receive is:
TokenResponseException in StreamClient.php line 68:
Failed to request resource. HTTP Code: HTTP/1.1 401 Unauthorized
Remember that the token and verifier work perfectly if I use them immediately after the app is authorized. If I save them to a file and attempt to re-use them 30 seconds later, this happens.
I think it might be a fundamental misconception about OAuth 1.0
I don't think what you have is a correct OAuth implementation. Have you read the OAuth spec and implemented as it's defined there?
Once you have a request token and a verifier, you use those to get an access token.
That access token is then good for 6 months.
It looks like you're trying to use a short-lived request token to continually fetch access tokens instead. That won't work.
i.e. If you're doing this everytime you want to make another request:
$quickbooksService->requestAccessToken(
Then you're doing something wrong. You should be doing that ONCE every 6 months, and that's it.
Working code here:
https://github.com/consolibyte/quickbooks-php/blob/master/QuickBooks/IPP/IntuitAnywhere.php
https://github.com/consolibyte/quickbooks-php/blob/master/QuickBooks/IPP/OAuth.php
https://github.com/consolibyte/quickbooks-php
Spec is here:
http://oauth.net/core/1.0a/#auth_step3
I try to get the Live Delegated Authentication to work for the purpose of reading the email addresses.
I am doing this in PHP with the help of the windowslivelogin library. The problem is that I get an error.
I'm not sure what I'm doing wrong, i registered my application on the Azure webpage and got the appid and the secret into the code. This is what i use to initialize the Live Library :
$o = new WindowsLiveLogin();
$o->setAppId('000000004801B670');
$o->setSecret('secret');
$o->setSecurityAlgorithm('wsignin1.0');
$o->setDebug(true);
$o->setPolicyUrl('http://www.google.com/aides.html');
$o->setReturnUrl("http://michaelp.dev.gamepoint.net/framework/mainsite/contactimporter/?service=live");
return $o;
Then I call
$this->LiveLibrary->getLoginUrl()
And after I Login in to Live, it posts 2 things back, $_POST['stoken'] and $_POST['action'].
As soon as I call
$this->LiveLibrary->processLogin($_REQUEST);
It fails and gives back an error that the token is invalid.
I tried getting Consent straight away by making redirecting to
$this->LiveLibrary->getConsentUrl("Contacts.View");
But that gives an 3007 error and says that it cant share the information
According to MS this means the following :
3007
Consent Service API failed in the <method name> method. The application verifier is invalid.
The offer security level requires that a valid application verifier be passed with the request.
I am using the following URL, generated by the library
https://consent.live.com/Delegation.aspx?ps=Contacts.Invite&ru=http%3A%2F%2Fmichaelp.dev.gamepoint.net%2Fframework%2Fmainsite%2Fcontactimporter%2F%3Fservice%3Dlive&pl=http%3A%2F%2Fwww.google.com%2Faides.html&app=appid%3D000000004801B670%26ts%3D1251722931%26sig%3DD2gkM%252F%252FwlRXXfS64NMrV%252Bkt50v6dAOcESblfRk7j%252FUE%253D
I don't understand most of the documentation Microsoft has on this thing, I think its really unclear and chaotic. Also the Sample I tried doesn't work. I get an error message, it can't validate/decode the token. Same I get when I try the processLogin().
Thanks in Advance,
Michael