I am making a PHP application, that will use a single google drive account.
So as an administrator i first give permission to google drive account.
When permissions are accepted, i save the refresh token in a database.
After than, in a different URL, that will be used by clients, i am trying to authenticate.
Next, I pull the refresh token from database, and then a make a post request to:
$url = "https://accounts.google.com/o/oauth2/token";
with parameters:
$post_data = array(
'client_id' => CLIENT_ID,
'client_secret' => CLIENT_SECRET,
'refresh_token' => $refreshToken,
'grant_type' => 'refresh_token' );
After a get successful response, I save the access_token but when i try to exchange it for credentials, i get this error Message:
An error occurred: Error fetching OAuth2 access token, message: '
Error processing OAuth 2 request
Error 500
'
Fatal error: Uncaught exception 'CodeExchangeException' in ...
Am I missing something here?
Is the oauth flow i used correct?
Thanks in advance!
When you get access token from refresh token, that access token itself is a credential and there is no exchange process after that. In credential, there are: 1. access token 2. refresh token. And you get credential in exchange of authorization code, not access token. So in your code, error occurred in process of trying to get access token in exchange of access token.
Related
When i try to request a long-lived access token from the facebook api it gives back a token and when i test the token in the debugger it says it will never expire, a few hours / a day later i can't make any calls with the token anymore. It suddenly says:
"Any of the pages_read_engagement, pages_manage_metadata, pages_read_user_content, pages_manage_ads, pages_show_list or pages_messaging permission(s) must be granted before impersonating a user's page."
This is how i request the long lived token:
$client = new Client([
'base_uri' => 'https://graph.facebook.com/v12.0/me/accounts?
fields=picture,category_list,name,access_token&access_token=' . $token,
'timeout' => 2.0,
]);
Am i doing something wrong here? Does anyone else have this problem?
(Edit) - The problem occurs when i connect a second time from another website, it seems like when i connect a second site the first token gets disconnected?
With help from #CarlZhao I am finally getting a good understanding of the difference between OAuth and Graph. I am building the capability in my app for users to post messages to a team channel. So far I can list teams, channels, and delete channels. I am having a hard time trying to send a chatMessage. I understand that because sending a chatMessage is a delegated permission and not an application permission so from my understanding I have to use the accessToken created from OAuth when the user authenticated with my app.
What I am doing is saving that token in my database so I can call it when I am trying to send a chatMessage. Not sure if that is correct. So in my code, I am creating a new Graph instance, but I am using the access token of the user and not the token of the graph.
$useraccesstoken = "************************************";
// create a new OAuth graph from useraccesstoken
$graph_message = new Graph();
$graph_message->setAccessToken($useraccesstoken);
// post message
$data = [
'body' => [
'content' => 'This is a message from the API I made it works'
],
];
$message = $graph_message->createRequest("POST", "/teams/$group_id/channels/$channel_id/messages")
->addHeaders(array("Content-Type" => "application/json"))
->attachBody($data)
->setReturnType(Model\User::class)
->execute();
This is producing no errors, but nothing happens and the chatMessage is not posted. I have double-checked and my $group_id and $channel_id are correct.
Am I using the $useraccesstoken correctly? can I start a new Graph() instance with the $useraccesstoken?
Yes, you could start a new Graph() instance with the $useraccesstoken.
The graph API of sending messages doesn't return User::class. Try your code with
->setReturnType(Model\ChatMessage::class)
The access token is invalid for one hour by default, see here. You could not use it all the time, so it seems you don't need to store in the database. It's better to refresh token before the access token expires, and this step shows you how to refresh token.
The default is 1 hour - after 1 hour, the client must use the refresh
token to (usually silently) acquire a new refresh token and access
token.
I have my site set up so I can use Oauth for single sign on and added access to be able to post calendar entries made on my site to the user's outlook calendar.
Everything works on my dev environment but when I go to my calendar page in production it throws this error:
https://graph.microsoft.com/v1.0/me/calendarsresulted in a401 Unauthorized` response: { "error": { "code": "InvalidAuthenticationToken", "message": "Access token validation failure."
I am using the same token I get from oAuth for the calendars. Is that not the right way to do it? And if not how do I go about the right way to do it and why would it work?
here is a part of my oauth page
// Get an access token using the authorization code grant
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
$_SESSION['refresh_token'] =$accessToken->getRefreshToken();
$graph = new Graph();
$graph->setAccessToken($accessToken);
//the sesion token for calendars expires faster than our token to stay in connect, so if it expires have the user sign back in
try {
$user = $graph->createRequest("GET", "/me/calendars")
->execute();
} catch (Exception $e) { //FAILS HERE
// sessionTimeout(); exit;
var_dump($e);
}
EDIT
throwing the token i get back into JWT I see that when in development my token has all the information including about what scopes i have. But in production the token is missing the "scp" field. I have no idea what I am doing wrong.
EDIT 2
I thought maybe I would need a refresh token but that still gives me the same error.
I'm trying to implement Yahoo OAuth 2.0 to import contacts to my application. I'm using PHP, and this guide (Server-side Apps part) :
https://developer.yahoo.com/oauth2/guide
I have created my app, authorize access and receive my code
"authorization code is appended to the redirect_uri, shown below as
code=abcdef"
I've successfully arrive at step 4.
https://developer.yahoo.com/oauth2/guide/#step-4-exchange-authorization-code-for-access-token
Here, I cannot get a response for https://api.login.yahoo.com/oauth2/get_token and receive my Access Token.
I'm using https://github.com/saurabhsahni/php-yahoo-oauth2/blob/master/YahooOAuth2.class.php class.
Here is my code :
include_once("/libraries/Yahoo/YahooOAuth2.class.php");
// step 1, step2, step3
// Successfully received authorization code and stored in my session
[...]
//my Client ID (Consumer Key)
$cc_key = 'x3485sdfsfsdfsdfsdf[..]';
//Client Secret (Consumer Secret)
$cc_secret = '3423423fddssdfsdf';
//my authorization code receive
$code = $_GET['code'];
define("CONSUMER_KEY",'$cc_key');
define("CONSUMER_SECRET",$cc_secret);
$redirect_uri="http://dev.example.com/user/register-step4";
$token=$oauth2client->get_access_token(CONSUMER_KEY,CONSUMER_SECRET,$redirect_uri,$code);
I'm getting 401 error:
"Received error: 401 Raw response:{"error":"invalid_grant"}"
From yahoo api errors:
401 invalid_grant : An invalid or expired token was provided.
This is not true, because my authorize code should be good, because I just received exactly like in the specifications.
Related problems:
https://developer.yahoo.com/forum/Messenger-IM-SDK/not-getting-response-for-https-api-login-yahoo-com-oauth-v2-get-request-token/1310023528000-09714556-4cd3-38c5-b799-d29e8d5f9bcb/
I am trying to fetch mail from Google through gmail api
while authenticate the Google_Client after receiving the token i am getting this error
Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error fetching OAuth2 access token, message: 'invalid_client'' in
my code is simple using google-api-php-client-master and my code is as follow
require_once('config.php');
require_once 'autoload.php';
$client = new Google_Client();
$client->setScopes(array(
'https://www.googleapis.com/auth/plus.login',
'profile',
'email',
'openid',
'https://www.googleapis.com/auth/gmail.readonly',
'https://mail.google.com/',
));
$client->setApplicationName($config->social['google']->app_name);
$client->setClientId($config->social['google']->client_id);
$client->setClientSecret($config->social['google']->client_secret);
$client->setRedirectUri($config->social['google']->Redirect_URI);
$client->setDeveloperKey($config->social['google']->api_key); // API key
$gclient='';
print_r($_GET);
$token=new stdclass;
if(!isset( $_SESSION['google_token']))
{
$gclient=$client->authenticate($_GET['code']);//error occurs hare
$_SESSION['gclient']=$gclient;
if($gclient)
{
$_SESSION['google_token'] = $client->getAccessToken();
}
print_r($gclient);
}
I have checked my credentials several times and they were all correct
would some one please help me on it
I had the same problem but my solution was extreamly easy and frustrating.
When you copy the "Client secret" in API Credentials on your Google Developers Console they add a space after the "Client secret". Be sure to delete it!
$client_secret = "hf83nd93hd93j39dj9 ";<--
As Mario M. explained, there's an additional space when you copy the Client Secret. You have to make sure you got it right.
I got the same error - Error fetching OAuth2 access token, message: 'invalid_client', but in my case it was due to not verified domain. Therefore if you are creating credentials for a Web application or something similar and received the same error;
Check there's no additional space at the end of Client secret
Make sure your domain is verified
In my case I had to set the Client Secret file
$client->setAuthConfigFile(WWW_ROOT . 'files\json\client_secret_google_api.json');
and that solved my problem. Hope it helps someone.