I am working with Twitter OAuth in PHP framework and having an issue with getting through Twitter OAuth process. Everything seems to go through just fine and tokens match up all the way up to the last step that fetches user information.
The code is as follows:
...
$oauth->setToken($oauth_token, $session->twitter_secret);
$access_token_info = $oauth->getAccessToken(conf::get('TWITTER_OAUTH_ACCESS_URL'));
$session->twitter_state = 2;
$session->twitter_token = $access_token_info['oauth_token'];
$session->twitter_secret = $access_token_info['oauth_token_secret'];
$session->twitter_id = $access_token_info['user_id'];
$oauth->setToken($session->twitter_token, $session->twitter_secret);
if ($oauth->fetch(conf::get('TWITTER_API_URL').'/account/verify_credentials.json'))
{
...
}
Here is the exception error output:
500 exception 'OAuthException' with message 'Invalid auth/bad request (got a 404, expected HTTP/1.1 20X or a redirect)' in /var/www/webapp/app/controllers/default/auth.controller.php:135
Stack trace:
#0 /var/www/webapp/app/controllers/default/auth.controller.php(135): OAuth->fetch('https://api.twi...')
Now I am at a loss as to why there is a 404 error being thrown. It also does not make sense that the error happens after all authentication steps have been passed.
Thanks for any help in advance.
Looks like the solution is described over here:
Getting error with oauth
Seems that Twitter API needs to have a version number now.
Related
My company runs a web-application that reads out a shared-mailbox and shows the content to the users. It was based on PHP-EWS so far. Since we're moving the mailbox into the Cloud, we have to migrate this application to MS-Graph.
I've already migrated the lion's share of the application, but now I encounter a problem when I try to get the MIME-version of a message.
Getting the processed version of the message is no problem at all.
The Request for this would be something like:
GET /users/{mailbox-id}/mailfolders/inbox/messages/{message-id}
According to the documentation I have to add "/$value" at the end of the "normal" request to get the mime-version of the message.
This works perfectly into Microsoft's Graph-Tester-Website. Within my application I can also request the MIME-version of an ATTACHED message without any problems (works with the same "/$value"-trick).
But if I request the MIME-Version of a (normal) NOT-ATTACHED message, I receive the following error:
Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error: `GET https://graph.microsoft.com/v1.0/users/{mailbox-id}/mailfolders/inbox/messages/{message-id}/%24value`
resulted in a `405 Method Not Allowed` response: { "error": { "code": "ErrorInvalidRequest", "message": "The OData request is not supported.", "innerEr (truncated...) in D:\wwwroot\vendor\guzzlehttp\guzzle\src\Exception\RequestException.php:113
Stack trace: #0 D:\wwwroot\vendor\guzzlehttp\guzzle\src\Middleware.php(66): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response))
#1 D:\wwwroot\vendor\guzzlehttp\promises\src\Promise.php(203): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))
#2 D:\wwwroot\vendor\guzzlehttp\promises\src\Promise.php(156): GuzzleHttp\Promise\Promise::callHand in D:\wwwroot\vendor\guzzlehttp\guzzle\src\Exception\RequestException.php on line 113
I used the following code:
$graph = new Graph();
$graph->setAccessToken($tokenCache->getAccessToken());
/** #var $contentStream GuzzleHttp\Psr7\Stream */
$getMessageContentUrl = '/users/' . $mailbox . '/mailfolders/inbox/messages/' . $messageId.'/%24value';
try {
$contentStream = $graph->createRequest('GET', $getMessageContentUrl)
->setReturnType("GuzzleHttp\Psr7\Stream")
->execute();
} catch (GraphException $e) {
[...]
}
return $contentStream->getContents();
The same code works if I request the MIME-version of an attached message.
I thought at urlencoding-issues, so I tried "/$value" and "/%24value", same result.
I don't think that it is a permission problem. The OAUTH_SCOPES are
'openid profile offline_access User.Read Mail.Read Mail.Read.Shared Mail.ReadWrite Mail.ReadWrite.Shared Calendars.Read Calendars.Read.Shared'
So I think the account should have more than enough permissions to fulfill this task.
I have no idea, if I am doing something wrong or if it is a problem of the Graph-API or the Graph-PHP-SDK or the Guzzle-Http-Client.
I'm using the following versions:
"name": "microsoft/microsoft-graph",
"version": "1.11.0",
"name": "guzzlehttp/guzzle",
"version": "6.3.3",
"name": "guzzlehttp/psr7",
"version": "1.6.1",
I would be very glad if someone could help me or at least set me on the right track.
I found the solution. Had to replace
GET /users/{mailbox-id}/mailfolders/inbox/messages/{message-id}/$value
by
GET /users/{mailbox-id}/messages/{message-id}/$value
then it works. Kind of strange that other requests with "/mailfolders/inbox/" worked, but this one not. Whatever, as long as it works.
The Method Not Allowed Error means that the route you are requesting exists but not for the method you are using(GET). Try replacing GET method to POST like:
$contentStream = $graph->createRequest('POST', $getMessageContentUrl)
->setReturnType("GuzzleHttp\Psr7\Stream")
->execute();
Remember api's routes specifys methods alowed(GET, POST, PUT, PATCH, DELETE);
I'm implementing OpenId Connect into my Yii2 app using the yii2-authclient library. I can login and exchange the code for a token with no problems. I've followed most of the code examples on the web and set a successCallback function that gets called once a user successfully logs in. It looks like this:
public function successCallback(ClientInterface $client)
{
$attributes = $client->getUserAttributes();
}
This code gets called, but calling getUserAttributes() results in the following error:
Exception – yii\authclient\InvalidResponseException
Request failed with code: 400, message:
{"error":"invalid_request","error_description":"Token not provided"}
The logs on the id server show a blank client and user, with an error of invalid_token.
I took a close look at the request I make and I see an access_token element. Any ideas what the problem might be? I can provide more information if necessary.
I figured it out. The problem was that the yii2-authclient library was sending the token as a GET parameter and the ID server was expecting it as a POST param. I upgraded the yii2-authclient library and that solved the problem since a recent change sends the parameter as POST instead of GET.
I've got a heroku app and I am running with Auth0 as the way of logging in via oauth... I have some code more or less the same as from the fitbit api php tutorial - "completeAuthorization.php". It looks a bit like:
$oauth = new OAuth($conskey, $conssec, OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION);
$oauth->enableDebug();
}
catch( OAuthException $E )
{
print_r($E);
}
echo 'done new oauth';
$oauth->setToken($_SESSION['access_token'], $_SESSION['access_token_secret']);
echo 'done set token';
// Fitbit API call (get activities for specified date)
//http://api.fitbit.com/1/user/28C9GG/activities/date/2013-12-01.xml
$apiCall2 = 'http://api.fitbit.com/1/user/'.$_SESSION['userid'].'/activities/date/2014-02-25.xml';
echo $apiCall2;
// Performing API call
$oauth->fetch($apiCall2);
//$oauth->fetch($apiCall);
var_dump($oauth->getLastResponse());
I get the user id, and the session secret and token etc. from the Auth0 response from my index.php page, but I save them in a session to keep them on my get activities page.
But when I go to my page that does this after I log in with Auth0, I get this error:
http://api.fitbit.com/1/user/28C9GG/activities/date/2014-02-25.xml Fatal error: Uncaught exception 'OAuthException' with message 'Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)'
I am also only able to get this far on my webserver which has a pecl oauth extension installed, but heroku does not and I have no idea how to get it on Heroku, any ideas on this or why I get the above error?
Here is an example that might be useful:
https://github.com/auth0/Auth0-PHP/tree/master/examples/fitbit
In particular look at callback.php where there is a call to fitbit API
Matias
I'm writing a script, which fetches files from dropbox using it's REST API.
$this->oauth = new OAuth($consumer_key,$consumer_secret,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION);
$url = "https://api.dropbox.com/1/metadata/dropbox/";
$this->oauth->fetch($url);
Calls like these are working, so I get the authentication right. However the I can't get the thumbnails call working.
I have links like https://api-content.dropbox.com/1/thumbnails/dropbox/contact-support.jpg
That's an existing file, just fetched by the call above (which lists my files). My Dropbox app is in "full dropbox" mode, so "dropbox" as root should be OK too. I'm getting
"Fatal error: Uncaught exception 'OAuthException' with message 'Invalid auth/bad request (got a 403, expected HTTP/1.1 20X or a redirect)'..." errors constantly.
Any help would be appreciated, I'm starting to get frustrated by this.
Thanks a lot!
I have Pecl OAuth with PHP5 on a Debian box and I try to authenticate to LinkedIn. When calling;
OAuth->getAccessToken('https://api.lin...')\n#1
I get;
PHP Fatal error: Uncaught exception 'OAuthException' with message 'Invalid auth/bad request (got a 400, expected HTTP/1.1 20X or a redirect)'
I have tried it from scratch and I have tried the PHP API wrappers that are available and (ofcourse, because they use OAuth Pecl ext) have all the same problem.
I read somewhere it might be the timestamp on the server, but I synched that up with ntpdate; it does that quite often now, so the offset with the timeservers is almost 0.
I tried this class first; http://www.linkedphp.com/2009/11/26/first-release-classes-to-connect-with-php-to-linkedin-api/, someone in the comments has the same problem, however the creator of the class says 'do you get a login screen'; I don't, I get a 'Grant or Deny' screen once, after that a blank screen and the above error in my logs.
What else can it be?
Thanks
Yep, confirmed. Timestamp IS the problem.
Make sure your server date/time is in sync with the rest of the world (i use Timeserver hostnames or addresses: ntp.cpsc.ucalgary.ca )
nb: I'm starting to think that this whole oauth thing is a bad , complicated thing :)
You should post your code.
Besides the timestamp issues, missing callbacl URL in the request can also cause this error.
Try using the format:
$access_token_info = $oauth->getAccessToken($accesstokenurl, "", $token);
where $token is the 5 digit confirmation code