I'm trying to get a refresh token using PHP and curl from Google. I have been following this documentation
The followed the instructions successfully to get the "code" that I need to eventually get my refresh token, so I know that is set up correctly and I am using a proper redirect uri. Using the values that Google gives me to fill in my curl code, I created the following code:
$post = ["grant_type" => "authorization_code", "code" => "my recovered google code", "client_id" => "my oauth id", "client_secret" => "my client secret", "redirect_uri" => "my redirect id"];
$ch = curl_init('https://accounts.google.com/o/oauth2/token');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$result = curl_exec($ch);
// close the connection, release resources used
curl_close($ch);
// log my returned tokens
file_put_contents('./tokenLogger-'.date("H.i.s").'.log', $result, FILE_APPEND);
All that I am getting my my log file is this:
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
I have wasted two days and could really use some direction. I am following Google's directions, and yet it is failing for me. Any insight would be extemely helpful. Thank you!!
This one was frustrating, but turned out to be fairly straight forward. When trying to obtain a refresh token, you must get a "code" from google that you use to obtain the refresh token. This "code" is only good for one use! If you try to use it and you have a bug in your code, you must generate a new "code" before you can try again. Whether it succeeds or fails, you only get one shot. I was under the impression that I could keep using it until it succeeded. That is not correct.
Related
Trying to authorize an 'app' in 3dcart
The api is fairly well documented using Swagger and they have this page w/ instructions https://apirest.3dcart.com/v1/getting-started/index.html#getting-started
You are supposed to make this first call, which is supposed to give you token you use in the subsequent step
https://apirest.3dcart.com/oauth/authorize?
Client_Id=22613fdfc5a6200bece02a29524XXXXX
&state=12345
&response_type=code
&store_url=www.***********.com
&redirect_uri=www.!!!!!!!!!!.com <============== WHAT SHOULD THIS BE
Using postman, I can play with the various parameters.
I beleive clientId should be the guid-ish string you get associated w/ each store that has subscribed to your app.
Store Url - i know this. Should I include the https:// protocol in the string?
It sounds like STATE is just something you pass in and the store parrots it back to you.
redirect_uri - not sure what this is/ should be
I can get status 200 OK, but i am getting an HTML page .
Pasting same URL in a browser, I am getting a login page. I login as an admin user and then get 404 because it is redirecting me to the redirect_uri
??? I really just want to login. I tried passing in a blank uri and omitting the parameter. Both yield
Status 400 Error 101 redirect_uri is required
Am I doing this correctly? Is there an example of authorizing so you can use the API?
I have downloaded the GIT repository. That helps a bit, but still missing something
tyia
Using the URL you're talking about will allow the customer to grant access to your application. The Redirect URI in the URL you have the customer click on MUST match the Redirect URI you have set up on your app in 3dcart Developer.
After that, there are 5 steps to getting the Authorization Token and then use it to work with the 3dcart API.
The redirect URI is your endpoint where 3dcart will send the code.
Step one:
Set up your Redirect URIs: under the Oauth tab on your application on 3dcart Developers
Step 2:
3dcart will post to this URL a "Code". You can get this from the URL with GET
$code = $_GET['code'];
Step 3:
Use Curl (or whatever) to make a postback to 3dcart with the code
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://apirest.3dcart.com/oauth/token");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
$data = array('Code' => $code, 'client_id' => '{your public app key}', 'client_secret' => '{your private app key}', 'grant_type' => 'authorization_code');
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'application/x-www-form-urlencoded'
));
$response = curl_exec($ch);
Step 4:
parse the response to get the access_token:
$info = json_decode($response, true);
$access_token = $info['access_token'];
Step 5:
Use the Access token to make calls to 3dcart using the following parameters in curl
$auth = array(
"Content-Type: application/xml",
"Accept: application/json",
"Authorization: Bearer $access_token",
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://apirest.3dcart.com/3dCartWebAPI/v2/{API END POINT}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_HTTPHEADER, $auth);
$response = curl_exec($ch);
curl_close($ch);
Recently, Twitch bring a new API version using new endpoints etc..
I was working on the V5, but I didn't use Curl command line, I work with URL.
So I decide to look at the references of the new version, trying for example to getting the followers and found this :
https://api.twitch.tv/helix/users/follows?to_id='user ID'
So I replace the user_ID by an id (mine and/or another) and get :
{
"error":"Unauthorized",
"status":401,"message":"Must provide a valid Client-ID or OAuth token"
}
When I was working on the V5, I was putting the client_id and the oauth at the end of the URL like this :
https://api.twitch.tv/kraken/channels/CHANNELNAME?client_id=xXxXxXxXxX&oauth_token=aaaabbbbccc111
And it was working, but in the new API, I already have a parameter so I added the client_id and token after with a & connector... But still have the same error.
I also try to put them before the to_id parameter, but same...
So my question is really stupid but anyone know the URL format on the new API?
You should send your Client-ID in request's header now, not as a param in URL. But there's other problem with SSL/HTTPS in this case if you use curl.
Here is a solution to your problem
DEFINE (TWITCH_API_KEY,'YOUR_KEY_HERE');
$url = 'https://api.twitch.tv/helix/streams/metadata';
$ch = curl_init();
$headers=['Client-ID: '.TWITCH_API_KEY];
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec ($ch);
curl_close ($ch);
echo $result;
I have started digging into Jawbone's UP API today and everything seems to go fine throughout the authentication process. The problem is that, once I get an access token back, it's always the same token, it doesn't work in any of my requests, and I can't change it with the refresh_token endpoint.
oAuth setup:
$url_params = array(
'response_type' => 'code',
'client_id' => CLIENT_ID,
'scope' => array('basic_read', 'extended_read', 'move_read'),
'redirect_uri' => 'https://my-site.com/up_auth.php',
);
These are the parameters attached to the https://jawbone.com/auth/oauth2/auth URL and I get sent to Jawbone and prompted as expected. When I accept the authorization I get kicked back to my-site.com as expected with the code in the URL. I then use the code like so
$params = array(
'client_id' => CLIENT_ID,
'client_secret' => APP_SECRET,
'grant_type' => 'authorization_code',
'code' => $code,
);
And attach those parameters to https://jawbone.com/auth/oauth2/token and finally get kicked back to my server with something similar to:
{
"access_token": "REALLY_LONG_STRING",
"token_type": "Bearer",
"expires_in": 31536000,
"refresh_token": "ANOTHER_REALLY_LONG_STRING"
}
When I use access_token to try and get a response like this
$headers = array(
'Host: my-site.rhcloud.com',
'Connection: Keep-Alive',
'Accept: application/json',
"Authorization: Bearer {$_REQUEST['access_token']}",
);
$ch = curl_init('https://jawbone.com/nudge/api/v.1.1/users/#me/moves');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$o = curl_exec($ch);
curl_close($ch);
var_dump($o);
from the API, this is the response every time:
{
"meta": {
"code": 401,
"error_detail": "You must be logged in to perform that action",
"error_type": "authentication_error",
"message": "Unauthorized"
},
"data": {
}
}
The token never changes, even in a private browsing session, and even if I successfully refresh using the provided refresh_token and the proper API call - the call succeeds, but Jawbone gives me back the same token. If I test the same flow through the Jawbone API Console, the Bearer token in the request headers is different from the one I get here. Note that I get the same access_token when I attempt the same process with my wife's Jawbone credentials as well.
Finally figured out what was going on and heard back from Jawbone about it. It turns out that they have collisions on the backend if you use the same auth with two different clients.
For anyone else that runs into this problem, don't use the same login in two different contexts simultaneously as it will reset auths in weird ways.
In our case, we have test user accounts that are often shared between devs since it is sometimes hard to get real data unless you have the actual device. This was causing 'duplicate' logins that made Jawbone code freak out.
We got confirmation from a Jawbone dev who ran into the same problem when developing an internal app.....
I have set up for google api shortner on my website and i have it to get new shortned urls when ever someone places there url on my site. This is the code i have:
if($REQUEST_METHOD=="POST"){
if(isset($add)){
$longUrl = $url;
$apiKey = 'My api key';
$postData = array('longUrl' => $longUrl, 'key' => $apiKey);
$jsonData = json_encode($postData);
$curlObj = curl_init();
curl_setopt($curlObj, CURLOPT_URL, 'https://www.googleapis.com/urlshortener/v1/url');
curl_setopt($curlObj, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curlObj, CURLOPT_HEADER, 0);
curl_setopt($curlObj, CURLOPT_HTTPHEADER, array('Content-type:application/json'));
curl_setopt($curlObj, CURLOPT_POST, 1);
curl_setopt($curlObj, CURLOPT_POSTFIELDS, $jsonData);
$response = curl_exec($curlObj);
//change the response json string to object
$json = json_decode($response);
curl_close($curlObj);
in "my api key" i do have a api key and i do place it there and i do have shortner api enable in google. To echo the shortened url i use:
<?print $json->id;?>
which works fine. My problem is that if someone places the same url twice, it will give them the same shortned url and not a new unique one. Would any of you know what could be causing this problem? Is there something wrong in my coding?
Any help is much appreciated. Thank you
This is interesting situation I just ran into. If you authenticate using your api key, then indeed you get the same shortened url or id for every long url you pass in. That's actually what I want for my use case!
But if you authenticate using OAUTH then you get a new unique id for every long url you pass in, even when they are the same.
You can see this behavior in the api explorer when you toggle on and off OAUTH authentication:
https://developers.google.com/url-shortener/v1/url/insert
I don't see this documented anywhere, so its' hard to know whether this is a feature or a bug, or what we can expect in the future.
I have an issue when trying to generate Access Token by POST data to https://login.bigcommerce.com/oauth2/token. There is an exception error ('The remote server returned an error: (400) Bad Request.'). I don't know why but I already read the document at https://developer.bigcommerce.com/apps/callback#token
If I open that URL on any web browsers. It said that "The page you were looking for doesn't exist."
Could you please help me this?
Thank you,
Trung
If you are getting a 400 response to your POST request to https://login.bigcommerce.com/oauth2/token then that is indicating a problem with your data. The most likely causes are:
You are not including the following header in your POST request:
Content-Type: application/x-www-form-urlencoded
You are not URL encoding your POST data such as the following example:
client_id=236754&client_secret=m1ng83993rsq3yxg&code=qr6h3thvbvag2ffq&scope=store_v2_orders&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fapp.example.com%2Foauth%26context%3Dstores%2Fg5cd38&context=stores%2Fabc123
Also note that the error response message body that you receive should have some more details about the source of the problem.
If you have confirmed the above points then maybe try giving a sample of your POST data or some information about what you are doing to URL encode your data. Make sure not to include your actual client ID, client secret, or redirect URI.
Try ussing cURL
$data = array( "client_id" => "sdfgdfgdfkxddfgdfgdfdfgdfgddfgdfg2",
"client_secret" => "sdfgsdfgsdfgsdfgsdfgdf",
"redirect_uri" => "https://youapp.com/oauth",
"grant_type" => "authorization_code",
"code" => $_GET["code"], "scope" => $_REQUEST["scope"], "context" => $_GET["context"], );
$postfields = http_build_query($data);
$ch = curl_init();
$url = "https://login.bigcommerce.com/oauth2/token";
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec ($ch);
curl_close ($ch);
$obj = json_decode($output);
var_dump($obj);
Firstly you need to get temporary authorization code, but sending GET request to https://login.bigcommerce.com/oauth2/authorize with parameters clientId, Scope, Context ("stores/{your_store_hash}") and redirect_url.
Only after this, you can change your temporary token to permanent token (see previous post).
This permanent token expires in 30-60 days, but I don't know how to renew it automatically without user action. If you know that, please write how.