Why curls fails to verify google access token whereas browser succeeds? - google-oauth

with this simple code I manage to get Google's access tokens.
See the code:
public function authenticate($code = null) {
if (!$code) {
if ($this->log)
error_log(__CLASS__ . '::authenticate() error: $code is null.');
return false;
}
$client_id = $this->token->get('client_id');
$client_secret = $this->token->get('client_secret');
$redirect_uri = $this->token->get('redirect_uri');
$url = $this->token->get('token_endpoint');
$curlPost = 'client_id=' . $client_id . '&client_secret=' . $client_secret . '&redirect_uri=' . $redirect_uri . '&code='. $code . '&grant_type=authorization_code';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $curlPost);
$buffer = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$data = \json_decode($buffer, true);
if ($http_code != 200) {
$log = __CLASS__ . '::authenticate() error: http code not 200. Responded: '.print_r($data, true);
$return = false;
} else {
$this->auth = $data;
$return = true;
$log = __CLASS__ . '::authenticate() returns '.$return.' and sets this->auth='.print_r($data, true);
}
if ($this->log)
error_log($log);
return $return;
}
you can see my project there with a test file.
My question is about the verify() function.
When I want to verify Google's access token by typing in the browser sth like https://www.googleapis.com/oauth2/v2/tokeninfo?access_token=.... I get immediately a response from Google but when I try the following function with cURL it fails miserably:
public function verify($access_token = null) {
if (!$access_token) {
if ($this->log)
error_log(__CLASS__ . '::verify() error: $access_token is null.');
return false;
}
$url = $this->token->get('verify_endpoint');
$curlPost = 'access_token='. $access_token;
//$curlPost = \http_build_query(array('access_token' => $access_token));
//$curlPost = array('access_token' => $access_token);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url.'?'.$curlPost);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
//curl_setopt($ch, CURLOPT_VERBOSE, true);
$buffer = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$data = \json_decode($buffer, true);
if ($http_code != 200) {
$log = __CLASS__ . '::verify() error: http code not 200. Responded: '.print_r($data, true);
$return = false;
} else {
$this->verify = $data;
$log = __CLASS__ . '::verify() sets this->verify='.print_r($data, true);
$return = true;
}
if ($this->log)
error_log($log);
return $return;
}
Has this sth to do with cURL? Any answer is welcomed.
Just to clarify: browser request https://www.googleapis.com/oauth2/v2/tokeninfo?access_token=... or with ?id_token=... always succeeds BUT not cURL with the proper tokens in the query part of course.


From your source code here
$this->set('verify_endpoint', 'https://www.googleapis.com/oauth2/v2/tokeninfo');
is calling googles token info end point documentation is used for validating an id token you appear to be passing it an access token. This is not going to work.
TBH i dont understand why you would bother validating an access token. The best way to test if an access token is working is to make the call to the API in question if it doesnt work you will get an error back. Why would you want to make a call to test if it works then use it if it does work your doubling your requests.


Problems solved!
After a 2 month searching at last there is an update version of my project wirh cUrl problems solved immediately after started to investigate errors sent by the curl environment.
The browser success ringed a bell that probably there was a DNS issue as these threads repeatedly showcase this:
https://curl.haxx.se/mail/curlphp-2016-10/0000.html
https://forums.rancher.com/t/dns-caching-issues/1566/8 #vincent
https://github.com/GoogleCloudPlatform/google-cloud-php/issues/405
https://github.com/google/google-api-php-client/issues/1184
This discussion from #sanmai about CURLOPT_RESOLVE actually made it working! Also see php manual; The same is proposed here by Luc van Donkersgoed and there by John Hart.
The tricky parts of response headers on GET requests that contain Google's response are discussed here and in other places.
Curl certificates are downloaded from there.
A discussion for certificates is there.
A discussion for debugging cUrl here and there.
For a discussion of Expect header and it's implications you can read this and that.
Now cUrl is lightning fast when it connects to google. See my project.
My deepest gratitude to all the users who patiently and kindly support the community. You guys are awesome! many thanks!

Related

getList() must be an instance of Magento\Framework\Api\SearchCriteriaInterface

Been trying to figure out what is going on here, but gotten stuck. Anyone got an idea as to what is going on.
Using Magento 2.2.4
( ! ) Fatal error: Uncaught TypeError: Argument 1 passed to Magento\Catalog\Model\ProductRepository\Interceptor::getList() must be an instance of Magento\Framework\Api\SearchCriteriaInterface, string given in C:\wamp64\www\magento2\generated\code\Magento\Catalog\Model\ProductRepository\Interceptor.php on line 85
( ! ) TypeError: Argument 1 passed to Magento\Catalog\Model\ProductRepository\Interceptor::getList() must be an instance of Magento\Framework\Api\SearchCriteriaInterface, string given in C:\wamp64\www\magento2\generated\code\Magento\Catalog\Model\ProductRepository\Interceptor.php on line 85
Code I try to execute:
set_time_limit(0);
define('TOKEN', 'token code');
define('URL', 'http://localhost:8080/magento2/index.php');
$headers = array("Authorization: Bearer ". TOKEN);
//API URL to get all Magento 2 modules
$requestUrl = (URL . "/rest/V1/products?searchCriteria=");
$ch = curl_init($requestUrl);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
print_r($result);

You need to pass search Criteria while requesting API. Try below code.
set_time_limit(0);
define('TOKEN', 'token code');
define('URL', 'http://localhost:8080/magento2/index.php');
$headers = array("Authorization: Bearer ". TOKEN);
//API URL to get all Magento 2 modules
$requestUrl = (URL . "/rest/V1/products/?searchCriteria[filter_groups][0][filters][0][field]=category_gear&searchCriteria[filter_groups][0][filters][0][value]=86&searchCriteria[filter_groups][0][filters][0][condition_type]=finset");
$ch = curl_init($requestUrl);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
print_r($result);

cURL post with PHP failing

Using Postman, I have been able to successfully create an API call to retrieve information from the webserver.
However, I have been unsuccessful in doing the same with PHP. Following are a few screenshots from Postman which I am trying to replicate in PHP.
This is my PHP code -
$filters = array("1234", "28");
$selectors = array("Brand", "Name");
$body = array('Filter' => array('SKU'=>$filters, 'OutputSelector' => $selectors));
$url = "https://xyz.neto.com.au/do/WS/NetoAPI";
$method = "POST";
$headers = array(
"NETOAPI_ACTION: GetItem",
"NETOAPI_KEY: xxxxxxx",
"Accept: application/json",
"NETOAPI_USERNAME: puneeth"
);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
$err = curl_error($ch);
curl_close($ch);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
P.S I have deliberately fudged the url and key.
I am trying to follow instructions as outlined here - https://developers.neto.com.au/documentation/engineers/api-documentation/products/getitem

Few things that might be preventing your code from working:
1. Array to string conversion
You have declared the body of the request as an array in $body. You need to JSON-encode it before passing it to cURL:
$body = array('Filter' => array('SKU'=>$filters, 'OutputSelector' => $selectors));
$bodyJSON = json_encode($body);
[...]
curl_setopt($ch, CURLOPT_POSTFIELDS, $bodyJSON);
2. HTTPS request
If you're getting an empty response, you'll also need to configure cURL for SSL communication. A quick fix for this is to ignore the remote server certificate validity:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Although this works, see this answer for a better solution.
3. Missing Content-Type
When sending raw postfields, some servers need to know what type of data you're sending. This is done by setting a Content-Type header:
$headers = array(
"Content-Type: application/json",
[...]
);

I am getting 401 ssl required error for likedin rest api while accessing some basic profile fields

I am using rest api to fetch basic profile data from linkedin with php code. I am successfully able to generate access code and access token but I am getting ssl required error whenever I tried to get basic profile using following url
https://api.linkedin.com/v1/people/~?format=json
I followed all steps to make authenticated requests as listed there https://developer.linkedin.com/docs/oauth2
I am using a non ssl url as call back parameter , Is it necessary to use ssl url ? If not then why I am getting this error .
looking for a solution
below is code to get profile fields
$host = "api.linkedin.com";
$path = "/v1/people/~)";
//$arr = array('oauth2_access_token' => $access['access_token']);
$token = $access['access_token'];
$header[] = "Authorization: Bearer ".$token;
$header[] = "Connection: keep-alive";
$header[] = "Keep-Alive: 300";
$ch = curl_init();
// endpoint url
curl_setopt($ch, CURLOPT_URL, $host . $path);
// set request as regular post
//curl_setopt($ch, CURLOPT_HTTPGET, true);
// set http version
curl_setopt($ch, CURLOPT_HTTP_VERSION, 'HTTP/1.1');
// set data to be send
//curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($arr));
// set header
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
// set header
curl_setopt($ch, CURLOPT_CERTINFO, true);
// return transfer as string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
var_export($response);

My solution was to use https:// instead of just http://

Instagram Like API. Posting a like through curl and php

I am trying to figure out how to POST a like for Instagram. Click here to view my website for testing this API.
http://ewands.no-ip.biz/Intern/guangjian/instagram/
This is my first time trying the Instagram API. Google it but no tutorial is found on this topic. Below are my PHP code.
Getting the media id:
$api = file_get_contents("http://api.instagram.com/oembed?url=http://instagram.com/p/n5DyHnKWoo");
$apiObj = json_decode($api,true);
$media_id = $apiObj['media_id'];
After the like button is clicked, the URL becomes http://ewands.no-ip.biz/Intern/guangjian/instagram?api=like, so from PHP we run the code below:
if($_GET['api'] == 'like'){
header('location:https://api.instagram.com/oauth/authorize/?client_id=3548d38f15b54dbfb744bf0705fa8198&redirect_uri=http://ewands.no-ip.biz/intern/guangjian/instagram?function=like&response_type=code');
The above will redirect the page to http://ewands.no-ip.biz/intern/guangjian/instagram/?function=like&code=3b50fdbcd0184f979b31f5b0d12354c4 <-- Instagram server added a random code, next, use curl to get the access token:
}
if($_GET['function'] == 'like') {
$code = $_GET['code'];
$url = "https://api.instagram.com/oauth/access_token";
$access_token_parameters = array(
'client_id' => '3548d38f15b54dbfb744bf0705fa8198',
'client_secret' => '97e12a30416d4436a52107d0d1820e91',
'grant_type' => 'authorization_code',
'redirect_uri' => 'http://ewands.no-ip.biz/intern/guangjian/instagram?function=like',
'code' => $code
);
$curl = curl_init($url);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,$access_token_parameters);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($curl);
curl_close($curl);
$arr = json_decode($result,true);
$token = $arr['access_token'];
I have tested that I am able to get the token, so far so good, then the next part does not work, I am just trying my luck, since I am not familiar with curl and there are no tutorial out there from Googling for Instagram API tutorial.
$url = 'https://api.instagram.com/v1/media/'.$media_id.'/likes';
$curl = curl_init($url);
curl_setopt($curl,CURLOPT_POST,true);
curl_setopt($curl,CURLOPT_POSTFIELDS,'access_token='.$token);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec($curl);
}

Instagram returns a # in the token return which renders it useless for $_GET.
The token is only supposed to be used one.
You manually copy it from the URI and then use it accordingly in your code.
It is HIGHLY insecure.
You're over thinking it.

Authentication Errors Trying to Access to the Google Analytics API via http (not using oAuth)

I'm trying to build a simple script to import page view counts for articles published via my CMS. I easily constructed my query using the Google Analytics API query builder which quickly returns the desired result. A scheduled job on my web server will run the query once per day and update and page view counts.
Because I'm only pulling in pageviews, I believe it wasn't necessary to go through the entire oAuth process. This Google account has only one web property and only one profile, so there isn't a routine needed to derive that.
I registered an app and created an API key. I have ensured that Google Analytics is turned on for this profile. Based on my reading of the API, I believe I can pass this key as an http parameter to properly authorize the query.
When I run the query via http, I get an authorization error (401). The query is included below:
https://www.googleapis.com/analytics/v3/data/ga?ids=ga%3A[MY ID]&metrics=ga%3Apageviews&start-date=2012-08-09&end-date=2012-08-23&max-results=50&key=[MY API KEY]
I've Googled many examples of this, but they all seemed to implementing a very elaborate (and in my use case unnecessary) authentication routine. But maybe I'm missing something.
Many thanks in advance.
Kris, frustrated Googler

Use this example to fix 401 error http://dumitruglavan.com/ganalytics-class-access-google-analytics-data-api-with-php/
You need to authorize:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/accounts/ClientLogin");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);
$data = array(
'accountType' => 'GOOGLE',
'Email' => $email,
'Passwd' => $password,
'service' => 'analytics',
'source' => ''
);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
$auth = '';
if($info['http_code'] == 200) {
preg_match('/Auth=(.*)/', $output, $matches);
if(isset($matches[1])) {
$auth = $matches[1];
} else {
throw new Exception('Login failed with message: ' . $output);
}
}
And after authorize send authorization token in headers:
$headers = array("Authorization: GoogleLogin auth=$auth");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);