OAuth 2.0 in php using curl
Wow, stupid mistake, I should have a rest.
The variables names don't match. I defined:
$client_id = '###.apps.googleusercontent.com';
$client_secret = '###';
But here I used an non-existing clientID and clientSecret :
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'code' => $code,
'client_id' => $clientID,
'client_secret' => $clientSecret,
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code'
));
Fixed and working PHP script
$client_id = '###.apps.googleusercontent.com';
$redirect_uri = 'http://localhost/phpConnectToDB/csv/refreshFusionTable.php';
$client_secret = '###';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/token");
curl_setopt($ch, CURLOPT_POST, TRUE);
$code = $_REQUEST['code'];
// This option is set to TRUE so that the response
// doesnot get printed and is stored directly in
// the variable
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'code' => $code,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code'
));
$data = curl_exec($ch);
var_dump($data);
But I have to say that google provides a little misleading error message here, because I hadn't defined client_id nor client_secret and the error message was:
{
"error" : "invalid_request",
"error_description" : "Client must specify either client_id or client_assertion, not both"
}
Comments
-
FilipR almost 2 years
I need to get my access_token and refresh_token for OAuth 2.0 to Access Google APIs, the php script below should return a json with access_token, refresh_token like this:
{ "access_token" : "####", "token_type" : "Bearer", "expires_in" : 3600, "refresh_token" : "####" }
but, the php script return me only this error message:
{ "error" : "invalid_request", "error_description" : "Client must specify either client_id or client_assertion, not both" }
I tried to remove client_secret/client_id and use only client_id/client_secret, but still get the same error.
PHP script
$client_id = '###.apps.googleusercontent.com'; $redirect_uri = 'http://localhost/phpConnectToDB/csv/refreshFusionTable.php'; $client_secret = '###'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://accounts.google.com/o/oauth2/token"); $code = $_REQUEST['code']; curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_POSTFIELDS, array( 'code' => $code, 'client_id' => $clientID, 'client_secret' => $clientSecret, 'redirect_uri' => $redirect_uri, 'grant_type' => 'authorization_code' )); $data = curl_exec($ch); var_dump($data);
Although curl in cmd works and returns me access and refresh token without any errors.
curl --data "code=###&client_id=###.apps.googleusercontent.com&client_secret=###&redirect_uri=http://localhost/phpConnectToDB/csv/refreshFusionTable.php&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token
I don't understand why I get the missing scheme error, although the .php script exists and it's located on the given path. Could you help me please ?
EDIT
Problem with "Invalid parameter value for redirect_uri: Missing scheme" solved, I just replaced 'redirect_uri' => urlencode($redirect_uri), with this 'redirect_uri' => $redirect_uri, in CURLOPT_POSTFIELDS.