0

I'm experiencing the same issue described here" POST using CURL in PHP gives invalid request Error. Before coming across that post my code was already setup like the accepted answer.

// First I get the access code like so
function get_oauth_code($wpoa) {
    $params = array(
        'response_type' => 'code',
        'client_id' => CLIENT_ID,
        'scope' => SCOPE,
        'state' => uniqid('', true),
        'redirect_uri' => REDIRECT_URI,
    );
    $_SESSION['WPOA']['STATE'] = $params['state'];
    $url = URL_AUTH . http_build_query($params);
    header("Location: $url");
    exit;
}

$params = array(
    'grant_type' => 'authorization_code',
    'client_id' => CLIENT_ID,
    'client_secret' => CLIENT_SECRET,
    'code' => $_GET['code'],
    'redirect_uri' => REDIRECT_URI,
);
$url_params = http_build_query($params);
$url = URL_TOKEN . $url_params;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, (get_option('wpoa_http_util_verify_ssl') == 1 ? 1 : 0));
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, (get_option('wpoa_http_util_verify_ssl') == 1 ? 2 : 0));
        $result = curl_exec($curl);

When I first attempt to login this works fine, but then if I logout and reattempt (not every time, but consistently enough), it return the following error response

Array ( [error] => invalid_request )

Because of the following comment on that answer I thought perhaps the access_code was being reused some how but I ran an unset just to make sure and the problem still persist. Here is proof to that when receive the invalid_request error I do in fact have an access code:

Array( 
    [state] => 57c8b107a5a021.27458568 
    [code] => 4/Q8bswW3yheJ6tLFQnTd-pkfG6zVdbMk9UehgroR7f60 
)

I'm new to OAuth in general but have been dealing with it all week so getting pretty familiar but hoping someone out there knows more than me to help me figure this out. I want to make sure that the user will never experience an issue logging in because of some session details within the server side script.

Note: This is in collaboration with Perry Butler's WP-OAuth plugin

Improve this question

1 Answer 1

Reset to default
2

I'm not as familiar with google oauth as I'd like to be to answer this question is authority, but a few problems I see from your code.

1, you have a lot of defines that are clearly outside of the scope of this code. 2, your url is being appended with all the params that are supposed to be applied to the post of the request.

First thing I'd try is to change this line: 

$url = URL_TOKEN . $url_params;

To:

$url = URL_TOKEN;

Add some debugging in the request as well, and show the $url that's being called. There doesn't appear to be anything outside of the norm.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This seems to fix the issue with the access_token but for some reason it breaks when attempting to get the oauth identity through googleapis.com/plus/v1/people/me. So for this that step I left it as $url = URL_TOKEN . $url_params; and it seems to be working consistently. Thanks for the response

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.