سؤال

I'm currently using OAuth 2.0 to access Google's reader API. I have successfully gotten a "code" and "state" returned in the URL. Right now I'm using a post method to pass in the required parameters in order to receive an access token. I have been fiddling with it for quite a while and all I've got is:

{ "error": "invalid_request" }

My code is below:

<?php 

session_start();

$code = $_GET['code'];
$state = $_GET['state'];

if ((!is_numeric($state)) || ($state != $_SESSION['state'])) {
    throw new Exception('Error validating state.');
}

$accessTokenExchangeUrl = 'https://accounts.google.com/o/oauth2/token';
$redirectUriPath = '/authentication.php';

$accessTokenExchangeParams = array(
    'code' => $code,
    'client_id' => 'xxxxx',
    'client_secret' => 'xxxxx',
    'redirect_uri' => (isset($_SERVER['HTTPS'])?'https://':'http://') . $_SERVER['HTTP_HOST'] . $redirectUriPath,
    'grant_type' => 'authorization_code'
    );


$goToUrl = $accessTokenExchangeUrl . '?' . http_build_query($accessTokenExchangeParams);

?> 

<!DOCTYPE HTML>
<html>
<head>
    <title></title>
</head>

<body>

    <form action=<?php echo $goToUrl; ?> method="post">
        <input type="submit" value="Click Me!">
    </form>

</body>

</html>

Thanks in advance!

هل كانت مفيدة؟

المحلول

Have you tried putting the code, client_id, etc. variables as input parameters (in the POST request body), instead of in the query string? Google examples demonstrate it that way.

There are security reasons why they shouldn't be in the query string if you're following the OAuth 2 spec.

مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top