I'm currently using OAuth 2.0 to access Google's reader API. I have successfully gotten a "code" and "state" returned in the URL. Right now I'm using a post method to pass in the required parameters in order to receive an access token. I have been fiddling with it for quite a while and all I've got is:

{ "error": "invalid_request" }

My code is below:

<?php 

session_start();

$code = $_GET['code'];
$state = $_GET['state'];

if ((!is_numeric($state)) || ($state != $_SESSION['state'])) {
    throw new Exception('Error validating state.');
}

$accessTokenExchangeUrl = 'https://accounts.google.com/o/oauth2/token';
$redirectUriPath = '/authentication.php';

$accessTokenExchangeParams = array(
    'code' => $code,
    'client_id' => 'xxxxx',
    'client_secret' => 'xxxxx',
    'redirect_uri' => (isset($_SERVER['HTTPS'])?'https://':'http://') . $_SERVER['HTTP_HOST'] . $redirectUriPath,
    'grant_type' => 'authorization_code'
    );


$goToUrl = $accessTokenExchangeUrl . '?' . http_build_query($accessTokenExchangeParams);

?> 

<!DOCTYPE HTML>
<html>
<head>
    <title></title>
</head>

<body>

    <form action=<?php echo $goToUrl; ?> method="post">
        <input type="submit" value="Click Me!">
    </form>

</body>

</html>

Thanks in advance!

有帮助吗?

解决方案

Have you tried putting the code, client_id, etc. variables as input parameters (in the POST request body), instead of in the query string? Google examples demonstrate it that way.

There are security reasons why they shouldn't be in the query string if you're following the OAuth 2 spec.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top