Annoying invalid credentials with oauth 2.0 google + api
https://stackoverflow.com/questions/7801670
-
22-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to use oauth 2.0 for the google + api on my site, and I keep getting:
{
"error": {
"errors": [{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}],
"code": 401,
"message": "Invalid Credentials"
}
}
The thing is, I don't know why this is happening. I have a valid access token from google, but google tells be it is invalid. I know that the token has not expired because the json data is request from google within 10 seconds of getting the access token. Here is the process that I'm using:
- Get user to authorize the request.
- Gets request code from google.
- Uses
cUrlto request access token with the request code from google. - Puts the access code into a php session.
- redirects back to the main page.
- Main page detects session variable is set and doesn't display login link.
- Php on main page uses
readFileto get the json response from google. - Google returns invalid credentials.
here is a example uri generated by php that is inserted into readFile:
Help please?
Solution
Have you tried one of the Google API clients? There are starter applications you can use to get the ball rolling.
OTHER TIPS
You shouldn't share an unaltered access token - someone can use that to impersonate you (really for whomever it was granted).
It's also better to pass the Auth token as a header, like:
curl -H "Authorization: OAuth ya29.xyzxyz" "https://www.googleapis.com/plus/v1/people/me"
Not sure if that's essential but your error message seems to indicate an auth error in the header so you may be providing an Authorization header which doesn't match the one you need.
Here is a solution using PHP's pecl oauth extension. The will sign the request the way you have defined it. In this case in a config file json object that was imported into the script.
$oauth = new OAuth($this->config->consumer_key, $this->config->consumer_secret, $this->config->signature_method, $this->config->auth_type);
$oauth->setVersion($this->config->version);
$oauth->setToken($accessToken->oauth_token, $accessToken->oauth_token_secret);
$params = array(
'fields' => 'displayName,emails,id,image,name',
'pp' => 1
);
$oauth->fetch('https://www.googleapis.com/plus/v1/people/me', $params, OAUTH_HTTP_METHOD_GET);
// extract response
$json = Zend_Json::decode($oauth->getLastResponse(), Zend_Json::TYPE_OBJECT);
I had this problem before but with twitter.
For OAuth actually we communicate with the twitter twice, first to acquire request token, second to authorize sending the first token that's already signed. Maybe you only overcome the 1st one.
I have been getting the same 401 "Invalid Credentials" error for a few hours. Than I noticed that I stored my access_token in the database in a VARCHAR(50) field. It cut off a portion of the access_token. I increased the column length. FIXED.
Double check the length of the field in the database where you store your access_token and also your refresh_token!
I think the me API is broken. The problem is gone when I try to request a URI with a real user ID. I mean like this: https://www.googleapis.com/plus/v1/people/108189587050871927619?key={your_api_key}
Delete your token.json file, then attempt the request again.
The problem for me was the header "Authorization" on GET/POST request:
Google documentation said: Authorization: /* OAuth 2.0 token here */
But the correct is: Authorization: OAuth /* OAuth 2.0 token here */
Yes! include "OATH " before your token key!
If you are using cURL (PHP), use:
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: OAuth '.$_SESSION['access_token'], 'Content-Type: application/json'));
