Question

I'm currently using OAuth 2.0 to access Google's reader API. I have successfully gotten a "code" and "state" returned in the URL. Right now I'm using a post method to pass in the required parameters in order to receive an access token. I have been fiddling with it for quite a while and all I've got is:

{ "error": "invalid_request" }

My code is below:

<?php 

session_start();

$code = $_GET['code'];
$state = $_GET['state'];

if ((!is_numeric($state)) || ($state != $_SESSION['state'])) {
    throw new Exception('Error validating state.');
}

$accessTokenExchangeUrl = 'https://accounts.google.com/o/oauth2/token';
$redirectUriPath = '/authentication.php';

$accessTokenExchangeParams = array(
    'code' => $code,
    'client_id' => 'xxxxx',
    'client_secret' => 'xxxxx',
    'redirect_uri' => (isset($_SERVER['HTTPS'])?'https://':'http://') . $_SERVER['HTTP_HOST'] . $redirectUriPath,
    'grant_type' => 'authorization_code'
    );


$goToUrl = $accessTokenExchangeUrl . '?' . http_build_query($accessTokenExchangeParams);

?> 

<!DOCTYPE HTML>
<html>
<head>
    <title></title>
</head>

<body>

    <form action=<?php echo $goToUrl; ?> method="post">
        <input type="submit" value="Click Me!">
    </form>

</body>

</html>

Thanks in advance!

Was it helpful?

Solution

Have you tried putting the code, client_id, etc. variables as input parameters (in the POST request body), instead of in the query string? Google examples demonstrate it that way.

There are security reasons why they shouldn't be in the query string if you're following the OAuth 2 spec.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top