Solved

Google oauth2 fails at  $client->authenticate($_GET['code']);

Posted on 2014-01-01
3
1,151 Views
Last Modified: 2014-01-08
So, you may have already figured this, but Google returns the correct URI with the "code" parameter in the GET.

The entire process stalls at that point and never does the redirect (even without my "echo").

I am assuming that it stops because I get a blank page and there's not a single character when I veiw HTML source in the browser.

---

Edited to move the code into the code snippet feature. ~Ray
<?php
      error_reporting(E_ALL);
      ini_set('display_errors', '1');
      if (!session_id() || session_id() == '' || session_id() == ' ') {
            session_start();
      }

      $_SESSION['GOOGLE_CLIENT_ID'] = '30322________________leusercontent.com';
      $_SESSION['GOOGLE_CLIENT_SECRET'] = 'Az________________________________9xA';
      $_SESSION['GOOGLE_REDIRECT_URI'] = 'http://tx-asm.us/resources/lib/google-api-php-client/examples/plus';
      $_SESSION['GOOGLE_DEVELOPER_KEY'] = 'AI_______________________________Bg';
      
require_once '../../src/Google_Client.php';
require_once '../../src/contrib/Google_PlusService.php';


$client = new Google_Client();
$client->setApplicationName("Google+ PHP Starter Application");
      
      $client->setClientId($_SESSION['GOOGLE_CLIENT_ID']);
      $client->setClientSecret($_SESSION['GOOGLE_CLIENT_SECRET']);
      $client->setRedirectUri('http://tx-asm.us/resources/lib/google-api-php-client/examples/plus/index.php');
      $client->setDeveloperKey($_SESSION['GOOGLE_DEVELOPER_KEY']);
$plus = new Google_PlusService($client);

if (isset($_REQUEST['logout'])) {
  unset($_SESSION['access_token']);
}
// here's where things go south...

if (isset($_GET['code'])) {
  $client->authenticate($_GET['code']);

// THE GET VALUE DOES COME ACROSS IN THE URL

  $_SESSION['access_token'] = $client->getAccessToken();

// I ADDED THIS LINE TO DEBUG, KNOWING THAT IF IT WOULD SUCCEED THE REDIRECT WOULD FAIL BECAUSE OF A STARTED HEADER

// BUT, NOTHING ECHOS TO THE SCREEN AT ALL

  echo "sess access token " . $_SESSION['access_token'];
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}

if (isset($_SESSION['access_token'])) {
  $client->setAccessToken($_SESSION['access_token']);
}

if ($client->getAccessToken()) {
  $me = $plus->people->get('me');

  // These fields are currently filtered through the PHP sanitize filters.
  // See http://www.php.net/manual/en/filter.filters.sanitize.php
  $url = filter_var($me['url'], FILTER_VALIDATE_URL);
  $img = filter_var($me['image']['url'], FILTER_VALIDATE_URL);
  $name = filter_var($me['displayName'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
  $personMarkup = "<a rel='me' href='$url'>$name</a><div><img src='$img'></div>";

  $optParams = array('maxResults' => 100);
  $activities = $plus->activities->listActivities('me', 'public', $optParams);
  $activityMarkup = '';
  foreach($activities['items'] as $activity) {
    // These fields are currently filtered through the PHP sanitize filters.
    // See http://www.php.net/manual/en/filter.filters.sanitize.php
    $url = filter_var($activity['url'], FILTER_VALIDATE_URL);
    $title = filter_var($activity['title'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
    $content = filter_var($activity['object']['content'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
    $activityMarkup .= "<div class='activity'><a href='$url'>$title</a><div>$content</div></div>";
  }

  // The access token may have been updated lazily.
  $_SESSION['access_token'] = $client->getAccessToken();
} else {
  $authUrl = $client->createAuthUrl();
}
?>
<!doctype html>
<html>
<head>
  <meta charset="utf-8">
  <link rel='stylesheet' href='style.css' />
</head>
<body>
<header><h1>Google+ Sample App</h1></header>
<div class="box">

<?php if(isset($personMarkup)): ?>
<div class="me"><?php print $personMarkup ?></div>
<?php endif ?>

<?php if(isset($activityMarkup)): ?>
<div class="activities">Your Activities: <?php print $activityMarkup ?></div>
<?php endif ?>

<?php
  if(isset($authUrl)) {
    print "<a class='login' href='$authUrl'>Connect Me!</a>";
  } else {
   print "<a class='logout' href='?logout'>Logout</a>";
  }
?>
</div>
</body>
</html>

Open in new window

0
Comment
Question by:Dallas Smetter
  • 3
3 Comments
 

Author Comment

by:Dallas Smetter
ID: 39750110
So, you may have already figured this, but Google returns the correct URI with the "code" parameter in the GET.

The entire process stalls at that point and never does the redirect (even without my "echo").

I am assuming that it stops because I get a blank page and there's not a single character when I veiw HTML source in the browser.
0
 

Author Comment

by:Dallas Smetter
ID: 39750119
The function its calling, where the failure seems to be is

  public function getAccessToken() {
    $token = self::$auth->getAccessToken();
    return (null == $token || 'null' == $token) ? null : $token;
  }

Open in new window


So, maybe it is returning a null value? If so, would there be a problem with on of my keys/id ?
0
 

Accepted Solution

by:
Dallas Smetter earned 0 total points
ID: 39765285
I fixed this myself.

I foolishly had a session_destroy() written right after I had made the session_start().

I have no idea what possessed me to do it, but at least it's all working now.

This question can be closed. No comments and therefore no points to award.

Thank you
Dallas Ray
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Get to know the ins and outs of building a web-based ERP system for your enterprise. Development timeline, technology, and costs outlined.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now