Solved

Google oauth2 fails at  $client->authenticate($_GET['code']);

Posted on 2014-01-01
3
1,204 Views
Last Modified: 2014-01-08
So, you may have already figured this, but Google returns the correct URI with the "code" parameter in the GET.

The entire process stalls at that point and never does the redirect (even without my "echo").

I am assuming that it stops because I get a blank page and there's not a single character when I veiw HTML source in the browser.

---

Edited to move the code into the code snippet feature. ~Ray
<?php
      error_reporting(E_ALL);
      ini_set('display_errors', '1');
      if (!session_id() || session_id() == '' || session_id() == ' ') {
            session_start();
      }

      $_SESSION['GOOGLE_CLIENT_ID'] = '30322________________leusercontent.com';
      $_SESSION['GOOGLE_CLIENT_SECRET'] = 'Az________________________________9xA';
      $_SESSION['GOOGLE_REDIRECT_URI'] = 'http://tx-asm.us/resources/lib/google-api-php-client/examples/plus';
      $_SESSION['GOOGLE_DEVELOPER_KEY'] = 'AI_______________________________Bg';
      
require_once '../../src/Google_Client.php';
require_once '../../src/contrib/Google_PlusService.php';


$client = new Google_Client();
$client->setApplicationName("Google+ PHP Starter Application");
      
      $client->setClientId($_SESSION['GOOGLE_CLIENT_ID']);
      $client->setClientSecret($_SESSION['GOOGLE_CLIENT_SECRET']);
      $client->setRedirectUri('http://tx-asm.us/resources/lib/google-api-php-client/examples/plus/index.php');
      $client->setDeveloperKey($_SESSION['GOOGLE_DEVELOPER_KEY']);
$plus = new Google_PlusService($client);

if (isset($_REQUEST['logout'])) {
  unset($_SESSION['access_token']);
}
// here's where things go south...

if (isset($_GET['code'])) {
  $client->authenticate($_GET['code']);

// THE GET VALUE DOES COME ACROSS IN THE URL

  $_SESSION['access_token'] = $client->getAccessToken();

// I ADDED THIS LINE TO DEBUG, KNOWING THAT IF IT WOULD SUCCEED THE REDIRECT WOULD FAIL BECAUSE OF A STARTED HEADER

// BUT, NOTHING ECHOS TO THE SCREEN AT ALL

  echo "sess access token " . $_SESSION['access_token'];
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}

if (isset($_SESSION['access_token'])) {
  $client->setAccessToken($_SESSION['access_token']);
}

if ($client->getAccessToken()) {
  $me = $plus->people->get('me');

  // These fields are currently filtered through the PHP sanitize filters.
  // See http://www.php.net/manual/en/filter.filters.sanitize.php
  $url = filter_var($me['url'], FILTER_VALIDATE_URL);
  $img = filter_var($me['image']['url'], FILTER_VALIDATE_URL);
  $name = filter_var($me['displayName'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
  $personMarkup = "<a rel='me' href='$url'>$name</a><div><img src='$img'></div>";

  $optParams = array('maxResults' => 100);
  $activities = $plus->activities->listActivities('me', 'public', $optParams);
  $activityMarkup = '';
  foreach($activities['items'] as $activity) {
    // These fields are currently filtered through the PHP sanitize filters.
    // See http://www.php.net/manual/en/filter.filters.sanitize.php
    $url = filter_var($activity['url'], FILTER_VALIDATE_URL);
    $title = filter_var($activity['title'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
    $content = filter_var($activity['object']['content'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
    $activityMarkup .= "<div class='activity'><a href='$url'>$title</a><div>$content</div></div>";
  }

  // The access token may have been updated lazily.
  $_SESSION['access_token'] = $client->getAccessToken();
} else {
  $authUrl = $client->createAuthUrl();
}
?>
<!doctype html>
<html>
<head>
  <meta charset="utf-8">
  <link rel='stylesheet' href='style.css' />
</head>
<body>
<header><h1>Google+ Sample App</h1></header>
<div class="box">

<?php if(isset($personMarkup)): ?>
<div class="me"><?php print $personMarkup ?></div>
<?php endif ?>

<?php if(isset($activityMarkup)): ?>
<div class="activities">Your Activities: <?php print $activityMarkup ?></div>
<?php endif ?>

<?php
  if(isset($authUrl)) {
    print "<a class='login' href='$authUrl'>Connect Me!</a>";
  } else {
   print "<a class='logout' href='?logout'>Logout</a>";
  }
?>
</div>
</body>
</html>

Open in new window

0
Comment
Question by:Dallas Smetter
  • 3
3 Comments
 

Author Comment

by:Dallas Smetter
ID: 39750110
So, you may have already figured this, but Google returns the correct URI with the "code" parameter in the GET.

The entire process stalls at that point and never does the redirect (even without my "echo").

I am assuming that it stops because I get a blank page and there's not a single character when I veiw HTML source in the browser.
0
 

Author Comment

by:Dallas Smetter
ID: 39750119
The function its calling, where the failure seems to be is

  public function getAccessToken() {
    $token = self::$auth->getAccessToken();
    return (null == $token || 'null' == $token) ? null : $token;
  }

Open in new window


So, maybe it is returning a null value? If so, would there be a problem with on of my keys/id ?
0
 

Accepted Solution

by:
Dallas Smetter earned 0 total points
ID: 39765285
I fixed this myself.

I foolishly had a session_destroy() written right after I had made the session_start().

I have no idea what possessed me to do it, but at least it's all working now.

This question can be closed. No comments and therefore no points to award.

Thank you
Dallas Ray
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This video teaches users how to migrate an existing Wordpress website to a new domain.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now