Solved

Google oauth2 fails at  $client->authenticate($_GET['code']);

Posted on 2014-01-01
3
1,290 Views
Last Modified: 2014-01-08
So, you may have already figured this, but Google returns the correct URI with the "code" parameter in the GET.

The entire process stalls at that point and never does the redirect (even without my "echo").

I am assuming that it stops because I get a blank page and there's not a single character when I veiw HTML source in the browser.

---

Edited to move the code into the code snippet feature. ~Ray
<?php
      error_reporting(E_ALL);
      ini_set('display_errors', '1');
      if (!session_id() || session_id() == '' || session_id() == ' ') {
            session_start();
      }

      $_SESSION['GOOGLE_CLIENT_ID'] = '30322________________leusercontent.com';
      $_SESSION['GOOGLE_CLIENT_SECRET'] = 'Az________________________________9xA';
      $_SESSION['GOOGLE_REDIRECT_URI'] = 'http://tx-asm.us/resources/lib/google-api-php-client/examples/plus';
      $_SESSION['GOOGLE_DEVELOPER_KEY'] = 'AI_______________________________Bg';
      
require_once '../../src/Google_Client.php';
require_once '../../src/contrib/Google_PlusService.php';


$client = new Google_Client();
$client->setApplicationName("Google+ PHP Starter Application");
      
      $client->setClientId($_SESSION['GOOGLE_CLIENT_ID']);
      $client->setClientSecret($_SESSION['GOOGLE_CLIENT_SECRET']);
      $client->setRedirectUri('http://tx-asm.us/resources/lib/google-api-php-client/examples/plus/index.php');
      $client->setDeveloperKey($_SESSION['GOOGLE_DEVELOPER_KEY']);
$plus = new Google_PlusService($client);

if (isset($_REQUEST['logout'])) {
  unset($_SESSION['access_token']);
}
// here's where things go south...

if (isset($_GET['code'])) {
  $client->authenticate($_GET['code']);

// THE GET VALUE DOES COME ACROSS IN THE URL

  $_SESSION['access_token'] = $client->getAccessToken();

// I ADDED THIS LINE TO DEBUG, KNOWING THAT IF IT WOULD SUCCEED THE REDIRECT WOULD FAIL BECAUSE OF A STARTED HEADER

// BUT, NOTHING ECHOS TO THE SCREEN AT ALL

  echo "sess access token " . $_SESSION['access_token'];
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}

if (isset($_SESSION['access_token'])) {
  $client->setAccessToken($_SESSION['access_token']);
}

if ($client->getAccessToken()) {
  $me = $plus->people->get('me');

  // These fields are currently filtered through the PHP sanitize filters.
  // See http://www.php.net/manual/en/filter.filters.sanitize.php
  $url = filter_var($me['url'], FILTER_VALIDATE_URL);
  $img = filter_var($me['image']['url'], FILTER_VALIDATE_URL);
  $name = filter_var($me['displayName'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
  $personMarkup = "<a rel='me' href='$url'>$name</a><div><img src='$img'></div>";

  $optParams = array('maxResults' => 100);
  $activities = $plus->activities->listActivities('me', 'public', $optParams);
  $activityMarkup = '';
  foreach($activities['items'] as $activity) {
    // These fields are currently filtered through the PHP sanitize filters.
    // See http://www.php.net/manual/en/filter.filters.sanitize.php
    $url = filter_var($activity['url'], FILTER_VALIDATE_URL);
    $title = filter_var($activity['title'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
    $content = filter_var($activity['object']['content'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
    $activityMarkup .= "<div class='activity'><a href='$url'>$title</a><div>$content</div></div>";
  }

  // The access token may have been updated lazily.
  $_SESSION['access_token'] = $client->getAccessToken();
} else {
  $authUrl = $client->createAuthUrl();
}
?>
<!doctype html>
<html>
<head>
  <meta charset="utf-8">
  <link rel='stylesheet' href='style.css' />
</head>
<body>
<header><h1>Google+ Sample App</h1></header>
<div class="box">

<?php if(isset($personMarkup)): ?>
<div class="me"><?php print $personMarkup ?></div>
<?php endif ?>

<?php if(isset($activityMarkup)): ?>
<div class="activities">Your Activities: <?php print $activityMarkup ?></div>
<?php endif ?>

<?php
  if(isset($authUrl)) {
    print "<a class='login' href='$authUrl'>Connect Me!</a>";
  } else {
   print "<a class='logout' href='?logout'>Logout</a>";
  }
?>
</div>
</body>
</html>

Open in new window

0
Comment
Question by:Dallas Smetter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 

Author Comment

by:Dallas Smetter
ID: 39750110
So, you may have already figured this, but Google returns the correct URI with the "code" parameter in the GET.

The entire process stalls at that point and never does the redirect (even without my "echo").

I am assuming that it stops because I get a blank page and there's not a single character when I veiw HTML source in the browser.
0
 

Author Comment

by:Dallas Smetter
ID: 39750119
The function its calling, where the failure seems to be is

  public function getAccessToken() {
    $token = self::$auth->getAccessToken();
    return (null == $token || 'null' == $token) ? null : $token;
  }

Open in new window


So, maybe it is returning a null value? If so, would there be a problem with on of my keys/id ?
0
 

Accepted Solution

by:
Dallas Smetter earned 0 total points
ID: 39765285
I fixed this myself.

I foolishly had a session_destroy() written right after I had made the session_start().

I have no idea what possessed me to do it, but at least it's all working now.

This question can be closed. No comments and therefore no points to award.

Thank you
Dallas Ray
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question