Search code examples
phpapioauth-2.0google-reader

Google API OAuth 2.0


I'm currently using OAuth 2.0 to access Google's reader API. I have successfully gotten a "code" and "state" returned in the URL. Right now I'm using a post method to pass in the required parameters in order to receive an access token. I have been fiddling with it for quite a while and all I've got is:

{ "error": "invalid_request" }

My code is below:

<?php 

session_start();

$code = $_GET['code'];
$state = $_GET['state'];

if ((!is_numeric($state)) || ($state != $_SESSION['state'])) {
    throw new Exception('Error validating state.');
}

$accessTokenExchangeUrl = 'https://accounts.google.com/o/oauth2/token';
$redirectUriPath = '/authentication.php';

$accessTokenExchangeParams = array(
    'code' => $code,
    'client_id' => 'xxxxx',
    'client_secret' => 'xxxxx',
    'redirect_uri' => (isset($_SERVER['HTTPS'])?'https://':'http://') . $_SERVER['HTTP_HOST'] . $redirectUriPath,
    'grant_type' => 'authorization_code'
    );


$goToUrl = $accessTokenExchangeUrl . '?' . http_build_query($accessTokenExchangeParams);

?> 

<!DOCTYPE HTML>
<html>
<head>
    <title></title>
</head>

<body>

    <form action=<?php echo $goToUrl; ?> method="post">
        <input type="submit" value="Click Me!">
    </form>

</body>

</html>

Thanks in advance!


Solution

  • Have you tried putting the code, client_id, etc. variables as input parameters (in the POST request body), instead of in the query string? Google examples demonstrate it that way.

    There are security reasons why they shouldn't be in the query string if you're following the OAuth 2 spec.