I'm using the oauth2-php library hosted on Google code. I'm confused on the example code and specifically how to go from the addClient.php page to the authorize.php page.
Currently, I enter some credentials in the <form> on the addClient.php page, which are correctly INSERTed into to my database. Unfortunately, when I point the browser to the authorize.php page I get the following error:
{"error":"invalid_client"}
Might someone help me understand why authorize.php isn't pulling my client data from my database?
In order to access a protected resource with a given example code:
1) Create a client (provide client id, client secret, redirect uri):
/addclient.php
2) Fetch auth code from authorization server:
/authorize.php?client_id=foo&response_type=code
It will redirect you to the redirect uri specified in step 1 adding code as a GET parameter.
3) Do a POST request to get access token:
/token.php
with post params:
grant_type=code&client_id=foo&code=[AUTH_CODE_FROM_STEP_2]&client_secret=[SECRET]&redirect_uri=[REDIRECT_URI_FROM_STEP_1]
It will give you JSON with access_token in it.
4) Fetch protected resource (oauth_token can be passed both as GET or POST param)
/protected_resource.php?oauth_token=[ACCESS_TOKEN_FROM_STEP_3]
Also I don't know if you're dealing with some legacy code, but this lib is outdated as it is based on 09 (draft) version of oauth 2. There are implementations referenced on the official page http://oauth.net/2/ which are up to date. You may want to take a look at them.