I am trying to setup authentication with google plus using their tutorial. I followed the directions verbatim, changing the client id
and the client secret
in signin.php
. For the record, the google plus API is enabled in the google developer console. I update file permissions as instructed as well (chmod +x signin.php
and chmod -R 555 vendor/
). However, upon loading my authentication URL (which happens to be at the auth_test/
sub directory of my domain, and clicking the sign in button, the console throws a 401 (unauthorized)
for the get
request sent /activites.
I have researched the problem and see that this can be caused by an invalid token, but I dont see how that can be because everything has been setup in singin.php.
Much help would be appreciated...
You need to reset the state of your app if disconnected to refresh the $tocken
.
Google API office Docs on Handling API Errors
401: Invalid Credentials
Invalid authorization header. The access token you're using is either expired or invalid.
{ "error": {
> "errors": [
> {
> "domain": "global",
> "reason": "authError",
> "message": "Invalid Credentials",
> "locationType": "header",
> "location": "Authorization",
> }
> ],
> "code": 401,
> "message": "Invalid Credentials" } }
Suggested action: Refresh the access token using the long-lived refresh token. If this fails, direct the user through the OAuth flow, as described in Authorizing Your App
Also its is clearly commented in singin.php at line no. 98 :
// Normally the state would be a one-time use token, however in our // simple case, we want a user to be able to connect and disconnect // without reloading the page. Thus, for demonstration, we don't // implement this best practice. //$app['session']->set('state', '');
Thus in your case it appears that your app is disconnected and thus causing the $token
to become empty. Hence forcing this code block at line no: 91
if (empty($token)) {
// Ensure that this is no request forgery going on, and that the user
// sending us this connect request is the user that was supposed to.
if ($request->get('state') != ($app['session']->get('state'))) {
return new Response('Invalid state parameter', 401);
}