Search code examples
podio

How to use new access token on other page using server side authentication - PODIO API

I've already authenticated my App on 1 php page using GET['code'] method and I received the refresh token code and saved it.

Now I want to authenticate on other page on the same domain. So I what I did is I created other php page that check if I'm authenticated or not using is_authenticated() function if not I request a new access token using CURL to API endpoint "https://podio.com/oauth/token". I received the access code and tried to authenticate with it using authenticate_with_authorization_code($code, REDIRECT_URI) but I'm getting error Uncaught PodioInvalidGrantError: "Sorry, your OAuth code is invalid.". Please let me know what step I'm missing.

<?php
require ('podio/podio_lib/PodioAPI.php');
include ('sessionpodio.php');
define("REDIRECT_URI", 'http://domainname.com/pagename.php');

$refreshtoken = "my_refresh_token";
$client_id = "xxxxx";
$client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

$param = "grant_type=refresh_token&client_id={$client_id}&client_secret= 
{$client_secret}&refresh_token={$refreshtoken}";
Podio::setup($client_id, $client_secret, array(
  "session_manager" => "PodioBrowserSession"
));


if (!Podio::is_authenticated()) {

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://podio.com/oauth/token");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $param);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www- 
form-urlencoded'));

// receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec ($ch);
curl_close ($ch);

$decoded_r = json_decode($server_output,true);
$code = $decoded_r["access_token"];


echo "<pre>".print_r($decoded_r, true)."</pre><br/>";
var_dump($code);

if ($code !== "") {
Podio::authenticate_with_authorization_code($code, REDIRECT_URI);   
}   
}

 elseif (Podio::is_authenticated()) {

  // User already has an active session. You can make API calls here:
    print "You were already authenticated and no authentication is needed. 
<br/>";
    var_dump($_SESSION);
}

?>
Solution

  • Solved issue using Podio Session Manager, manual authentication using expired access token and refresh token is not needed as library will handle it automatically, see Podio Session Manager for more information.