When the user gets to my page (similar to the Google Plus API PHP starter), my app needs the authorization to access the user's profile. The callback URI I set is the page itself. Initially, everything worked perfectly: the user comes back to my page with successful authorization ($authUrl is not set, while $me and $activities are set).
However, now I need to pass a parameter called 'id' from before the authorization to after and this seems to MESS EVERYTHING UP :-(
If there is a session variable or a cookie when the authorization request is sent, the user comes back to my page without the authorization ($authUrl is set, while $me and $activities are NULL).
Even more weird: after using
setcookie('storedid', $_GET['id'], time()+3600, '/', '.mydomain.com');
the user comes back WITHOUT authorization), while with:
setcookie('storedid', $_GET['id'], $expire, '/anysubfolder/', '.mydomain.com');
it works perfectly! Also, at some point I made a typo and $_GET['id'] was NULL and, even if the cookie was in the '/' path, the authorization was successful!
Is there a way I can pass a parameter from before to after the authorization?
I'm starting to think about crazy stuff (writing the 'id' to a SQL table, together with the user's IP address and retrieving it with a query after the authorization) but it is not robust and frankly it would suck!
You can send a state parameter with the user when they got to authorize access as described in the OAuth 2 spec and it will be returned with the user.
For example https://accounts.google.com/o/oauth2/auth?state=xyz123&scrope=https://www.googleapis.com/auth/plus.me...