I need to connect to a REST API of a customer. The first step is to get an OAuth 2.0 access token. I got the following information from the customer:
- Login (I assume it’s the
client_id) - Password (I assume it’s the
client_secret) - The flow is
password - The regular API URL
- The Token API URL
I found code at http://tutorialspage.com/simple-oauth2-example-using-php-curl/ and changed it, just for testing, to this:
JavaScript
x
private function getToken() { $curl = curl_init(); $params = array( CURLOPT_URL => self::API_TOKEN_URL, CURLOPT_RETURNTRANSFER => true, CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_POST => 1, CURLOPT_NOBODY => false, CURLOPT_HTTPHEADER => array( "cache-control: no-cache", "content-type: application/x-www-form-urlencoded", "accept: *", "accept-encoding: gzip, deflate", ), CURLOPT_POSTFIELDS => array( 'username' => urlencode('example@swagger.foo'), 'password' => urlencode('123 and 4'), 'grant_type' => 'password' ) ); curl_setopt_array($curl, $params); // test //curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); //curl_setopt($curl, CURLOPT_USERPWD, 'example@swagger.foo'.':'.'123 and 4'); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #01: " . $err; } else { $response = json_decode($response, true); if(array_key_exists("access_token", $response)) return $response; if(array_key_exists("error", $response)) echo $response["error_description"]; echo "cURL Error #02: Something went wrong! Please contact admin."; }}I would expect to get a JSON response containing valid OAuth 2.0 access_token, but instead I get an error:
JavaScript
{"error":"unsupported_grant_type"}How to change the code to make it work?
Edit: It works over the shell-curl on my mac:
JavaScript
curl -i -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=password&username=example@swagger.foo&password=123 and 4' https://the-token-api-url.fooVerbose Informations Curl (MacShell):
JavaScript
* Trying <IP HOST>* TCP_NODELAY set* Connected to <DNS HOST> (<IP HOST>) port 443 (#0)* ALPN, offering http/1.1* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH* successfully set certificate verify locations:* CAfile: /opt/local/share/curl/curl-ca-bundle.crt CApath: none* TLSv1.2 (OUT), TLS header, Certificate Status (22):* TLSv1.2 (OUT), TLS handshake, Client hello (1):* TLSv1.2 (IN), TLS handshake, Server hello (2):* TLSv1.2 (IN), TLS handshake, Certificate (11):* TLSv1.2 (IN), TLS handshake, Server key exchange (12):* TLSv1.2 (IN), TLS handshake, Server finished (14):* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):* TLSv1.2 (OUT), TLS change cipher, Client hello (1):* TLSv1.2 (OUT), TLS handshake, Finished (20):* TLSv1.2 (IN), TLS change cipher, Client hello (1):* TLSv1.2 (IN), TLS handshake, Finished (20):* SSL connection using TLSv1.2 / <something>* ALPN, server did not agree to a protocol* Server certificate:* subject: CN=<CN>* start date: <date>* expire date: <date>* subjectAltName: host "<DNS HOST>" matched cert's "<DNS HOST>"* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3* SSL certificate verify ok.> POST /<URI PART>/token HTTP/1.1> Host: <DNS HOST>> User-Agent: curl/7.58.0> Accept: */*> Content-Type: application/x-www-form-urlencoded> Content-Length: 73> * upload completely sent off: 73 out of 73 bytes< HTTP/1.1 200 OKHTTP/1.1 200 OK< Cache-Control: no-cacheCache-Control: no-cache< Pragma: no-cachePragma: no-cache< Content-Type: application/json;charset=UTF-8Content-Type: application/json;charset=UTF-8< Expires: -1Expires: -1< Server: Microsoft-IIS/8.5Server: Microsoft-IIS/8.5< X-Powered-By: ASP.NETX-Powered-By: ASP.NET< Date: Tue, 05 Feb 2019 17:26:21 GMTDate: Tue, 05 Feb 2019 17:26:21 GMT< Content-Length: 671Content-Length: 671Verbose Informstions cURL PHP:
JavaScript
* Hostname in DNS cache was stale, zapped* Trying <IP>* TCP_NODELAY set* Connected to <DNS> (<IP>) port 443 (#0)* ALPN, offering http/1.1* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH* successfully set certificate verify locations:* CAfile: /opt/local/share/curl/curl-ca-bundle.crt CApath: none* SSL connection using TLSv1.2 / <something>* ALPN, server did not agree to a protocol* Server certificate:* subject: CN=<DNS>* start date: <date>* expire date: <date>* subjectAltName: host "<dns>" matched cert's "<dns>"* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3* SSL certificate verify ok.> POST /<uri part>/token HTTP/1.1Host: <dns>cache-control: no-cacheaccept: *accept-encoding: gzip, deflateContent-Length: 384Content-Type: application/x-www-form-urlencoded; boundary=------------------------<a hash>< HTTP/1.1 400 Bad Request< Cache-Control: no-cache< Pragma: no-cache< Content-Type: application/json;charset=UTF-8< Expires: -1< Server: Microsoft-IIS/8.5< X-Powered-By: ASP.NET< Date: Tue, 05 Feb 2019 17:25:39 GMT< Content-Length: 34* HTTP error before end of send, stop sending< * Closing connection 0I didn’t find the problem.
Advertisement
Answer
OK, thanks to Helen it works now.
JavaScript
private function getToken(){ $curl = curl_init(); $params = [ CURLOPT_URL => self::API_TOKEN_URL, CURLOPT_RETURNTRANSFER => true, CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_POST => 1, CURLOPT_NOBODY => false, CURLOPT_HTTPHEADER => array( "cache-control: no-cache", "content-type: application/x-www-form-urlencoded", "accept: */*", "accept-encoding: gzip, deflate", ), CURLOPT_POSTFIELDS => "grant_type=password&username=username@example.foo&password=123and4" ]; curl_setopt_array($curl, $params); $response = curl_exec($curl); curl_close($curl);}The Problem was solved as I entered the Post Data as String:
CURLOPT_POSTFIELDS => "grant_type=password&username=username@example.foo&password=123and4"
Instead of a array:
JavaScript
CURLOPT_POSTFIELDS => array( 'username' => urlencode('username@example.foo'), 'password' => urlencode('123and4'), 'grant_type' => 'password' )Thanks <3!