Annoying invalid credentials with oauth 2.0 google + api

Question

I'm trying to use oauth 2.0 for the google + api on my site, and I keep getting:

{
    "error": {
        "errors": [{
            "domain": "global",
            "reason": "authError",
            "message": "Invalid Credentials",
            "locationType": "header",
            "location": "Authorization"
        }],
        "code": 401,
        "message": "Invalid Credentials"
    }
}

The thing is, I don't know why this is happening. I have a valid access token from google, but google tells be it is invalid. I know that the token has not expired because the json data is request from google within 10 seconds of getting the access token. Here is the process that I'm using:

1. Get user to authorize the request.
2. Gets request code from google.
3. Uses cUrl to request access token with the request code from google.
4. Puts the access code into a php session.
5. redirects back to the main page.
6. Main page detects session variable is set and doesn't display login link.
7. Php on main page uses readFile to get the json response from google.
8. Google returns invalid credentials.

here is a example uri generated by php that is inserted into readFile:

https://www.googleapis.com/plus/v1/people/me?prettyprint=true&access_token=ya29.AHES6ZQRGovDa5FHsojU3qCM1DEnYmJPywz1muUE4CWGH5n70OcAkw

Help please?

Answer 1

You shouldn't share an unaltered access token - someone can use that to impersonate you (really for whomever it was granted).

It's also better to pass the Auth token as a header, like:

curl -H "Authorization: OAuth ya29.xyzxyz" "https://www.googleapis.com/plus/v1/people/me"

Not sure if that's essential but your error message seems to indicate an auth error in the header so you may be providing an Authorization header which doesn't match the one you need.

Answer 2

Here is a solution using PHP's pecl oauth extension. The will sign the request the way you have defined it. In this case in a config file json object that was imported into the script.

        $oauth = new OAuth($this->config->consumer_key, $this->config->consumer_secret, $this->config->signature_method, $this->config->auth_type);
        $oauth->setVersion($this->config->version);
        $oauth->setToken($accessToken->oauth_token, $accessToken->oauth_token_secret);

        $params = array(
            'fields' => 'displayName,emails,id,image,name',
            'pp' => 1
        );

        $oauth->fetch('https://www.googleapis.com/plus/v1/people/me', $params, OAUTH_HTTP_METHOD_GET);

        // extract response
        $json = Zend_Json::decode($oauth->getLastResponse(), Zend_Json::TYPE_OBJECT);